Redefining CyberSecurity

Guest: Dr. Christina Liaghati, AI Strategy Execution & Operations Manager for MITRE’s AI and Autonomy Innovation Center [@MITREcorp]On LinkedIn | https://www.linkedin.com/in/christina-liaghati/On Twitter | https://twitter.com/CLiaghatiAt RSAC | https://www.rsaconference.com/experts/dr%20christina%20liaghati____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this Chats on the Road to RSA Conference podcast episode, listeners are treated to an insightful discussion between Dr. Christina Liaghati, Sean Martin, and Marco Ciappelli about the evolving landscape of AI security, its impact on various sectors, and the proactive steps being taken to address emerging threats. Dr. Liaghati shares her unique experiences working with government sponsors and her involvement in the development of MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems), a knowledge base of adversary tactics, techniques, and case studies for machine learning (ML) systems based on real-world observations, demonstrations from ML red teams and security groups, and the state of the possible from academic research. ATLAS is modeled after the MITRE ATT&CK framework and its tactics and techniques are complementary to those in ATT&CK.The conversation highlights how the rapid adoption of AI systems, combined with the lack of understanding of the risks involved, has led to new vulnerabilities and threats that need to be addressed. Listeners are also offered a glimpse into the challenges presented by the integration of AI into various systems, the need for collaboration between the AI and cybersecurity sectors, and the importance of understanding the new threat landscape created by AI adoption. Dr. Liaghati shares real-life examples of attacks on AI systems, emphasizing the need for constant vigilance and collaboration between industry, government, and academia to tackle these challenges.The conversation also digs deeper into the potential consequences of AI deployment in high-stakes environments, such as finance and healthcare, and the importance of allocating resources to red teaming to identify vulnerabilities and secure these critical systems. By examining the current state of AI security and discussing the steps being taken to ensure its future, this episode provides an engaging and informative look at the complex interplay between AI, cybersecurity, and the systems we rely on every day.____________________________ResourcesSession | Hardening AI/ML Systems - The Next Frontier of Cybersecurity: https://www.rsaconference.com/USA/agenda/session/Hardening%20AIML%20Systems%20-%20The%20Next%20Frontier%20of%20CybersecurityLearn more about MITRE Atlas: https://atlas.mitre.org/MITRE Atlas on Slack (invitation): https://join.slack.com/t/mitreatlas/shared_invite/zt-10i6ka9xw-~dc70mXWrlbN9dfFNKyyzQLearn more about MITRE ATT&CK framework: https://attack.mitre.org/Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Rohit Ghai, Chief Executive Officer of RSA Security [@RSAsecurity]On LinkedIn | https://www.linkedin.com/in/rohitghai/On Twitter | https://twitter.com/rohit_ghaiAt RSAC | https://www.rsaconference.com/experts/rohit-ghai____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this Chats on the Road to RSA Conference 2023 podcast episode, Rohit Ghai, Chief Executive Officer of RSA Security, discusses the thought process that went into his declaring the looming identity crisis in the cybersecurity industry as the topic for his keynote session. Ghai examines the prominence of identity in cybersecurity and the impact of AI on human roles in the field. Sean Martin and Marco Ciappelli appeal to Ghai to explore the complexities of managing human and machine identities, the evolution of identity professionals' roles, and the significance of aligning AI with human values and business outcomes.As AI becomes more pervasive and powerful, the conversation highlights the challenges of aligning AI with human values while grappling with the complexities of managing identities in an increasingly automated world. The conversation also focuses on the transformation of identity professionals' roles, emphasizing the need for a shift from hands-on tasks to a supervisory role where they can focus on high-value problems and decision-making.____________________________ResourcesKeynote Session | The Looming Identity Crisis: https://www.rsaconference.com/usa/agenda/session/Forging-a-New-AlloyLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Justin Elze, CTO at TrustedSec [@TrustedSec]On LinkedIn | https://www.linkedin.com/in/justinelze/On Twitter | https://twitter.com/HackingLZMick Douglas, Founder and Managing Partner at InfoSec Innovations [@ISInnovations]On LinkedIn | https://linkedin.com/in/mick-douglasOn Twitter | https://twitter.com/bettersafetynet____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesIn this new Redefining Cybersecurity Podcast episode, Justin Elze, Mick Douglas, and Sean Martin delve into the importance of understanding networking concepts in the realm of cybersecurity. They discuss the misconceptions surrounding networking knowledge and how it often becomes cumbersome for people to learn. They highlight the underappreciated areas of networking that are frequently encountered in enterprise environments, such as DNS issues, virtual machines, VLANs, and more. The conversation also touches on the OSI model and the need for a structured approach to learning and adapting to various enterprise environments.The episode highlights how the shift to cloud-based solutions and remote work has made certain aspects of networking easier while also changing the landscape of network security. The discussion examines the importance of understanding and implementing effective security controls based on the organization's needs and threat surface rather than relying on outdated or ritualistic practices. The trio further explores the concept of abstraction versus understanding the intricate details of IT security policy and controls.Justin and Mick also talk about the need for a standard body of knowledge for cybersecurity professionals when it comes to networking concepts. They emphasize that while it's not necessary to be a networking expert, a deeper understanding of core concepts can significantly improve the effectiveness of network defense. By fostering a better understanding of networking within the information security community, professionals can better identify and address potential vulnerabilities and misconfigurations within their environments.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3ITSPmagazine YouTube Channel📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources ____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Their Story podcast episode, Clément Jeanjean, Senior Director at SandboxAQ, joins Sean Martin and Marco Ciappelli to discuss the company's unique mission to combine quantum physics and artificial intelligence to address some of the world’s most difficult problems in three main industries: simulation, cybersecurity, and quantum sensing. Jeanjean delves into how SandboxAQ can significantly reduce the time it takes to develop new drugs, improve cybersecurity with quantum-resistant cryptography management, and create innovative sensing capabilities in healthcare and terrestrial navigation.The conversation also covers the timeline and risks associated with the arrival of quantum computers, particularly regarding the current and future states of cryptography. Jeanjean emphasizes the growing consensus that fault-tolerant quantum computers may be available within 8 to 12 years, highlighting the challenges that major organizations face in migrating to post-quantum cryptography, which can take up to 10 years for mature organizations – possibly longer for less mature organizations.Jeanjean also describes the various industries that have started moving towards quantum-resistant cryptography, such as financial services, healthcare, telecommunications, and the public sector. He explains the need for companies to gain visibility and control over their cryptographic assets and how SandboxAQ is helping them build an inventory and prepare for the migration to post-quantum cryptography.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Clément Jeanjean, Senior Director, SandboxAQ [@SandboxAQ]On Linkedin | https://www.linkedin.com/in/clementjeanjean/On Twitter | https://twitter.com/clemjohnjohnResourcesLearn more about SandboxAQ and their offering: https://itspm.ag/sandboxaq-j2enTry SandboxAQ Security Suite: https://itspm.ag/sandbob3gyRead the Security Suite Press Release: https://itspm.ag/sandboxb3e744For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Their Story podcast episode, Sean Martin and Marco Ciappelli are joined by Dimitri Vlachos, CMO at Brinqa, a company focused on vulnerability risk management. Dimitri discusses how the Brinqa platform helps businesses consolidate their findings and vulnerabilities from various tools, manage the remediation process, and communicate risk to business owners. The platform aims to mature cybersecurity programs by breaking down siloed views and enabling security leaders to discuss vulnerabilities in the context of business impact.The conversation highlights the importance of translating cybersecurity issues into business terms and emphasizes the need for consolidation and effective communication between different teams and tools. Dimitri shares how Brinqa is addressing this challenge by helping organizations tie their various cybersecurity tools together and better align their cybersecurity strategies with business objectives.During the RSA Conference, Dimitri expects to see growing interest in consolidating and managing security tools more effectively. He also anticipates an increasing number of professionals looking to change traditional vulnerability management approaches and better address the risks associated with different tools. If you are intrigued by the conversation, you can find Brinqa in the North Hall during the conference or book a meeting with the team to learn more.