Redefining CyberSecurity

The venture market in cybersecurity continues to shift as the economy ebbs and flows throughout the world. However, when you have a good idea, it still gets the attention of the users and the investors, even if that means starting at the bottom and working your way up.Join us for a live stream conversation with CrowdSec CEO, Philippe Humeau, as we take a quick look back at what we experienced during RSA Conference and spend some time talking through what is coming up for the 10-person contingent from CrowdSec that is making the journey to Las Vegas, arriving from multiple countries, to bring their insights, expertise, and conversations to the Arsenal, vendor halls, speaking stages, and meeting rooms during Black Hat and DEF CON.This is a quick chat packed with a lot of energy, vision, and enthusiasm — tempered with a dose of reality and humility.It's about embracing "precious" without being "precious" — have a listen.Note: This story contains promotional content. Learn more.GuestPhilippe HumeauCEO at CrowdSec [@Crowd_Security]On Linkedin | https://www.linkedin.com/in/philippehumeau/On Twitter | https://twitter.com/philippe_humeau____________________________Be sure to visit CrowdSec at https://itspm.ag/crowdsec-b1vp to learn more about their offering.On Linkedin 👉https://www.linkedin.com/company/crowdsec/On Twitter 👉https://twitter.com/Crowd_SecurityFree access to the CrowdSec console: https://itspm.ag/crowdsec-6b7321Watch the video here: https://itspmagazine.com/their-stories/from-france-to-colorado-to-las-vegas-founders-journey-to-make-the-world-of-information-security-better-through-information-sharing-a-crowdsec-story-with-ceo-philippe-humeauTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageFor more Black Hat and DEF CON Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyAre you interested in telling your story in connection with Black Hat and/or DEF CON Conference by sponsoring our coverage?👉 https://itspm.ag/bhdc22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The founder's journey can directly impact what a company focuses on and why. In this Asgardeo by WSO2 story, you'll get to hear how their work is making the world a better place through software.Starting a business built on the premise of offering open-source software wasn't something IBM wanted to do a couple of decades ago. That didn't stop WSO2's founder and CEO, Sanjiva Weerawarana, from taking his mission in life and turning it into an operational reality for his company, creating and helping foundations and non-profits in Sri Lanka and around the world along the way.It was this initial desire to do good that continues to thrive in everything that WSO2 does - including the launch of their app authentication as a service division, Asgardeo, a customer identity, and access management (CIAM) offering which helps developers implement secure authentication flows to apps or websites in a few simple steps.Developers don't have to be identity experts. They don't even have to write identity-specific code. They modify the code already in the web page or mobile app by cutting and pasting the bits of code, templates, and workflows that Asgardeo provides.The use cases are many - both directly a part of a single application and as part of other services where identity is built in.Please tune in to hear WSO2's origin story, the creation of Asgardeo and the value it brings to the developer community, and the multiple case studies that our guest from Asgardeo, Michael Bunyard, brings to life during this conversation.Note: This story contains promotional content. Learn more.GuestMichael BunyardVice President and Head of Marketing, IAM at WSO2 [@wso2] Asgardeo [@asgardeo]On Linkedin | https://www.linkedin.com/in/michaelbunyard/On Twitter | https://twitter.com/mickeydbResourcesLearn more about WSO2 Asgardeo and their offering: https://itspm.ag/asgardeo-by-wso2-u8vcCreate seamless login experiences for your application in minutes: https://itspm.ag/asgardmn1xAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For our next Chats On The Road for RSA Conference 2022, we talk about security program transformation through the successful development and implementation of security framework and program management.About the RSAC 2022 Session, The Zoom Effect: A Framework for Security Program Transformation:“When companies experience rapid growth, information security organizations must adapt to meet business needs. Establishing a robust framework can help these teams communicate and gain executive support for their program. This session will outline a framework to help transform and scale an information security program and share key learnings that can be applied to other programs.”Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsHeather CeylanHead of Security Standards, Compliance, and Customer Assurance at Zoom [@Zoom]On LinkedIn | https://www.linkedin.com/in/heatherceylan/Ariel ChavanHead of Security Product and Program Management at Zoom [@Zoom]On LinkedIn | https://www.linkedin.com/in/ariel-c-ab445a50/____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX 👉 https://itspm.ag/appviewx-cbyeCheckmarx 👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | The Zoom Effect: A Framework for Security Program Transformation: https://www.rsaconference.com/USA/agenda/session/The%20Zoom%20Effect%20A%20Framework%20for%20Security%20Program%20Transformation____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

On the surface, building an information security program may appear as is in its name, a single program. However, in reality, there are countless elements — sub-programs and adjacent programs, if you will — that comprise a comprehensive information security program.In this conversation, we explore the overarching program, of course, including:Who owns the programHow to secure funding for the programHow to define and measure successHow to communicate progress, accomplishments, failures, and challengesCommon best practices for a programBut, we will also look at all (or, as many as we can) of the sub-programs or adjacent programs that support the main InfoSec program. Things like network security, DevSecOps, risk management, data protection, regulatory compliance, and incident response — just to name a few.Join us for this conversation and bring your questions about how best to plan, prioritize, budget, staff, and implement a successful information security program.It's time to explore reality.