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Dimitri Vlachos, CMO at Brinqa [@brinqa]On Linkedin | https://www.linkedin.com/in/dvlachos/On Twitter | https://twitter.com/DimitriVlachosResourcesLearn more about Brinqa and their offering: https://itspm.ag/brinqa-pmdpConnect with Brinqa during RSA Conference: https://itspm.ag/brinqa6gp5Hear more stories from Brinqa: www.itspmagazine.com/their-stories/see-all-of-your-security-findings-in-one-place-act-on-them-precisely-a-collection-of-brinqa-stories-from-rsa-conference-2023For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Dana Linnet, President and CEO of The Summit Group DCOn LinkedIn | https://linkedin.com/in/dana-linnet-5bb2a85At RSAC | https://www.rsaconference.com/experts/Dana%20Linnet____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this Chats on the Road to RSA Conference podcast episode, former US diplomat Dana Linnet speaks about her transition from diplomacy to cybersecurity, highlighting her experiences and the lessons she learned along the way.Joining hosts Sean Martin and Marco Ciappelli, Linnet offers insights into how culture plays a crucial role in addressing cyber threats. She discusses her time as a government CISO (Chief Information Security Officer) and ISSO (Information System Security Officer), which began during the early days of cybersecurity. She also discusses her involvement in establishing the NATO Cybersecurity Center of Excellence (CCOE) in Estonia after the nation experienced cyber-attacks from neighboring Russia and how important it is for governments to listen to people who know more than they do about cybersecurity.As the conversation turns to the importance of culture in cybersecurity and how human behavior is a critical factor in preventing cyber-attacks, Linnet highlights the importance of information sharing, learning from digital threats, and adapting to the ever-changing cyber landscape. The hosts and Dana also discuss personal responsibility in cybersecurity and the need for leaders to take ownership of the problem.The conversation highlights Linnet’s upcoming panel at RSA Conference. Focused on the topic of leadership culture in cybersecurity, the panel will dive into the role of boards and C-suites in leading and nurturing a security-conscious culture. The panel also touches on the value of diverse backgrounds in the cybersecurity industry, the challenges of changing culture, and how companies need to address the cultural gap between what they know and what they do.Tune in to learn from Linnet’s experiences and get a fresh perspective on the intersection of cybersecurity, culture, and leadership. Don't forget to follow all of ITSPmagazine’s RSA Conference coverage. Be sure to share and subscribe to Redefining CyberSecurity Podcast to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesSession | How to Create a Breach-Deterrent Culture of Cybersecurity, from Board Down: https://www.rsaconference.com/USA/agenda/session/How%20to%20Create%20a%20BreachDeterrent%20Culture%20of%20Cybersecurity%20from%20Board%20DownLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Justin "Hutch" Hutchens, Director of Security Research & Development at Set Solutions [@setsolutionsinc] and a cybersecurity instructor for the University of Texas at Austin [@UTAustin]On LinkedIn | https://www.linkedin.com/in/justinhutchens/On Twitter | https://twitter.com/sociosploitOn YouTube | https://www.youtube.com/channel/UCGx0Wq45QB3pKHUzsX8R0Zg____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this captivating episode as part of our RSA Conference Coverage Chats on the Road series, Justin Hutchens, a seasoned expert in information security and AI, and hosts Sean Martin and Marco Ciappelli discuss the potential benefits and risks of integrating artificial intelligence (AI) and natural language processing (NLP) into various aspects of our lives. Justin shares his journey in AI, from attempting to crack financial markets to exploring its potential in social engineering.Hutchens will be delivering a talk at RSA about the weaponization of large language models for fully autonomous social engineering systems and potential mitigation strategies. He will also lead a "birds of a feather" session on the ethics surrounding AI, touching on topics such as societal impacts, mental health, and job displacement.The podcast delves into the perception and limitations of AI, emphasizing that it should be seen as a tool rather than a solution. Hutchens highlights the risks of integrating AI into business processes and shares his thoughts on the importance of human intervention to ensure the accuracy and safety of AI-generated outputs. He also mentions the possible advantages of using AI in security operations and its challenges in operational decision-making.The conversation underscores the need for ongoing discussions covering the importance of ethics in AI, the rapid acceleration of AI development, its potential societal impacts, and understanding the necessity of balancing business objectives with societal concerns. Join this enlightening conversation as the trio discuss the power and responsibility that come with using AI and explore ways to mitigate the risks associated with integrating AI into organizations' workflows.Don't forget to follow all of ITSPmagazine’s RSA Conference coverage. Be sure to share and subscribe to Redefining CyberSecurity Podcast to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesSession | Artificial Intelligence: Balancing Rapid Innovation with Ethics: https://www.rsaconference.com/USA/agenda/session/Artificial%20Intelligence%20Balancing%20Rapid%20Innovation%20with%20EthicsSession | CatPhish Automation - The Emerging Use of AI in Social Engineering: https://www.rsaconference.com/USA/agenda/session/CatPhish%20Automation%20-%20The%20Emerging%20Use%20of%20AI%20in%20Social%20EngineeringPrevious RSAC Presentations: https://www.rsaconference.com/experts/Justin%20HutchensLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxley____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s Sponsors ____________________________Episode NotesIn this podcast episode, Huxley Barbee, a security evangelist at RunZero and lead organizer for BSides NYC, talks about reviving the major security conference after a hiatus through the pandemic.With a record-breaking 127 submissions for talks, the conference will feature speakers from around the world discussing red and blue team topics, as well as various other aspects of the InfoSec industry. The event will also offer hands-on workshops, villages focused on career development, and resume reviews for students and professionals.Taking place at John Jay College in Manhattan, the conference aims to be as accessible as possible, offering tickets at just $15 and automatically refunding students who register with a .edu email address. The conference theme, "The Reboot," invites attendees to rethink cybersecurity, with a keynote speech by Lance James on rebooting our thinking in the industry.Don't forget to share and subscribe to Redefining CyberSecurity and our On-Location event coverage podcasts to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesBSides NYC: https://bsidesnyc.org/____________________________Are you interested in sponsoring an ITSPmagazine Channel or promoting your event?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Katie Nickels, Certified Instructor and Director of Intelligence Operations at SANS Institute [@sansforensics] and Red Canary [@redcanary]On LinkedIn | https://www.linkedin.com/in/katie-nickels/On Twitter | https://twitter.com/likethecoinsOn Mastodon | https://infosec.exchange/@likethecoinsJohannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]On LinkedIn | https://www.linkedin.com/in/johannesullrich/On Twitter | https://twitter.com/sans_iscOn Mastodon | https://infosec.exchange/@jullrich____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this new RSA Conference Coverage podcast episode with ITSPmagazine, cybersecurity experts and SANS instructors, Katie Nickels and Johannes Ullrich, delve into the "Five Most Dangerous New Attack Techniques" panel, a discussion they've been part of for the past few years. They shed light on how they identify these top techniques by examining their increasing prevalence and potential impact. Joined by an outstanding panel of experts, including Heather Mahalik, a mobile technology specialist, and Steve Sims, an offensive security guru, they offer unique insights from different sides of the industry while also highlighting the importance of practical, hands-on advice and defense strategies against these threats.The panel emphasizes the importance of practical, hands-on advice and defense strategies to combat these emerging threats. Furthermore, Johannes shares valuable information about the Internet Storm Center's role in monitoring attacks and disseminating knowledge within the cybersecurity community.Tune in to this must-listen episode for a sneak peek of the latest attack techniques, evolving defense mechanisms, and the collaborative efforts of the cybersecurity community that will be presented during the panel so you can stay one step ahead of the attackers.Don't forget to share and subscribe to ITSPmagazine's RSA Conference Coverage to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesSession | The Five Most Dangerous New Attack Techniques: https://www.rsaconference.com/USA/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20TechniquesInternet Storm Center Diaries: https://isc.sans.edu/Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Allan Friedman, Senior Advisor and Strategist at CISA [@CISAgov]On LinkedIn | https://www.linkedin.com/in/allanafriedman/On Twitter | https://twitter.com/allanfriedman____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesWelcome to the latest episode of the Redefining Cybersecurity podcast with Sean Martin. In this episode, Sean talks about the upcoming RSA Conference in San Francisco, which promises to be an eventful one with a lot of topics, one of which is the software bill of materials (SBOM). Sean recently came across a tweet by Allan Friedman, a senior advisor and strategist at the Cybersecurity and Infrastructure Security Agency (CISA), about his hope to speak at RSA on SBOMs. In this episode, Sean invites Allan to discuss what prompted him to put that tweet up and how things have transitioned in the last few years.According to Sean, Allan and his team's work has played a significant role in pushing the software community to take action and to make some progress on SBOMs. During this episode, Allan shares his journey into CISA, his work before on coordinated vulnerability disclosure, and how the government can help create better markets for security. He also shares his perspective on how the proliferation of APIs and microservices has taken off in recent years and how the SBOM concept has become more relevant than ever.If you're interested in learning more about SBOMs and how they can help organizations mitigate security risks and vulnerabilities, then you don't want to miss this episode. So make sure you subscribe to Redefining Cybersecurity Podcast on your favorite platform and share this episode with your colleagues and friends.____________________________ResourcesSupply Chain Integrity Month: https://www.cisa.gov/supply-chain-integrity-month"Scaling Software Supply Chain Source Security in Large Enterprises" session: https://www.rsaconference.com/usa/agenda/session/Scaling%20Software%20Supply%20Chain%20Source%20Security%20in%20Large%20Enterprises"The World on SBOMs" session: https://www.rsaconference.com/usa/agenda/session/The%20World%20on%20SBOMs"The Opposite of Transparency" session: https://www.rsaconference.com/usa/agenda/session/The%20Opposite%20of%20Transparency28 sessions on Supply Chain: https://www.rsaconference.com/usa/agenda/full-agenda#q=supply%20chain&t=agenda-upcoming-tab&numberOfResults=5022 sessions on Open Source: https://www.rsaconference.com/usa/agenda/full-agenda#q=open%20source&t=agenda-upcoming-tab&numberOfResults=25Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Henry Danielson, Volunteer at AeroSpace Village [@SecureAerospace]On LinkedIn | https://www.linkedin.com/in/henry-danielson-43a61213/On Twitter | https://twitter.com/hdanielsonAdam Scheuer, Executive Vice President at CT Cubed Inc. [@CTcubed]Chris McDaniels, CEO at CT Cubed Inc. [@CTcubed]On LinkedIn | https://www.linkedin.com/in/mcdanielsc/____________________________HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesWelcome to this exciting episode where we take you on a journey to the RSA Conference in San Francisco, and even to space! In this episode, we get to explore the Aerospace Village and learn about the fascinating work of the group CT Cubed, all of whom are volunteers doing good things for society in aerospace. Our guests, Adam, Chris, and Henry share their stories and backgrounds, which have led them to their current roles.The Aerospace Village at RSA Conference features many sub-villages and exciting activities, such as the work being done by CT Cubed. They focus on realistic training for engineering and analytical work, in addition to training, to keep current in the aerospace industry. Their work has led to the creation of a system of systems called the Mouse, which allows for realistic training of students in the aerospace field.But that's not all! As Sean Martin, Marco Ciappelli and our guests discuss, there is a lot of activity happening in space, and we get the pleasure of connecting with some of the folks working on this topic through ITSPmagazine. It's one thing to read a book, watch it on TV, or listen to someone's story, but it's even cooler to get hands-on experience with it. And that's exactly what the Aerospace Village at RSA Conference provides.So come join us on this thrilling journey to space and the Aerospace Village at RSA Conference, and learn about the exciting work being done by CT Cubed. Don't forget to share and subscribe to our podcast for more exciting episodes like this one!____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://youtu.be/U7B_wUN8Pe8For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Community Member Contributor: Billy Spears, Chief Information Security Officer at Teradata [@Teradata]On LinkedIn | https://www.linkedin.com/in/billyjspears/HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionBy establishing trust, organizations can develop more efficient security programs and improve risk management outcomes. In this post, Billy Spears, CISO for Teradata, presents critical elements for building trust, such as adopting a results-oriented approach, clarifying intent, and actively listening to others. The crucial role of trust in the cybersecurity industry is also explored as Billy emphasizes its significance in cultivating effective communication, collaboration, and innovation within teams and organizations. Billy stresses the importance of balancing trust in human relationships with the implementation of zero-trust security solutions, paving the way for a more collaborative and productive environment in the cybersecurity landscape.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Cem Dilmegani, Principal Analyst at AIMultiple [@aimultiple]On LinkedIn | https://www.linkedin.com/in/cem-dilmegani/On Twitter | http://twitter.com/dilmegani____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesIn this podcast episode, Cem Dilmegani and Sean Martin discuss the various types of fraud that exist and how machine learning can be utilized by both fraudsters and companies to outsmart each other.The conversation delves into the world of fraud and its impact across various domains, from financial systems to advertising and even healthcare. The discussion highlights how fraudsters are using sophisticated techniques, such as machine learning and automation, to bypass rules-based systems and carry out illicit transactions or manipulate user behavior.The conversation shifts to the financial services industry, where Cem explains how illicit actors might use automation to transfer funds through smaller transactions to avoid detection or bypass sanctions. They also discuss the challenges faced by banks in identifying fraudulent transactions and the complexities involved when dealing with nation-state actors.Sean brings up the concept of open-source intelligence (OSINT) in the cybersecurity world and wonders if there's a similar database for fraud rules and vulnerabilities in the financial world. Cem explains that while OSINT might not be as powerful in the world of fraud, fraudsters can still find ways to exploit systems and bypass controls.Throughout the conversation, intriguing use cases are presented, such as ad fraud in the B2B tech industry, where competitors employ machine-generated clicks and utilize bots to drain marketing budgets, or the concept of "feature fraud," where malicious actors manipulate user feedback to drive companies in the wrong direction.The episode also delves into the challenges faced by the healthcare industry, including insurance fraud, where patients are overcharged for services or billed for therapies they never received. In the financial services realm, fraudsters resort to account takeovers, complex transaction models, and even shell entities to bypass security measures.The discussion also highlights the ever-evolving world of fraud, emphasizing the need for businesses and industries to leverage advanced technologies, like AI and machine learning, to stay ahead of the curve and protect themselves from these sophisticated threats. This episode is a must-listen for anyone interested in understanding the simple complexities of fraud and the countermeasures that can be employed to mitigate its impact.Tune in now and stay ahead of the curve!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3ITSPmagazine YouTube Channel📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesCloud Security Podcast: https://www.cloudsecuritypodcast.tv____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Maria D'Avanzo, Chief Evangelist Officer at Traliant [@traliant]On LinkedIn | https://www.linkedin.com/in/maria-d-avanzo/Lyndon Marquez, Corporate Counsel at Life Extension [@LifeExtension]On LinkedIn | https://www.linkedin.com/in/lyndonmarquez____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpPentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this podcast episode, Lyndon Marquez, Maria D'Avanzo, and Sean Martin engage in an insightful discussion about data privacy, regulations like GDPR, and how companies approach these issues.Lyndon Marquez highlights the differences between the U.S. and Europe in terms of their approach to privacy and data handling. He explains that GDPR was a significant milestone that helped companies focus on data protection, even though it may have initially seemed like overkill. Marquez emphasizes that striking a balance between business needs and regulatory requirements is crucial.Maria D'Avanzo shares her experience of implementing privacy programs at Cushman. She notes that GDPR was a key factor in driving organizations to prioritize privacy as a standalone function. D'Avanzo also discusses the challenges of navigating between business goals and data protection requirements, emphasizing the importance of having an appropriate privacy program in place.Sean Martin raises questions about the current state of privacy and data protection, wondering if companies have mastered GDPR or if there's still room for improvement. Both D'Avanzo and Marquez agree that the mindset towards data privacy in the U.S. still has a long way to go before it reaches the level of awareness seen in Europe.The conversation also touches on the role of board members in addressing privacy concerns, the potential impact of new legislation, and the challenges smaller companies face in implementing security and privacy measures. They explore the importance of looking at data privacy from a risk perspective, making it relatable for decision-makers, and ensuring appropriate measures are in place.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3ITSPmagazine YouTube Channel📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests:Nicole Darden Ford is Vice President, Global Information Security and Chief Information Security Officer at Rockwell Automation [@ROKAutomation]On LinkedIn | https://www.linkedin.com/in/nicole-darden-ford/On Twitter | https://twitter.com/NicoledgrayAric K. Perminter, Founder & Chairman of Lynx Technology Partners [@LynxPartners] and Board Member at International Consortium of Minority Cybersecurity Professionals (ICMCP) / Cyversity [@OneCyversity]On LinkedIn | https://www.linkedin.com/in/aricperminter/On Twitter | https://twitter.com/aricperminter____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesIn this podcast episode, Sean Martin, the host of the Redefining CyberSecurity Podcast, speaks with Nicole Darden Ford, the Vice President, Global Information Security, and Chief Information Security Officer at Rockwell Automation, and Aric Perminter, Founder & Chairman of Lynx Technology Partners, about the role of a Chief Information Security Officer (CISO) ranging from business defense to national security.The trio discusses the importance of understanding what is being protected and why it is important in industries such as healthcare, retail, banking, and critical infrastructure. They also talk about the need for cybersecurity professionals to be like cyber first responders and the importance of communicating risk in a financial context. Additionally, the conversation delves into the pressures and hardships that come with being a CISO and how those that take on the role can maintain a positive attitude and feel good about the work they do. Both Nicole and Aric emphasize the importance of caring for one's team, being personable, and having the passion and courage to do what is necessary to protect an organization's data and infrastructure. They also share stories of successful initiatives they have undertaken as CISOs, such as uplifting the competency and training program for a cybersecurity team and enabling a team to work from home during the COVID-19 pandemic.Overall, the conversation sheds light on the complex and challenging role of a CISO and the importance of effective cybersecurity leadership for the benefit of the team, the program, and the organization.Enjoy the conversation! And don't forget to subscribe and share!