____________________________GuestsMari GallowayCEO and a founding board member for the Women's Society of Cyberjutsu (WSC) [@womenCyberjutsu]On LinkedIn | https://www.linkedin.com/in/themarigalloway/On Twitter | https://twitter.com/marigallowayJames LeslieCIO at Cambridge Housing Authority [@CambHousing]On LinkedIn | https://www.linkedin.com/in/jameseleslie/Cambridge Housing Authority | https://www.cambridge-housing.org____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX 👉 https://itspm.ag/appviewx-cbyeCheckmarx 👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesWatch Live on YouTube: https://www.youtube.com/watch?v=mg6aeYIDNQwLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For our next Chats On The Road to RSA Conference 2022, we talk about voices, biometrics, metadata, privacy, neurology, deep fakes, and so much more. Join us for a chat to hear how your voice may be doing things for — and against — you in all aspects of life and work.About the RSAC 2022 Session, Can You Hear Me Now? Security Implications of Voice as the New Keyboard"Use of voice as a biometric identifier or as a virtual keyboard is growing. While AI/ML have vastly improved capabilities, there are challenges to relying on voice. Get it right and remove user friction and accelerate input. Get it wrong and introduce new vulnerabilities. As uses for vocal and silent speech recognition emerge and expand, security teams need to consider the potential security risks."with:Rébecca Kleinberger, Voice Researcher at MIT Media Lab [@MIT @medialab] and Disruptive Research Strategist at HARMAN International [@Harman]Jeremy Grant, Managing Director, Technology Business Strategy, Venable LLP [@jgrantindc]Lisa Lee, Chief Security Advisor/Lead for Vertical Industries and Engagement, Microsoft [@Microsoft]Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestRébecca KleinbergerVoice Researcher at MIT Media Lab and Disruptive Research Strategist at HARMAN InternationalOn LinkedIn | https://www.linkedin.com/in/rebklein/Website | https://rebeccakleinberger.com/____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Can You Hear Me Now? Security Implications of Voice as the New Keyboard: https://www.rsaconference.com/USA/agenda/session/Can%20You%20Hear%20Me%20Now%20Security%20Implications%20of%20Voice%20as%20the%20New%20KeyboardTEDTalk | Why you don't like the sound of your own voice: https://www.ted.com/talks/rebecca_kleinberger_why_you_don_t_like_the_sound_of_your_own_voice____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For our next Chats On The Road to RSA Conference 2022, we talk about the need to advance our tools, techniques, and our environment to better handle the risks and threats facing our organization. No surprise, say hello to the cloud.About the RSAC 2022 Session with Phillip Wylie | Building a Cloud-Based Pentesting Platform“Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. This ability to test externally facing systems is nothing new and has been done over the years using various configurations. In this presentation attendees will learn how to build a cloud-based pentesting environment useful to pentesters, red teamers, and bug bounty hunters.”Join us for this conversation, meet Phillip in San Francisco, and start poking at the cloud to make it rain vulnerabilities!____________________________GuestPhillip WylieOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Building a Cloud-Based Pentesting Platform: https://www.rsaconference.com/USA/agenda/session/Building%20a%20Cloud-Based%20Pentesting%20PlatformRecommended Reading Available in the RSAC Bookstore:The Pentester BluePrint: Starting a Career as an Ethical Hacker (ISBN: 978-1-119-68430-5) by Phillip Wylie____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageFor more podcast stories from The Hacker Factory with Phillip Wylie, visit: https://www.itspmagazine.com/the-hacker-factory-podcastTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Organizations have made little progress in addressing cyber risk. This is in large part because they have viewed the issue with an excessively narrow focus as just a technical/operational issue. This needs to change.To compete in the modern economy, enterprises must engage in digital transformation, which can generate a substantial increase in growth and profitability but can also vastly increase risk. Sure, foundational technical security measures are necessary, but they, alone, are not sufficient to address cyber threats. Cybersecurity must be an enterprise-wide risk management issue built on appropriate understanding, structure, investment, and risk-management methods.Listen in to learn more about why, and how, we need to fundamentally rethink our approach to cybersecurity.____________________________GuestLarry ClintonPresident and CEO of the Internet Security Alliance (ISA) [@isalliance]On LinkedIn | https://www.linkedin.com/in/larry-clinton-20237b4/On YouTube | https://www.youtube.com/channel/UCbeFbrVg-aNu-mMSzsCiYnw____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about ISA: https://www.isalliance.orgOn LinkedIn: https://www.linkedin.com/company/internet-security-allianceOn Twitter: https://twitter.com/isallianceOn Facebook: https://www.facebook.com/ISAllianceISA Publications:https://isalliance.org/isa-publications/cyber-risk-oversight-handbook/https://isalliance.org/isa-publications/international-cyber-risk-management-handbooks/Book | Cybersecurity for Business: Organization-Wide Strategies to Ensure Cyber Risk Is Not Just an IT Issue: https://www.amazon.com/Cybersecurity-Business-Organization-Wide-Strategies-Ensure-dp-1398606146/dp/1398606146/ref=mt_other?_encoding=UTF8&me=&qid=1648037695____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For our next Chats On The Road to RSA Conference 2022, we talk about transformation. Which, of course, can't be accomplished without talking about change. Which is constant.About the RSAC 2022 Keynote with Rohit Ghai, Chief Executive Officer of RSA:“Emerging technologies, expanding connections, hidden vulnerabilities: our sector understands that the only constant is change. As the world adapts once again, our industry’s experience shaping transformational shifts will determine the next normal. So let’s review how we’ve evolved, examine our missteps, predict where we’re headed, and start planning our next transformation.”Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestRohit GhaiChief Executive Officer of RSA [@RSAsecurity]On LinkedIn | https://www.linkedin.com/in/rohitghai/On Twitter | https://twitter.com/rohit_ghai____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Keynote Session | The Only Constant: https://www.rsaconference.com/USA/agenda/session/The%20Only%20Constant____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?Maybe a smart question: Is there an opportunity to be smarter?While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.Listen in to learn more about the RFI and the role you can have in shaping its outcome.Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.Note: This story contains promotional content. Learn more.____________________________GuestsJohn HoustonVice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC]On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/Michael Parisi, VP of Adoption, @HITRUST____________________________Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfiBe sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.____________________________ResourcesNews Release: https://www.hhs.gov/about/news/2022/04/06/hhs-ocr-seeks-public-comment-on-recognized-security-practices-sharing-civil-money-penalties-monetary-settlements-under-hitech-act.htmlIndividuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity____________________________Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What if we could create the Internet architecture from scratch? You might think that this is a crazy endeavor, but that's exactly what a research team in Zurich, Switzerland, is doing. And for good reason.In today's episode, we are joined by Nicola Rustignoli, a research assistant at the Network Security Group at ETH Zürich, to take a look at the history of the Internet, its purpose, the challenges it has introduced, and the path forward to an Internet that allows for its intent to be met while maintaining scalability, control, and resiliency. Nicola works on making the Internet more secure and reliable with the SCION Architecture and by helping to start the SCION Foundation.SCION was born as a research project 11 years ago, from the research question: how secure can an Internet be? There's a lot to learn from this project.About the SCION ArchitectureSCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. SCION organizes existing ASes into groups of independent routing planes, called isolation domains, which interconnect to provide global connectivity. Isolation domains provide natural isolation of routing failures and misconfigurations, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design. Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine them into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.Why a clean-slate design? Why can't we adopt existing solutions? Is it easy to "replace" the Internet?Listen in to learn more about this exciting program.____________________________GuestNicola RustignoliResearch Assistant at ETH Zürich and Founding Engineer at the SCION Association. On LinkedIn | https://www.linkedin.com/in/nicola-rustignoli-830b7512/On Twitter | https://twitter.com/NicorustiOn YouTube | https://www.youtube.com/channel/UCATqViXMlA0cCroLuoJVAGw____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about SCION: https://scion-architecture.net/On LinkedIn: https://www.linkedin.com/company/78769571On Twitter: https://twitter.com/SCIONassociatioOn Facebook: https://www.facebook.com/SCIONinternetSCION Day 2022 videos: https://scion-architecture.net/pages/scion_day_2022/“The Complete Guide to SCION” is coming out with Springer Verlag in June 2022. An old version is open access and available on scion-architecture.netThe White House & 50 more countries recently released a Declaration for the Future of Internet: https://www.whitehouse.gov/wp-content/uploads/2022/04/Declaration-for-the-Future-for-the-Internet_Launch-Event-Signing-Version_FINAL.pdfThe FCC recently launched an inquiry about routing security: https://www.fcc.gov/document/fcc-launches-inquiry-internet-routing-vulnerabilities____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dr Chris Pierson has held many roles and has been a regular speaker at RSA Conference over the years. What's he up to this year as the event goes back to in-person engagements?As the CEO of BlackCloak, Chris Pierson is looking forward to connecting with peers, partners, customers, and prospects as the world of executive cybersecurity heats up. In addition to seeing friends old and new, Dr Pierson has two sessions in which he will be participating. He shares some insights into both of these sessions. Here's a snippet for each:Collateral Damage: Prepping Your Organization for a Supply Chain AttackSupply chain risks can allow a backdoor into a company. This learning lab will focus on a fast moving scenario that examines risks to a company from hardware and software and will focus on the (1) risk assessment, (2) governance, and (3) response and isolation phases. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion and remind attendees that no comment attribution or recording of any sort should take place. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate. A Learning Lab with James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLPHacking Back – To Be or Not to Be?Are there options to hack back for ransomware attacks? Without deterrence for ransomware attacks it is unlikely there will be changes to the risk equation that hackers think through. We’ll discuss legal, ethical, operational, and security issues surrounding hacking back and give some insight into potential pitfalls for getting attribution incorrect or causing collateral damage. A law track session with Giorgi Gurgenidze, Founder, GSI Partners and James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLP.Chris has some other things up his sleeve as well. Can you say MySpace? 