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3ITSPmagazine YouTube Channel📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Cecilia Murtagh Marinier, Cybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/On Twitter | https://twitter.com/CMarinier____________________________HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcweb____________________________Episode NotesWelcome to another thrilling episode of ITSPmagazine's RSA Conference US 2023 Coverage Podcast, hosted by Sean and Marco. In today's episode, we dive into an engaging conversation with Cecilia Marinier from the RSA Conference, who is responsible for managing the suite of innovation programs, and those aimed at college students. This captivating discussion will give you a deeper understanding of the exciting things happening in the world of cybersecurity innovation.Cecilia shares insights into the Innovation Sandbox contest, an 18-year-old cornerstone event of the conference that has seen billions of dollars of investments and produced numerous successful companies. With a 150% increase in submissions this year, the top 10 companies have been announced, showcasing a diverse range of backgrounds and problem-solving approaches.In addition to the Innovation Sandbox, we learn about Launchpad, an event that focuses on earlier stage startups, where three entrepreneurs pitch to venture capitalists. The venture capitalists themselves come from varied backgrounds, bringing unique perspectives and valuable questions to the table.We also explore the Early Stage Expo, where 50 startups showcase their solutions, and a series of informative content sessions aimed at those interested in becoming entrepreneurs. The RSA Conference is committed to innovation, and this episode highlights the passion and excitement behind it.Join Sean and Marco as they ask Cecilia about the criteria for selecting participants for the Innovation Sandbox and Launchpad events. We discover the importance of having a strong team, a novel approach to solving a problem, and the ability to demonstrate the potential for significant market impact.If you're eager to learn about the future of cybersecurity innovation, this conversation is a must-listen. Don't miss out on this episode packed with valuable insights, and be sure to share it with others, subscribe to the podcast, and join us for more captivating discussions.____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://youtu.be/U7B_wUN8Pe8For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastBe sure to share and subscribe! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Welcome to another exciting episode of our podcast, where we dive into the fascinating world of cybersecurity and explore the challenges faced by businesses and individuals alike. Today, we have an extraordinary story to share, one that sheds light on the ever-evolving landscape of cyber threats and the innovative solutions being developed to protect us. We're talking about BlackCloak, a cutting-edge cybersecurity company that's changing the game when it comes to digital executive protection. So buckle up, sit back, and prepare to be amazed as we unravel the incredible story of BlackCloak and its mission to safeguard the digital lives of corporate executives and high-profile individuals. And don't forget to subscribe and share our show so that you and your network can stay ahead of the curve in this rapidly changing world of cybersecurity.In today's episode, we're joined by BlackCloak's co-founder, Dr. Chris Pierson, and their Chief Information Security Officer, Daniel Floyd. Both of these experts bring decades of experience in system architecture, security operations, and cybersecurity strategy to the table. As they discuss the unique challenges faced by executives and their families in the age of remote work, it becomes apparent that traditional cybersecurity measures are no longer enough.The conversation delves into the critical need for digital executive protection that extends beyond the four walls of a company. This is where BlackCloak steps in, providing comprehensive protection for executives and their families in their personal lives without infringing on their privacy. The aim is to create a hardened target around these high-profile individuals and their loved ones, safeguarding their homes, devices, and personal data from malicious cybercriminals.As our guests share real-world examples of high-profile breaches, such as Twilio and Uber, it becomes evident that the personal lives of executives are increasingly becoming the soft underbelly of companies' cybersecurity defenses. By targeting executives through phishing attacks and exploiting their personal devices, cybercriminals are finding ways to bypass corporate security measures and access sensitive information.In response to these evolving threats, BlackCloak offers an innovative solution that bridges the gap between corporate and personal cybersecurity. By taking a proactive approach and addressing the unique challenges faced by executives and their families, BlackCloak is redefining digital protection and shaping the future of cybersecurity as we know it.Don't miss out on this thrilling episode as we delve into the cutting-edge world of BlackCloak and learn how they're revolutionizing the way we think about cybersecurity. Remember to subscribe to our show and share it with your friends and colleagues so that everyone can stay informed and protected in this ever-changing digital landscape.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests:Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonDaniel Floyd, CISO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/daniel-n-floyd/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebConnect with BlackCloak during RSA Conference: https://itspm.ag/blackcvnk8For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestsLinda Gray Martin, Vice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayBritta Glade, Senior Director, Content & Curation at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/On Twitter | https://twitter.com/brittaglade____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcweb____________________________Episode NotesWe are thrilled to kick off our event coverage with our traditional first Chats On The Road to RSA Conference 2023, chatting with our good friends as they give us the latest and greatest for what we can expect at this year's event.Listen in to hear more about the theme, keynotes, sessions, speakers, expo hall, community events, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch for a funny moment as well.Tune in and be sure to join us for all of our coverage coming to you before, from, and after RSA Conference USA 2023!____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://www.youtube.com/watch?v=Htvn7AkCJSsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Taylor Hersom, Founder at Eden Data [@edendatainc]On LinkedIn | https://linkedin.com/taylorhersomOn Twitter | https://twitter.com/taylorhersomAshish Rajan, CISO, CyberSecurity Influencer, SANS [@SANSInstitute] Trainer for Cloud Security, and Host of the Cloud Security Podcast [@CloudSecPod]On LinkedIn | https://www.linkedin.com/in/ashishrajan/On Twitter | https://twitter.com/hashishrajanOn TikTok | https://www.tiktok.com/@hashishrajanOn YouTube | https://www.youtube.com/channel/UCRrWf6aQnFbdS7WRlv_o0Tw____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesJoin Sean, Ashish, and Taylor, as they discuss the evolution of cloud computing, cloud security, and their experiences in the field. The conversation explores the different types of cloud services, the shift from on-premises to cloud infrastructure, and the growing need for professionals with specific cloud security knowledge.The guests address the challenge of shadow IT, where people within an organization use cloud services without the knowledge of the IT team or leadership. They stress the importance of collaboration, focusing on a "security champions" program that bridges the gap between security professionals and developers. They emphasize building security from the beginning rather than patching holes later and highlight the importance of adapting to the ever-changing landscape of cloud security.They also discuss the use of ChatGPT as a learning tool, its potential impact on the security community, and its potential benefits and risks, exploring the possibility of using ChatGPT for compliance and its impact on external auditors. While acknowledging the potential benefits of ChatGPT, they caution against overreliance on technology and stress the importance of maintaining critical thinking, problem-solving, and respect within the security community.The podcast concludes with an emphasis on the importance of culture, collaboration, and trust in cybersecurity. The guests note the role of security champions programs in bridging knowledge gaps and highlight the need to customize security frameworks like NIST for specific IT environments. They touch on the softening stigma around cybersecurity and point out that people already practice security in their daily lives, encouraging them to apply the same mindset to their digital work.Listen up and comment on this episode to share your thoughts with the community.____________________________ResourcesCloud Security Podcast: https://www.cloudsecuritypodcast.tv____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Dr. Hunter LaCroix, Adjunct Professor, University of Maryland Global Campus [@umdglobalcampus] and EMT Firefighter Rescue Technician Hazmat Specialist, State of Maryland [@StateMaryland]On LinkedIn | https://www.linkedin.com/in/hunter-l-035498234/Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, Sean Martin is joined by Dr. Hunter LaCroix and Marco Ciappelli to discuss the intersection of emergency management and cybersecurity. Dr. LaCroix argues that there is a significant disconnect between the two areas, with emergency management professionals not considering cyber attacks as a true area of disaster. This is despite increasing cybercriminal activity targeting local and state governments and their supporting critical infrastructure. The conversation points out that there is a need for a cyber capability that develops around the physical disaster response framework, similar to the response we often see when a natural disaster occurs.States such as Ohio and California have implemented cybersecurity volunteer reserves and cybersecurity watch centers, respectively. The National Guard units also assist local entities during cyber incidents and play a vital role in emergency management relationships. Pre-existing relationships with the National Guard can be leveraged and building public-private partnerships is critical in cybersecurity incident response. The private sector and cybersecurity professionals trust the National Guard to be a leader in local and state cybersecurity incident response. Still, there is a widespread problem at the local and state level of operations and a lack of broader implementation and utilization of these services.Dr. LaCroix has written about this topic, with a book being published shortly. You can read the abstract for the book below.Book AbstractCybersecurity is a national priority for the Homeland Security enterprise. Yet, despite a prioritization at the federal level, municipal and state governments have struggled to incorporate the National Guard in cyber incident response. Cyber incidents strain municipalities and states, which have spent significant resources to mitigate cyber threats. The glaring gap in the National Guard’s role in municipal and state cyber incident response warrants two key questions as to why the National Guard isn’t more readily used. “Is it cost prohibitive to use National Guard assets when compared to private entities?” Or “is there an underlying sociological disconnect regarding the National Guard’s role in cyber disaster when compared to physical disasters.”