🤔Note: This story contains promotional content. Learn more.GuestChris PiersonOn Linkedin 👉 https://www.linkedin.com/in/drchristopherpierson/On Twitter 👉 https://twitter.com/drchrispierson____________________________Learn more about BlackCloak and their offering: https://itspm.ag/itspbcwebConnect with BlackCloak at RSA Conference: https://itspm.ag/94949aWatch the video here: https://youtu.be/rqu47E8ryXYFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22spAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For our second Chats On The Road to RSA Conference 2022, we talk about a critical cybersecurity initiative led by the World Economic Forum and the Cyber Threat Alliance. It is about mapping the cybercrime ecosystem and its corresponding panel during this year's conference.Sean and Marco are honored to introduce and tease this important upcoming session on their traditional "Chats On The Road to RSA Conference 2022" with guests: Michael Daniel & Tal Goldstein.About the session:“Although cybercrime is now a national security threat, our understanding of the cybercriminal ecosystem remains limited. The industry needs a holistic map to conduct effective disruption, allocate resources efficiently, and impose meaningful costs on criminal actors. The WEF has initiated a project to develop this map. This panel will discuss the mapping project’s results to date and where it is going.”RSAC 2022 Panel WithMichael DanielModerator | President and Chief Executive Officer, Cyber Threat AllianceTal GoldsteinPanelist | Head of Strategy, Centre for Cybersecurity, World Economic Forum Centre for CybersecurityAmy Hogan-BurneyPanelist | Associate Counsel and General Manager, Digital Crimes Unit, MicrosoftDerek MankyPanelist | Chief of Security Insights & Global Threat Alliances, FortinetTune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsMichael DanielPresident and Chief Executive Officer, Cyber Threat Alliance [@CyberAlliance]On LinkedIn | https://www.linkedin.com/in/j-michael-daniel-7b71a95/On Twitter | https://twitter.com/CyAlliancePrezTal GoldsteinHead of Strategy, Centre for Cybersecurity, World Economic Forum Centre [@wef] for Cybersecurity [@WEFCybersec]On LinkedIn | https://www.linkedin.com/in/tal-goldstein-a7191296/____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Mapping the Cybercriminal Ecosystem: https://www.rsaconference.com/USA/agenda/session/Mapping%20the%20Cybercriminal%20Ecosystem____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

GRC is comprised of the ethical management of an organization combined with the organization’s ability to identify, quantify, and manage risk, along with the ability to demonstrate compliance for these things in connection with internal, industry, and regulatory standards, frameworks, and requirements. If defined, implemented, and managed correctly, the organization should be in a strong position to withstand operational challenges and threats they face driven by forces such as market dynamics, competitive landscape, employee behavior, breaks in the supply chain, and exposure to cyberattacks.Join us for this conversation where we will discuss:◾️ What is the current definition of GRC◾️ What are the objectives of GRC plan◾️ What components make up a GRC plan◾️ Who owns the plan, who are the key stakeholders◾️ How does a GRC plan get defined and implemented◾️ What outcomes can a company expect to achieve◾️ How does an organization define and measure success with their GRC plan____________________________GuestKouadjo BiniInformation Security Officer of American State Bank and Trust and Founder Infosec TattleOn LinkedIn | https://www.linkedin.com/in/kentia-bini/On LinkedIn | https://www.linkedin.com/company/infosectattleOn Twitter | https://twitter.com/infosec_tattle____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesAssessing cyber risk in M&A: https://www.ibm.com/downloads/cas/RJX5MXJDNIST risk management framework: https://csrc.nist.gov/projects/risk-management/about-rmf____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/governance-risk-and-compliance-protecting-the-business-with-policies-controls-and-audits-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How can an industry have so much data and information yet still lack the knowledge necessary to make quick, meaningful, impactful decisions? There could be many reasons, but one is no longer a missing intelligence-sharing platform.In this second chapter of our conversation with CrowdSec CEO, Philippe Humeau, we invite The Hacker Maker, Phillip Wylie, to bring his penetration testing experience and insights. Together we explore the value of investing in the cybersecurity community information sharing platform as a way to do way more than protect your organization. By doing so, we can help secure other businesses and whole communities in the neighbors around you, such as a local hospital that could experience an attack that you've already seen on your network.The value of investing in the security knowledge sharing economy directly impacts IT operations, security operations, businesses, society, and, therefore, humanity.Join us for a philosophical yet fun, thought-provoking conversation that will likely prompt you to not only share this podcast with your friends, colleagues, and peers but also start sharing your cybersecurity insights with your digital neighbors through the power of the CrowdSec platform.Note: This story contains promotional content. Learn more.GuestsPhilippe HumeauCEO at CrowdSec [@Crowd_Security]On Linkedin | https://www.linkedin.com/in/philippehumeau/On Twitter | https://twitter.com/philippe_humeauPhillip WylieOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie____________________________Be sure to visit CrowdSec at https://itspm.ag/crowdsec-b1vp to learn more about their offering.On Linkedin 👉https://www.linkedin.com/company/crowdsec/On Twitter 👉https://twitter.com/Crowd_SecurityFree access to the CrowdSec console: https://itspm.ag/crowdsec-6b7321Watch the video here: https://itspmagazine.com/their-stories/investing-in-the-crowd-means-investing-in-society-and-humanity-a-crowdsec-story-with-philippe-humeau-and-phillip-wylieAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The rise of digitalization has led to more interconnected rail systems. While this has propelled forward our trains and metros at some seriously high speed, it has also dramatically expanded the threat landscape.In response, governments around the world are racing to implement measures that promote technological advancements for these rail systems whilst assuring that the systems are protected and secure. Sure, it's easy to think about providing timely service, operating efficiently, delivery comfort, keeping up constant communications, and more – but what really matters is that these digital data centers remain safe as they travel between and arrive at various stations both out in the sticks and in the heart of the cities.Where does this leave rail companies? What steps should they take in the event of a cyberattack?Listen in as Sean speaks with Amir Levintal as they get on track as they dig into the elements of the rail systems from the sensors to the tracks to the WiFi and more. It doesn't take long before they jump the rails to test the boundaries of reality.____________________________GuestAmir LevintalCEO and CoFounder of Cylus Cybersecurity [@cylus_security]On LinkedIn | https://www.linkedin.com/in/amir-levintal/On Twitter | https://twitter.com/amirlevintal____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesUnderstanding IEC 62443: https://www.iec.ch/blog/understanding-iec-62443European Standard CLC/TS 50701 Railway applications - Cybersecurity: https://www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/Train of Consequences: The Real Cost of Rail Cybersecurity Incidents: https://www.cylus.com/post/the-real-cost-of-rail-cybersecurity-incidentsThe Long-Term Effects of Log4Shell on Railway Systems: https://www.cylus.com/post/log4shell-effect-railway-systems____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Consumers worry about sharing data online, yet most feel they have “no choice” but to share their data if they want to use online services. It's a catch 22 — and it is not a bus.Trust is waning. A majority of consumers, globally, say that trust in the many digital service providers’ ability to keep their personal data secure has decreased over the past five years.Still, despite serious concerns, most consumers share their darkest secrets online via cloud messaging services even though they recognize there would be repercussions for them if the information they shared was leaked.No question, it's a catch 22. But what do we do? That's the catch. Again.Have a listen to learn more about the connections and responsibilities between consumers and the businesses they rely upon to live their digital lives.Note: This story contains promotional content. Learn more.GuestTerry RaySVP Data Security GTM, Field CTO and Imperva FellowOn Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Report | No Silver Linings: Insights into global consumers’ perception of trust, data security, and privacy in the digital world:https://itspm.ag/impervpovwAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We are thrilled to kick off our event coverage for our first Chats On The Road to RSA Conference 2022 with our good friends to us to give the latest and greatest for what we can expect at this year's event.Listen in to hear more about the theme, venue, sessions, speakers, expo hall, community event, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch for a funny moment as well.Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsLinda Gray MartinVice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayBritta GladeSenior Director, Content & Curation at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/On Twitter | https://twitter.com/brittagladeCecilia Murtagh MarinierCybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/On Twitter | https://twitter.com/CMarinier____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebCrowdSec: https://itspm.ag/crowdsec-b1vpBlue Lava: https://itspm.ag/blue-lava-w2qs____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76____________________________Catch the video here: https://youtu.be/UitxhJn2GpsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Your organization has precious resources all over the place: on-premises in the data center on servers and in databases; in the office, at home, on the road on desktops, laptops, tablets, mobile phones, and smart devices; in the cloud inside containers, applications, and a variety of storage services.Assuming you have identified and verified the person and/or system and/or service as a valid entity, how do you ensure they only have access to these resources, when they need them, from the location they need them, from the system they are requesting them, and at the time they are requesting them? This challenge is much more complex than ensuring a user is set up in the directory and has entered a valid password. That’s what this discussion is going to be all about.Join us for this session as we explore the following points:◾️ What does “secure access” mean to security, to ops, to the users, to the business?◾️ Does the conversation and language need to change between groups?◾️ How and where is secure access managed?◾️ How to deal with the systems, applications, and data?◾️ How does it fit in with Risk Management and SecOps?◾️ What are some key challenges orgs face?◾️ What are some of the core elements many orgs leave out?◾️ Are there processes and/or tools to make things easier?◾️ Any best practices or tips to simplify the program?____________________________GuestsShinesa CambricIdentity Champion at Identity Defined Security Alliance [@idsalliance] | Principal Product Manager for Emerging Identity at Microsoft [@Microsoft]On LinkedIn | https://www.linkedin.com/in/shinesa-cambric-cissp-ccsp-cisa®-0480685/On Twitter | https://twitter.com/Gleauxbalsecur1John Sapp JrVP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]On LinkedIn | https://www.linkedin.com/johnbsappjrOn Twitter | https://www.twitter.com/czarofcyber____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesIdentify Defined Security Alliance Best Practices: https://www.idsalliance.org/identity-defined-security-framework/best-practices/Enterprise Risk - Engaging Others: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5/addressing-risk-using-the-new-enterprise-security-risk-management-cycle____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/secure-access-and-authorization-keeping-precious-resources-safe-from-prying-eyes-and-bad-actors-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When it comes to implementing efficient and effective information security programs, higher education institutions can use all the help they can get. That's where the RRCoP community comes in.In today's episode, our guests, Carolyn Ellis, Erik Deumens, and Michael Parisi talk through the goals of the RRCoP community and the impact is has on the higher education cybersecurity community as they work hard to raise the security and compliance posture for their institutions.The 5 RRCoP GoalsGoal 1: Build a CommunityThe Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.Goal 2: Collect and Share ResourcesEstablish a leadership training and development program accelerating availability of distributed university resources.Goal 3: Advocate and NegotiateDevelop representation through strategic partnerships with industry and government entities.Goal 4: Manage ChangeThe Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.Goal 5: Simplify ComplianceA collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.