? Both questions and the National Guard’s role have largely been under-examined by Homeland Security professionals and academia requires additional examination.This dissertation seeks to study via a sequential mixed method approach answers to both questions. First, using a quantitive analysis method examining case studies this study seeks to examine if “it is less expensive for municipal and state governments to use the National Guard instead of private sector assistance for cyber incident responses?" Sequentially if it is less expensive, this dissertation seeks to utilize a survey-based questionnaire from associations of National Guard and Emergency response personal to answer, “is there and underlying sociological misperceptions that contribute to National Guard’s underutilization for cyber disasters when compared to their role in traditional disaster response?” This study achieved complimenting results: with quantitative testing affirming the initial hypothesis regarding the National Guard’s cost effectiveness versus private sector entities in case studies examined. This led to qualitative studies using surveys to examine possible misperceptions of the National Guard’s role in cyber incident response for municipal and state level operations. Surveys revealed both a lack of understanding and disconnect between the National Guard’s role in cyber incident response when compared it is normal role in physical disasters. This research creates opportunity and future growth for homeland Security professionals to prioritize the understanding and growing role of the National Guard for public and private enterprise at the municipal and state level of cyber incident response.____________________________ResourcesBook: Coming (Date: TBD)____________________________To see and hear more Redefining C

Community Member Contributor: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionOrganizations are asking a lot of their CISOs—from protecting internal digital assets to verifying the security postures of customers and partners, managing cyber insurance and compliance requirements, and acting fast anytime a security issue arises (real or otherwise). Taking on this challenge is made more difficult by the five areas in which CISOs tend to struggle—leadership, strategic thinking, optimizing for threats, promoting teamwork, and maximizing value. In this post from the Blue Lava Community, Matthew Rosenquist, the CISO at Eclipz.io, examines these five areas and presents strategies CISOs can apply to overcome the common mistakes made to instead provide cybersecurity value that can be measured in business terms at the C-suite table.LinkedIn Post: Five Biggest Mistakes of Cybersecurity Programs______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Patricia Muoio, Ph.D, General Partner, SineWave Ventures [@SineWaveVC]On LinkedIn | https://www.linkedin.com/in/patricia-muoio-10037775/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesThe Chief Information Security Officer's (CISO's) role in an enterprise is challenging due to ambiguity around security requirements, lack of clear understanding of security as a business imperative, and the increasing complexity of technology. Placing the CISO closer to engineering and IT can help make better recommendations and choices but may require additional views of risk management alongside other types of business risks.This conversation highlights the changing role of CISOs in companies and the potential need for multiple CISOs (or sub-CISOs) to manage different aspects of security may be on the horizon, something startups may not be ready for but should begin to prioritize during the early build stage if they are to avoid costly situations later.____________________________ResourcesPodcast: CISO Stories Recounted By The World's First CISO | A Conversation With Steve Katz: https://itspmagazine.simplecast.com/episodes/ciso-stories-recounted-by-the-worlds-first-ciso-a-conversation-with-steve-katz____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this second episode, we take a closer look at Log4j and what business/operations impacts it had on organizations faced with the attacks against the vulnerability. We also get to hear about some successful mitigation measures Imperva customers used to mitigate the impact of Log4j and take that to the next level for some actionable steps companies can take to prepare for other supply chain vulnerabilities.Note: This story contains promotional content. Learn more.Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Blog: Log4j: One Year LaterSolution page: Stopping software supply chain attacksLearning center: Supply Chain AttackLearning center: Zero-day (0day) exploitNational Telecommunications and Information Administration: Software Bill of MaterialsNational Telecommunications and Information Administration: Vulnerability-Exploitability eXchangePodcast Part 1 of 2: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapelAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The December 2021 log4j vulnerability was a major event in the cybersecurity world. When it was released and exposed to the internet, it caused an explosion in attacks with five and a half million attacks per day and up to 25,000 sites attacked per hour. The vulnerability affects any system running that version of Java lookup and could be at risk, even if it is only exposed internally to insiders. The attackers initially used scanning and checking to see which sites were vulnerable, and then it was automated. Attack tools were created to make it easier for attackers to reach as many targets as possible. Public awareness campaigns have been effective, but vulnerabilities can reappear due to the prevalence of the software. 72% of organizations still had some level of vulnerability to log4j as of October 2022.As captured in this episode, remediation is not a one-and-done solution, as seen with Log4j, where organizations would fix the problem, and then it would come right back due to the prevalence of the software and how deep it went. The importance of API security is emphasized since 15% of the numbers were coming from APIs. The need to check and document new things added to the system is crucial to maintain proper documentation and be up on remediation. In short, software supply chain security is critical.Note: This story contains promotional content. Learn more.Guest: Gabi Stapel, Content Manager @ Imperva Threat Research [@Imperva]On LinkedIn | https://www.linkedin.com/in/gabriella-stapel/On Twitter | https://twitter.com/GabiStapelResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Blog: Log4j: One Year LaterSolution page: Stopping software supply chain attacksLearning center: Supply Chain AttackLearning center: Zero-day (0day) exploitNational Telecommunications and Information Administration: Software Bill of MaterialsNational Telecommunications and Information Administration: Vulnerability-Exploitability eXchangeAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests:Jay Thoden Van Velzen, Strategic Advisor to the CSO at SAP [@SAP]On LinkedIn | https://www.linkedin.com/in/jay-thoden-van-velzen/On Twitter | https://twitter.com/JayThvVOn Mastodon | https://infosec.exchange/@jaythvvMehran Farimani, CEO at RapidFort [@RapidFortInc]On LinkedIn | https://www.linkedin.com/in/farimani/On Twitter | https://twitter.com/farimaniOn Mastodon | https://infosec.exchange/@farimaniMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb___________________________Episode NotesCybersecurity is a vast field with many categories and seemingly countless products and services. Some workflows can be implemented and automated to great effect if the organization understands them. However, many solutions within the cybersecurity space focus on the threat and the response but not on the environment of the organization and its business goals. An overload of options and this lack of understanding lead to an ineffective approach to security and wasted time and money.Inspired by a post on Mastodon, Mehran Farimani and Jay Thoden Van Velzen join Sean Martin and special guest, Marco Ciappelli to discuss the challenges with the alphabet soup that is the cybersecurity industry.____________________________ResourcesInspiring Post: https://infosec.exchange/@jaythvv/109530373418320875Community Containers: https://github.com/rapidfort/community-images____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Community Member Contributor: Dutch Schwartz, Principal Security Specialist, Amazon Web Services (AWS) [@AWSSecurityInfo]On LinkedIn | https://www.linkedin.com/in/dutchschwartzOn Twitter | https://twitter.com/dutch_26HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionIn this episode, Dutch Schwartz—a Principal Security Specialist with Amazon Web Services—discusses how CISOs and other cybersecurity leaders need to expand upon their technical skills and include leadership competencies. Doing so allows cybersecurity leaders to connect with other leaders in the organization and their cybersecurity teams. This, in turn, makes it possible for cybersecurity activities to enable the business to knowingly take the risks it wants to take and then manage and mitigate those risks when they become problematic.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb___________________________Episode NotesIn the last episode on this topic, Matthew gave us some insights into how and where he expected cybersecurity to take us in 2022. During the conversation he said, “Cybersecurity will continue to rapidly gain in both relevance and importance in 2022 as the world relies more upon digital technologies and unknowingly embraces the increasing accompanying risks of innovation. 2022 will see the rise of government orchestrated cyber-offensive activities, the growth of cybercriminal impacts at a national level, and the maturity of new technology used as powerful tools by both attackers and defenders. Overall, 2022 will be a more difficult and trying year for cybersecurity than its predecessors.”In this episode, we take a look back at the year of cybersecurity that was 2022, including the predictions, the outcomes, and the misses. It's a wild ride that you won't want to miss, even if you experienced some of it first-hand in your own InfoSec programs.