____________________________GuestsCarolyn EllisCMMC Program Manager at UC San Diego [@ucsandiego]On LinkedIn | https://www.linkedin.com/in/carolynellis1/Erik DeumensResearch Computing Director, Information Technology at University of Florida [@UF]On LinkedIn | https://www.linkedin.com/in/deumens-erik-164167146/Michael Parisi, VP of Adoption, @HITRUST____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988____________________________ResourcesRegulated Research Community of Practice: https://www.regulatedresearch.org/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, NIST Fellow, Ron Ross, and Pepperdine Graziadio Business School Advisory Board Member, Howard Miller, join the show to discuss risk assessment, reward analysis, and security management in the age of advanced technology and complex system innovation.To secure a system, the sum of all of its parts must also be secure. This includes firmware, applications, APIs, networks, communications, storage, and more. Each complete system is often comprised of multiple subsystems, making it unique and bringing with it its own risk profile different from all other systems.Join us as we explore the concept of analyzing the reward in connection to the risk as a means to help make better risk-vs-reward decisions in support of securely fostering innovation as opposed to stifling innovation out of fear, uncertainty, and doubt.____________________________GuestsRon RossFellow at National Institute of Standards and Technology (NIST) [@NIST]On Twitter | https://twitter.com/ronrossecureOn LinkedIn | https://www.linkedin.com/in/ronrossecure/Howard MillerSVP, Director at Tech Secure and Adjunct Professor and Advisory Board Member at Pepperdine Graziadio Business School Cyber Risk Professional Certification [@Pepperdine / @GraziadioSchool]On LinkedIn | https://www.linkedin.com/in/howardmillerrisk/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesERMO - Enterprise Risk Management Optimization: https://link.springer.com/article/10.1007/s10669-021-09819-xSAE Cyber Physical Systems Security Engineering Plan (CPSSEP) JA7496: https://www.sae.org/standards/content/ja7496/?_ga=2.203579798.760907735.1641314977-1116152771.1641314951NIST Systems Engineering Group: https://www.nist.gov/el/systems-integration-division-73400/systems-engineering-group____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We may see new "graph" processors in the future that can better handle the data-centric computations in data science. Will that be enough?About DavidDavid A. Bader is a Distinguished Professor in the Department of Computer Science and founder of the Department of Data Science and inaugural Director of the Institute for Data Science at New Jersey Institute of Technology. Prior to this, he served as founding Professor and Chair of the School of Computational Science and Engineering, College of Computing, at Georgia Institute of Technology.____________________________GuestDavid BaderDistinguished Professor and Director, Institute for Data Science, New Jersey Institute of Technology [@NJIT]On Twitter | https://twitter.com/Prof_DavidBaderOn LinkedIn | https://www.linkedin.com/in/dbader13/On Facebook | https://www.facebook.com/ProfDavidBaderWebsite: https://davidbader.net/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesGitHub: https://github.com/Bader-ResearchArkouda: https://github.com/Bears-R-Us/arkoudaNJIT Institute for Data Science: https://datascience.njit.edu/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In a world where everything is connected and interdependent, complexity has become part of our very way of life, and it must be part of our way of thinking. But, especially when we look at infrastructure security, the boundaries between analog and digital, physical and cyber, are simply not there anymore.In today's conversation, we discuss the importance of looking at our society, economy, and security as a complex system of interdependent subsystems. Everything is connected, and we are not just referring to IoT.From bridges to nuclear plants, to the President's car, and all the way up to space, the security assessment of critical infrastructure is not a checklist but a mindset. About The BookAs a manager or engineer have you ever been assigned a task to perform a risk assessment of one of your facilities or plant systems? What if you are an insurance inspector or corporate auditor? Do you know how to prepare yourself for the inspection, decided what to look for, and how to write your report?This is a handbook for junior and senior personnel alike on what constitutes critical infrastructure and risk and offers guides to the risk assessor on preparation, performance, and documentation of a risk assessment of a complex facility. This is a definite “must read” for consultants, plant managers, corporate risk managers, junior and senior engineers, and university students before they jump into their first technical assignment.____________________________GuestErnie HaydenOn LinkedIn | https://www.linkedin.com/in/enhayden/Publisher's Twitter | https://twitter.com/RothsteinPub____________________________ResourcesBook: https://www.rothstein.com/product/critical-infrastructure-risk-assessment-the-definitive-threat-identification-and-threat-reduction-handbook/____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Every organization has exposure to risk. Every organization experiences events that cross over the risk threshold to quickly realize they are facing an incident head-on.It's how the organization prepares for these situations that matter most. Preparation is so much more than recognizing that a disaster might occur. It's also more than having a documented plan draft months (maybe even years ago) that, if activated, would prove worthless—or worse—counterproductive such that the disaster turns into an all-out crisis. A disaster doesn't need to result in a crisis, and that's what we will cover in this episode—how to keep the business running without killing the business in the process.Join us for this session as we explore the following points:◾️ What is a disaster?◾️ Goals of a disaster recovery plan◾️ How to build a functional plan◾️ Who builds it?◾️ Who validates it?◾️ What is in the plan◾️ How does a BC/DR plan fit into your IT/IS programs (IR, for example)◾️ Testing/Tabletop exercises____________________________GuestsDr Rebecca WynnChief Cybersecurity Strategist & CISO at Click Solutions GroupOn LinkedIn | https://www.linkedin.com/in/rebeccawynncisspGayle AndersGlobal Business Continuity Program Manager at Netflix [@netflix]On LinkedIn | http://linkedin.com/in/gayle-anders-business-continuity-professional____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________Resources____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/business-continuity-building-and-operationalizing-a-functional-disaster-recovery-plan-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Data is the fuel that powers the business. What are organizations doing to protect it?Organizations have become the custodians of critical information needed to remain competitive and sensitive information that their customers have entrusted them with. While some organizations have taken this responsibility seriously, governments (state, federal, and international) have had to step in to help guide companies on how best to safely manage this data. There are a ton of rules to follow balanced with a ton of business goals to achieve. That's where a data security strategy and data security program come into play. But, what is data protection and how does it impact the business operations.Join us for this session as we explore the following points:◾️ Roles ◾️ Policies◾️ Controls◾️ Assessment◾️ Demonstrating posture◾️ Maintenance and tuning◾️ Advice for the future____________________________GuestsChris DaskalosData Protection Lead at University of Southern California [@USC]On LinkedIn | https://www.linkedin.com/in/chrisdaskalosAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesData Security Roadmap Example: https://docs.google.com/presentation/d/1t6otQ5a8h3d8euN6bnzCZMxhPcKtVUKf/edit#slide=id.p1____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/creating-a-data-security-strategy-and-operationalizing-a-mature-data-security-program-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Do you think you know all of the cybersecurity vendors on the market? Think again. Need help getting a clear view for how they all fit into the bigger InfoSec picture in your org? Have a listen.In today's episode, long-time industry analyst, Richard Stiennon, takes us on a journey down memory lane into the world of cybersecurity and the ever-growing landscape of innovation, technology, features, products, solutions, and more.About the bookSecurity Yearbook 2020 was launched at RSA Conference 2020 on February 24 and has been identified as One of the Best Cybersecurity Books of 2021 by Ben Rothke!The 2021 directory has been completely updated. 300 small vendors and two abject failures stopped supporting their websites in 2020. 600 new vendors were added, although only 13 high profile startups are listed. The Directory now contains 2,615 vendors of security products.Two new stories of the pioneers of the cybersecurity industry have been added. Renaud Deraison, creator of Nessus, and Amit Yoran founder of Riptech and CEO of Tenable contribute their stories.A new section has been added to track the performance of 21 publicly traded security vendors like Crowdstrike, Zscaler, Fortinet, and Palo Alto Networks.Thanks to AGC Partners, Security Yearbook 2021 contains a complete listing of M&A activity for 2020.There were over $10 billion in new investments in high-flying security vendors. A complete list and analysis of these deals is included.The biggest difference in the directory this year is that the percent change in headcount is listed for each vendor. This is probably the most important metric for quickly assessing a vendor’s health. Successful vendors grow.Having known each other for years, Richard and Sean reminisce and they talk about the past, present, and future of the entire cybersecurity field.____________________________GuestRichard StiennonChief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSecurity Yearbook | A Complete History And Directory Of The Entire Cybersecurity Industry- 2021 edition: https://it-harvest.com/shop/security-yearbook-2021/- 2022 edition: https://it-harvest.com/shop/security-yearbook-2022/Connect with Richard at IT-Harvest: https://it-harvest.com/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As the CISO role has revolved from chief security engineer to cyber risk advisor, successful CISOs are focusing on culture, strategy, and leadership. Let's discuss some real-world observations and explore some tips for what can prove to be successful across a variety of industries.In addition to the fantastic conversation, there are a ton of resources that Rock and Dutch have provided. Have a listen, and then dig into the articles and reports to keep the learning going.____________________________GuestsDutch SchwartzPrincipal Security Specialist, Amazon Web Services (AWS) [@AWSSecurityInfo]On Twitter | https://twitter.com/dutch_26On LinkedIn | https://www.linkedin.com/in/dutchschwartzOn Clubhouse | @dutchzillaRock LambrosCEO at RockCyber [@rockcyberllc], Cybersecurity Leader, and Co-Author of "The CISO Evolution: Business Knowledge for Cybersecurity Executives"On Twitter | https://twitter.com/rocklambrosOn LinkedIn | https://www.linkedin.com/in/rocklambros/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesCulture feels "squishy" post on LinkedIn: https://www.linkedin.com/posts/dutchschwartz_unicornsecuritysquad-ciso-cybersecurity-activity-6850499679394807808-Mc7YThe Role Of A CISO In Creating A Strong Security Culture: https://www.eccu.edu/the-role-of-a-ciso-in-creating-a-strong-security-culture/Use Networks to Drive Culture Change: https://sloanreview.mit.edu/article/use-networks-to-drive-culture-change/Why Does Culture 'Eat Strategy For Breakfast'?: https://www.forbes.com/sites/forbescoachescouncil/2018/11/20/why-does-culture-eat-strategy-for-breakfast/The EI Advantage: Driving Innovation and Business Success through the Power of Emotional Intelligence: https://hbr.org/sponsored/2019/08/the-ei-advantage-driving-innovation-and-business-success-through-the-power-of-emotional-intelligenceBuilding a Model of Organizational Cybersecurity Culture by Identifying Factors Contributing to Cybersecure Workplaces: http://web.mit.edu/smadnick/www/wp/2020-05.pdfThe Leader’s Guide to Corporate Culture: https://hbr.org/2018/01/the-leaders-guide-to-corporate-cultureWhy Every Executive Should Be Focusing on Culture Change Now: https://sloanreview.mit.edu/article/why-every-executive-should-be-focusing-on-culture-change-now/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