____________________________ResourcesPrevious Episode #844 - It Is 2022: Here Are Some Cybersecurity Predictions And Their Impact On Business, Governments, Citizens, And Society: https://itsprad.io/redefining-security-844Original 10 Predictions: https://www.linkedin.com/pulse/10-cybersecurity-predictions-2022-matthew-rosenquist/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestLance SpitznerDirector, SANS Senior Instructor - SANS Technical Institute [@sansinstitute]On LinkedIn | https://www.linkedin.com/in/lance-spitzner-0ab0ba1/On Twitter | https://twitter.com/lspitznerHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsPentera | https://itspm.ag/penteri67aAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc___________________________Episode NotesThere are many security frameworks, maturity models, and best practices to leverage when developing ‘user friendly’ security policies to foster greater adoption and behavioral change. How these new policies are effectively communicated to ensure both compliance and collaboration across the organization (including remote workers) is equally important.____________________________ResourcesSANS: https://www.sans.org/NIST CSF: https://www.nist.gov/cyberframework____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Data is dynamic. Data is unique. It's critical for businesses to maintain data security and integrity by treating it differently based on what it is, what it's for, who is accessing it, how it's being used, and the overall context surrounding these things.Join us for a conversation with Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow, as we explore:What challenges do businesses face when it comes to protecting data in our modern world?What security risks do insider threats present to an organization and why are they so hard to stop?Why are more organizations moving to agentless data security?How have Imperva Data Security solutions evolved to meet the new challenges of securing data wherever it lives?Note: This story contains promotional content. Learn more.GuestTerry RaySVP Data Security GTM, Field CTO and Imperva FellowOn Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityVideo: Demystifying Data Protection: Steps To Find, Monitor And Control Without ChaosWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Community Member Contributor: William PughSecurity Consultant at AWS [@awscloud]On LinkedIn | https://www.linkedin.com/in/billy-pugh/HostsSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionCompanies looking to strengthen their cybersecurity programs would do well to look toward military veterans who are transitioning to the corporate sector. Veterans come equipped with the necessary experience and a cybersecurity paradigm that sets them up for success in helping protect vital digital assets.A vital part of that paradigm is the ambiguity of cybersecurity. New technologies keep emerging that need protection by applying security controls. At the same time, cybercriminals constantly change their tactics, exploiting known weaknesses and bypassing common controls.Both the military and the corporate world also face a dearth of security talent and often have to throw professionals with little experience at the cybersecurity ambiguity challenges. Private companies and public organizations thus need professionals who are accustomed to working under the pressure of ambiguous scenarios with limited resources to support them.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestsJavvad MalikLead Security Awareness Advocate at KnowBe4 [@KnowBe4]On LinkedIn | https://www.linkedin.com/in/javvad/On Mastodon | https://infosec.exchange/@JavvadOn Twitter | https://twitter.com/J4vv4DOn TikTok | https://www.tiktok.com/@j4vv4dOn YouTube | https://www.youtube.com/infoseccynicMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcPentera | https://itspm.ag/penteri67a___________________________Episode NotesSecurity awareness and security culture are talked about a lot in the community. In this episode, we get into the nitty gritty of both of these topics, hearing about them via real-world stories and discussing them in the context of real-life analogies. A program is just a program unless it can be understood, measured, and defended from all angles.As one example discussed in this episode, there's no point in just teaching people to spot a phishing email because phishing now comes in text messages, on social media, direct messages on Twitter or Instagram, on Discord channels, even in your WhatsApp messages. There's no way you can train everyone on every single channel out there. A better option is to teach them about the red flags, give them knowledge about how the bad actors will approach their targets, and what some of the signs are to look out for. Help them understand that if you're careful, then you won't fall victim to it. One analogy used to help illustrate this point comes in the form of the crosswalks in London where information is shared with the street crosser at the point when/where they are crossing as opposed to trying to train the traveler weeks in advance of visiting London.This is one of the many, many points that our guest, Javvad Malik, shares with us during this episode.Enjoy and learn!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Community Member Contributor: Frank KimCISO-in-Residence at YL Ventures [@ylventures] and Fellow and Curriculum Director at the SANS Institute [@SANSInstitute]On Twitter | https://twitter.com/fykimOn LinkedIn | https://www.linkedin.com/in/frank-kim/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________Episode DescriptionAs businesses migrate more and more applications to the cloud and continue relying on SaaS applications, CISOs are under pressure to ensure every IT environment is secure. This requires a new paradigm in formulating cloud security strategies because the technologies differ from on-premises technologies, and the security aspects vary from one cloud provider to another.In this episode, Frank Kim—a Fellow and a Curriculum Director at the SANS Institute—examines the approach CISOs must take to secure multiple cloud and SaaS environments. Kim also discusses the importance of understanding the differences between on-premises security and the cloud and why the speed of the cloud requires a new security paradigm. Kim then presents why CISOs need to give business units and software developers security options (rather than locking them into one tool) while balancing a combination of governance and technical expertise.Understanding the criticality of protecting access credentials and the needs of all stakeholders is also key to a CISO's success in safeguarding multiple cloud environments.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode’s SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcEdgescan | https://itspm.ag/itspegweb___________________________Episode NotesWe've come a long way in software development, moving from a months-long waterfall model to a software development lifecycle (SDLC) that's all about continuous improvement and continuous delivery (CI/CD). Has security testing kept up, and how can it fit in? Let's find out during this chat with Data Security Architect, Andy Rappaport.____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestsJerry BellVP and CISO, IBM Public Cloud [@IBM | @IBMcloud] and founder & co-host of the Defensive Security Podcast [@defensivesec]On Mastodon | https://infosec.exchange/@jerry/109302267835657653On Linkedin | https://www.linkedin.com/in/maliciouslink/On Twitter | https://twitter.com/MaliciouslinkMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliOn Mastodon | https://infosec.exchange/@MarcociappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/pentera-tyuw___________________________Episode NotesAs turmoil ensues on the bird social platform and we witness the information security community making a mad dash to the InfoSec.Exchange instance operating on Mastodon. In this episode, we bring the creator of InfoSec.Exchange, Jerry Bell, to learn more about the Mastodon platform, the vision for InfoSec.Exchange, and what the cybersecurity community can do to ensure this platform continues to reach its potential.____________________________ResourcesInfosec.Exchange on Mastodon: https://infosec.exchange/homeVolunteer for InfoSec Exchange: https://infosec.exchange/@jerry/109302267835657653Donate to InfoSec Exchange: https://liberapay.com/Infosec.exchange/ Jerry's Blog: https://infosec.engineering/Defensive Security Podcast: https://defensivesecurity.org____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the first episode of this two-part series, we looked at the history of privacy law and regulation and we explored how the definitions and requirements are expanding for the benefit of consumers and the impact and challenges they create for the business. We also dissected the differences between data privacy, compliance, and security and how organizations can determine what its data privacy posture will look like in comparison/contrast to its security posture.In this second episode, we take a closer look at actionable strategies and steps organizations can take to operationalize data privacy compliance and how to leverage data privacy initiatives to create a stronger security posture. As we explore these challenges, we begin to uncover the realities of the increased complexity that comes with each decision the business makes to create, collect, store, process, and share sensitive information throughout multiple business systems, applications, and geographies. While there is a clear need to protect the data from being inappropriately accessed by authorized or unauthorized users, a better strategy can be found in the simplification of the business systems and processes thereby avoiding (or at least reducing) the exposure to compliance and security risk.Whatever the drivers are behind your business outcomes and IT operations decisions, having an outcome in mind for privacy and security will give you something to shoot for. Whether it's creating the strongest posture possible or simply checking the boxes for compliance, at least you know where you're going and can begin to head down that path. Clarity and consistency in action brings improved preparedness and increased confidence to the conversation, which leads to more positive outcomes all the way around.Note: This story contains promotional content. Learn more.GuestKate BarecchiaDeputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestScott SchoberPresident and CEO of Berkeley Varitronics Systems [@BVSystems]On Linkedin | https://www.linkedin.com/in/snschober/On Twitter | https://twitter.com/ScottBVSOn Facebook | https://www.facebook.com/scott.schober.585HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcPentera | https://itspm.ag/pentera-tyuw___________________________Show NotesWhat is a cybersecurity best practice anyway? And which company is it “best” for? In this conversation, Scott Schober and Sean Martin break down common cybersecurity practices and how businesses of all sizes (especially SMBs/SMEs) can dissect what matters most for their business and how the organization as a whole can adopt the most appropriate cybersecurity practices.Scott also shares his personal story of being targeted by cyber activists and cybercriminals, along with the details for how his personal compromise became a vector to the business being threatened. This is a serious conversation that many don’t talk about. However, hearing this story sheds some much-needed light on how threats and attacks become reality — targeted or not.____________________________ResourcesBooks | Hacked Again Cybersecurity is Everybody’s Business: https://scottschober.com/cybersecurity-is-everybodys-business/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The large ratio gap in the availability of IT security professionals to open positions existed long before COVID-19. And that gap has grown even bigger thanks to the great resignation that has continued to take place in the IT industry since the pandemic. This has created a huge challenge for CISOs and other security leaders in their efforts to recruit and retain skilled security teams.In this episode, Megan McCann—CEO & Founder of the IT recruitment firm McCann Partners—presents creative approaches CISOs and hiring managers can apply to go beyond scanning resumes to finding prospects who can offer true value. McCann also discusses what CISOs can do to nurture their own careers._______________________Community Member Contributor: Megan McCannCEO & Founder at McCann Partners [@McCannPartners]On Twitter | https://twitter.com/meganpmccannOn LinkedIn | https://www.linkedin.com/in/meganpmccann/Hosts: Sean Martin and Marco CiappelliOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestsLeAnn CarySenior Director - Advanced Fusion Center Practice Leader, Optiv [@Optiv]On Twitter | https://twitter.com/leanncaryOn Linkedin | https://www.linkedin.com/in/leanncary/Yolanda CraigDirector, Business Strategy and Development, IC at Raytheon BBN [@RaytheonIntel]On Linkedin | https://www.linkedin.com/in/yolanda-c-r-craig/Sunday Oludare OgunlanaSecurity Incident Management Team, Citi [@Citi]On Linkedin | https://www.linkedin.com/in/sogunlana/On Twitter | https://twitter.com/abovejordanJay Jay DaveySOC Client Lead, Bridewell [@bridewellsec]On Linkedin | https://www.linkedin.com/in/biggingerhoneypot/On Twitter | https://twitter.com/NoxCyberHostsSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode IntroductionThe SOC is changing. Cybersecurity teams are investing in AI-driven security technologies and planning to outsource many of the Tier-1 and Tier-2 analyst responsibilities to combat talent shortages—enabling in-house teams to become much more focused on threat intelligence. In this panel, SOC professionals from MSSPs and in-house teams will come together to discuss dividing and conquering responsibilities to keep organizations secure.Want more on this topic? Be sure to watch the live stream of the Second Annual SOC Analyst Appreciation Day: https://itspm.ag/devo2p8iFor more SOC Analyst Appreciation Day Event Coverage podcast and video episodes visit: https://itspmagazine.com/second-annual-soc-analyst-appreciation-dayTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestsDeborah BlythExecutive Public Sector Strategist at CrowdStrike [@CrowdStrike]On Linkedin | https://www.linkedin.com/in/deborah-blyth/On Twitter | https://twitter.com/debbiblythMerlin NamuthCISO at REPAY [@REPAYholdings]On Linkedin | https://www.linkedin.com/in/merlin-namuth/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Show NotesWhen security leaders are preparing to speak with executive-level leaders and the board of directors, it's important to "know your audience" — but there is so much more to it than that.Join us as we discuss how to learn more about the board of directors, what they care about, how to connect with them, and how to get what you want and need from them to succeed. Equally important is what you can do for them for the business and the greater good of the business world ... we're all connected at some level.Each and every conversation is important and potentially nerve-wracking. None more so than the very first time you are going to present to the board. Thankfully, Debbi and Merlin share some insights on this stage-setting activity as well.Enjoy!____________________________ResourcesLinkedIn Post | Why Cybersecurity Should be a Board-Level Discussion: https://www.crowdstrike.com/blog/why-cybersecurity-should-be-a-board-level-discussion/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Over 100+ countries and counting (along with a growing number is U.S. states) have enacted data privacy legislation, creating a super-complex global data privacy landscape. Unless, of course, you approach the situation with a different mindset.Join us to explore the relationship between privacy, security, compliance, and ethics as organizations try to find the perfect balance in data creation, collection, storage, usage, and collaboration.Don’t worry, we’ll set the record straight for the differences between the “DPO” and the “DPO” … as well as the participation and responsibilities of security, privacy, engineering, legal, compliance, and more.In this first episode, we look at the history of privacy law and regulation and we explore how the definitions and requirements are expanding for the benefit of consumers and the impact and challenges they create for the business.We also get into the differences between data privacy, compliance, and security and how organizations can determine what its data privacy posture will look like in comparison/contrast to its security posture.Is it a one-size-fits-all approach? As an engineer turned legal professional turned privacy executive, you might be surprised to hear what Kate’s recommendations are.Note: This story contains promotional content. Learn more.GuestKate BarecchiaDeputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Global supply chains have grown much more complex than simply figuring out how to get products and services from Point A to Point B. Companies also depend on second-tier, third-tier, and even nth-tier vendors they don’t know and have no relationship with for the services and components they require to operate.Cyberattacks on software across these complex supply chain ecosystems have resulted in disruptions, defects, and diversions that are difficult to identify and resolve—one weak link in the chain can bring the entire ecosystem to a halt.In this episode, Mark Weatherford—CSO at AlertEnterprise and Chief Strategy Officer at the National Cybersecurity Center—examines the importance of understanding vendor cybersecurity postures, not only primary suppliers but also their suppliers as well. Weatherford also discusses how enterprise software components can come from vendors all over the world and how global events can impact supply chains. Weatherford then presents why the jobs of CISOs are so difficult in defending supply chains, along with a few tips for organizations to protect their operations._______________________Community Member Contributor: Mark WeatherfordCSO at AlertEnterprise [@AlertEnterprise] and Chief Strategy Officer at the National Cybersecurity Center [@NATLCyberCenter]On Twitter | https://twitter.com/marktwOn LinkedIn | https://www.linkedin.com/in/maweatherford/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GuestsWilliam KilmerVenture Investor | Company Builder | Author | Innovation StrategistOn Linkedin | https://www.linkedin.com/in/wkilmer/On Twitter | https://twitter.com/wkilmerMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast [@ITSP_Society]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliOn Linkedin | https://www.linkedin.com/in/marco-ciappelli/On Twitter | https://twitter.com/marcociappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Linkedin | https://www.linkedin.com/in/imsmartinOn Twitter | https://twitter.com/sean_martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc___________________________In the business of security, the market can be viewed as driven by 3 things: advancing threats, innovative solutions, and the intersection of these two things to the business. It's this last point that many forget when we look at how a sector can grow, survive, and thrive: how well does it fit into the target customer's business model, financial model, staffing model, operational model, and more.Our guest, William Kilmer, spearheaded interviews with roughly 40 cybersecurity professionals to hear where they thought the market was going. One thing William heard, as an example, was the interest in seeing new operating and business models for cybersecurity beyond the traditional SaaS/recurring software subscription model. As we dig into this point, we get into how and where we can expect budget for cyber for new products will derive — will they be flat, grow, or decline?We also look to see if there are other industries with “similar” challenges that have been transformative where there have been signs of people thinking in a transformative fashion.In the business of security, we must remember the outcome we are trying to achieve. Are we, the collective cybersecurity community, doing what we need to do to meet — or possibly change — the desired outcome?____________________________ResourcesPodcast: Book | Transformative | Being Innovative Is No Longer Enough. To Win, You Need To Be Transformative. | Redefining Technology With William Kilmer | https://itsprad.io/redefining-technology-746Article referenced: https://news.crunchbase.com/cybersecurity/founders-apple-strategic-cybersecurity-startups-kilmer-c5-capital/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Aerospace and the satellite ecosystem is comprised of several systems — a system of systems, in fact. Does the sector offer enough transparency to ensure each one operates securely while supporting the core objectives of reliance, resiliency, and recoverability? The team behind the hack-at-sat CTF says we need to do more.Join us as we discuss the core elements that make up a satellite ecosystem, the difficulties in gaining access to real-world systems to analyze their cyber risk, and the work the team is doing with the hack-a-sat capture the flag (CTF) event to help secure these critical environments.____________________________GuestsLogan FinchPrincipal Engineer at Cromulence [@cromulencellc]On Linkedin | https://www.linkedin.com/in/logan-finch/On Twitter | https://twitter.com/hack_a_satJason WilliamsCo-Founder and CEO of Cromulence [@cromulencellc]On Linkedin | https://www.linkedin.com/in/jason-williams-5858c3On Twitter | https://twitter.com/hack_a_sat____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network____________________________ResourcesHack-a-Sat CTF Website: https://hackasat.com/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

CISOs and InfoSec teams in charge of product security realize how the drive for innovation can speed up their organization's product release philosophy. Software development teams want applications to continuously expand functionality to solve more customer pain points and go to market before the competition.But it’s just as vital for CISOs and InfoSec teams to be product security advocates for customers—to ensure their accounts and sensitive data are safe from bad actors.In this episode, Alex Kreilein, a Senior Technical Program Manager for Microsoft, discusses what it takes for CISOs and InfoSec teams to become security advocates for customers by ensuring the safety of software products. Kreilein also examines the importance for CISOs and InfoSec teams to understand the objectives of the software development team and to interject product security early into the software development lifecycle. Kreilein then presents why accuracy in security testing is more important than finding vulnerabilities and how it’s critical to establish one team across security and developer teams—by making success metrics transparent and allowing team members to hold each other accountable._______________________Community Member Contributor: Alex KreileinSenior Technical Program Manager, Microsoft [@Microsoft / @msftsecurity]On Twitter | https://twitter.com/AK3R303On LinkedIn | https://www.linkedin.com/in/alexkreilein/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The threat landscape has changed. The technology landscape has evolved. The security operations center analysts and researchers have had to do the same.In this special event coverage episode, we connect with the Senior Director of Security Research at Devo, Chaz Lever, to discuss the past, present, and future of technology, behavior, tactics, techniques, tools, training, leadership, community, and more.Want more on this topic? Be sure to watch the live stream of the Second Annual SOC Analyst Appreciation Day: https://itspm.ag/devo2p8i____________________________GuestChaz LeverSenior Director, Security Research at Devo [@devo_Inc]On Linkedin | https://www.linkedin.com/in/chazlever/On Twitter | https://twitter.com/chazlever____________________________For more SOC Analyst Appreciation Day Event Coverage podcast and video episodes visit: https://itspmagazine.com/second-annual-soc-analyst-appreciation-dayTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The “waves” of ransom-driven DDoS — Distributed Denial of Service — attacks continue to come as the attack vectors, techniques, and targets continue to evolve. Where does this leave us? Let's look to the DDoS Threat Landscape Report from Imperva to glean some answers.As we connect with David Elmaleh, during this episode, we quickly realize there is a lot to catch up on — past, present and future — for what appears to be a never-ending problem in DDoS. Attacks seems to be be repeatedly targeting the same victims and are coming more quickly and running for shorter periods. Don't be fooled, however, the financial impact due to the unplanned and seemingly-uncontrolled downtime is wreaking havoc on industries and organizations all around the globe.In addition to leveraging new techniques, bad actors are also using advanced technologies — artificial intelligence, the Internet of Things (IoT), and 5G to name but a few — to do their dirty deeds. They are investing in these technologies to help them scale their operations to reach more targets with fewer resources. On the other side of this coin, the bad actors' deep understanding of these technologies and the new, modern architectures and infrastructures that companies are building with them, makes them prime targets as well. The expanded business capabilities using these advanced technologies equate to expanded attack surface for the DDoS slingers to target.We cover a lot from the first 2 quarters of this quarterly report while also getting to hear what some real-world cases from Imperva customers sound and look like.It's time we found a way to handle these distributed attacks. Have a listen to hear what your business can do to mitigate this risk.Note: This story contains promotional content. Learn more.GuestDavid ElmalehDirector, Product Management | Edge Cloud Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/davidelmaleh/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Explore the DDoS Threat Landscape Report Q2 2022: https://itspm.ag/impervqi54Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Large enterprises and government agencies deploy thousands of Internet of Things (IoT), Operational Technology (OT), and other network-connected devices. But many severely underestimate the count, and many more do not manage these devices to ensure the latest security measure are in place.This includes up-to-date firmware and strong passwords. Knowing this, the cybercriminal community focuses on these devices and environments. They are more vulnerable than primary IT infrastructures and offer an easy way to breach digital assets and move laterally without discovery across an organization’s broader infrastructure.In this episode, Brian Contos, Chief Security Officer for Phosphorous Cybersecurity, presents insights and examines the risks to IoT, OT, and network devices and the issues they can cause to an organization's overall IT infrastructure. The article also demonstrates how devices are attacked and presents ways to overcome the risks to ensure digital assets remain safe._______________________Community Member Contributor: Brian ContosChief Security Officer for Phosphorous Cybersecurity [@phosphorusinc]On Twitter | https://twitter.com/BrianContosOn LinkedIn | https://www.linkedin.com/in/briancontos/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This is a story that begins with the journey of Arik Liberzon, the founder and CTO and head of the R&D and product teams at Pentera. Arik was the head of the red team for the Israeli Defense Forces, chartered with pentesting — or red teaming — all of the strategic assets against nation state levels of threats. He did so with a great number of people, just like you would expect to do with an enterprise level red teaming program, tapping into a wealth of ethical hackers and red teamers. But he also had another part of his brain, which was all about software. Arik fused the two mindsets and had an a-ha moment that 'I can do everything that I'm doing here with people and I can do it in software. I can shrink wrap a red team in a box of software and give every enterprise in the world the ability to red team irrespective of their budget. I can give every business the power of a big red team army, delivered through software.'This story, and the broader capabilities, mission, and vision for the future at Pentera, was told to us by Aviv Cohen, Pentera's Chief Marketing Officer. Connecting the human element to software and operations, the team at Pentera believes that it is important to have a human view for the challenges organizations face when managing their security programs. This is why Pentera created a series of cyber cartoons that are specialized to represent cybersecurity life. The cartoons connect the life of cybersecurity personnel and their role in society. This is a way for us to laugh, adding some humor to reality, connecting the technology products and services that we provide to this reality.The software-enabled red team army is here and ready to join your team. Have a listen and connect with the team at Pentera to begin and continue your own red team journey.Note: This story contains promotional content. Learn more.GuestAviv CohenChief Marketing Officer at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/avivco/ResourcesBe sure to visit Pentera at https://itspm.ag/pentera-tyuw to learn more about their offering.Meet Pentera Labs: https://itspm.ag/penteri67aBrowse the cybertoon series: https://itspm.ag/penttoonTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When a multi-national technology company needs to manage cyber risk on a global scale while not losing sight of the regional and local aspects of the business, one way to accomplish this is through regional and global committees comprised of multiple business functions.A mixed global and regional view can help to determine budgetary needs to ensure security management and operations function in support of the business in a way that remains focused on minimizing the threat and impact of a cyber incident. Doing so also encourages a culture of security maturity where the business recognizes the value that the security function brings to the table as the company defines, architects, and builds its business, operations, and technology stack that makes everything possible.Join us for an in-depth conversation with the Chief Security Officer (CSO) at Huawei Technologies USA, Andy Purdy, as we explore how an organization can better prepare its security teams, operations, and committees to ensure each is poised to be resilient and sustainable for the bigger picture and the long term.____________________________GuestAndy PurdyChief Security Officer (CSO) at Huawei Technologies USA [@Huawei]On LinkedIn | https://www.linkedin.com/in/andy-purdy-9b1b554/On Twitter | https://twitter.com/andy_purdy____________________________This Episode’s SponsorsPentera | https://itspm.ag/pentera-tyuwEdgescan | https://itspm.ag/itspegwebAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network____________________________ResourcesInspiring post: https://www.forbes.com/sites/forbestechcouncil/2022/07/11/why-we-need-accountability-for-effective-cybersecurity-frameworks/?sh=1a055eb45e62____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Traditional penetration testing has been a cornerstone of effective cybersecurity for decades, providing a vital baseline function for every security practice. But in the face of today's rapidly proliferating and diversifying cyberattacks, its consulting-heavy service delivery model is looking and feeling its age.Join us for a conversation with Justin Kestelyn as we take a unique journey into the past, present, and future of penetration testing. We get the opportunity to explore how the role of a pentest has evolved as part of a more extensive security program, how the tools have evolved, how the technique and skills have transformed, and how the human element is still crucial when outcomes matter more than just showing the results of a scan.It's time to re-imagine penetration testing. So let's do that together now.Have a listen.Note: This story contains promotional content. Learn more.GuestJustin KestelynHead Of Product Marketing at Bugcrowd [@Bugcrowd]On Twitter | https://twitter.com/kestelynOn Linkedin | https://www.linkedin.com/in/justinkestelyn/ResourcesBe sure to visit Bugcrowd at https://itspm.ag/itspbgcweb to learn more about their offering.eBook | See Security Differently™ Penetration Testing as a Service Done Right: https://itspm.ag/bugcro2ky8To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.