There's a cyber crisis brewing. Not the first. Definitely not the last. But current. Here's some advice as seen on social media (paraphrased)... "take your years of strategizing, planning, budgeting, staffing, and procuring … and do it all within a few days." How is that helpful?It isn't. It could actually be counter-productive.With the rising concerns over the growing threat of cyberattacks from well-funded, highly-skilled, and aggressively-motivated bad actors, there's been a mad rush for offerings of advice and products and services from all around the web. While the intentions may be good, the expected outcomes may not match reality in some cases.That's where the post I saw from Mick Douglas comes in ... a post of organized thoughts with actionable steps organizations can consider given their day-to-day playbook probably isn't going to hold to the intensity of a widespread cyber attack. There's a lot in the thread; we cover a good portion of it, but not all of it. There's also some discussion outside of the original post to help frame the conversation.____________________________GuestMick DouglasInfoSec Innovations | SANS Principal Instructor | IANS FacultyOn Twitter | https://twitter.com/bettersafetynetOn LinkedIn | https://www.linkedin.com/in/mick-douglas/____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebArcher: https://itspm.ag/itsphitweb____________________________ResourcesInspiring Tweet: https://twitter.com/bettersafetynet/status/1496496087741480960National Council of ISACs: https://www.nationalisacs.org/Other social posts mentioned:https://www.linkedin.com/posts/rocklambros_mick-douglas-on-twitter-activity-6902610864369664000-KaBdhttps://twitter.com/hackinglz/status/1497035113170886656____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

If the goal is to fill a role and keep it filled, we may be missing the point of hiring and retaining top talent.More than ever, investing in the human element of cybersecurity is paramount. How we staff and maintain our cyber teams will determine the success of the individuals, the team, and the program.In today's conversation, we connect with two authors, Leeza Garber and Scott Olson, to talk about this topic in-depth, as we explore the catalyst behind the writing of their book, Can. Trust. Will. Hiring for the Human Element in the New Age of Cybersecurity.About the BookCyberthreats evolve at a staggering pace, and effective cybersecurity operations depend on successful teams. Unfortunately, statistics continue to illustrate that employers are not finding the people they need.The Can. Trust. Will. system guides the C-Suite, HR professionals and talent acquisition to build unbeatable cybersecurity teams through advanced hiring processes and focused on-boarding programs. Additionally, this book details how successful cybersecurity ecosystems are best built and sustained, with expert analysis from high-level government officials, Fortune 500 CSOs and CISOs, risk managers, and even a few techies.Those already in the field (and newbies) will glean invaluable knowledge about how to find their most effective position within a cybersecurity ecosystem. In a tech-driven environment, cybersecurity is fundamentally a human problem: and the first step is to hire for the human element.Are you looking to fill roles? Or are you looking for people? This nuanced difference can make all the difference.Listen in.____________________________GuestsLeeza GarberFounder, Leeza Garber Esq Consulting LLC & Can. Trust. Will. LLCOn Twitter | https://twitter.com/leezagarberOn LinkedIn | https://www.linkedin.com/in/leeza-garber/Scott OlsonCo-Founder, Can. Trust. Will. LLCOn LinkedIn | https://www.linkedin.com/in/scottolsonexec/____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesBook: Can. Trust. Will. Hiring for the Human Element in the New Age of Cybersecurity: https://www.amazon.com/Can-Trust-Will-Element-Cybersecurity-ebook/dp/B09H1V8LHL/Cyber Seek: https://www.cyberseek.org/Previous podcast with Scott Olson: Be Fascinated: What It Takes To Find Fulfillment And To Be A Good Leader | Redefining Security With Scott Olson____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-securityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Many organizations are ill-prepared when it comes to making sure their hospital is protected from risk, both from an organizational and IT standpoint. It's increasingly important to have a concrete risk assessment strategy, one that explicitly includes utilizing third-party (vendor) risk management. When our guest, Jesse Fosolo, joined St. Joseph’s Health in August of 2014, he's completely flipped the risk assessment and IT protocols at the hospital on its head, partnering with the legal team—more specifically, General Counsel/Chief Operating Officer, Ebony Riley. This connection between the CISO and legal counsel has proven to be a huge win for risk management throughout the organization, mapping risks through various security frameworks, including HIPAA, NIST CSF, HITRUST, and others.Listen in to get some third-party risk management insights from this New Jersey-based, 1000+ provider, 150+ location network healthcare organization created a Vendor Risk Management strategy as this dream team discuss their journey down risk management lane.____________________________GuestsEbony RileyAssociate Council, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/ebonyriley/Jesse FasoloDirector, Technology Infrastructure & Cyber Security, Information Security Officer, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/jessefasolo/____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As is common for the Redefining Security show, conversations are often inspired by a social post. This one about standards is no different. However, what you think about standards may be different after you listen to this episode.Some of the social comments we discuss:For a standard to be good it has to align with current capabilities and business objectives. When they don't, problems arise.Security without usability is useless.The best thing about standards at $currentEmployerName is that there are so many to choose from.What are your views on the value of standards?____________________________GuestsAlyssa MillerOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-millerAccidental CISOOn Twitter | https://twitter.com/AccidentalCISO____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebArcher: https://itspm.ag/rsaarchweb____________________________ResourcesInspiring Tweet | https://twitter.com/AlyssaM_InfoSec/status/1479210767513755648____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The sea is broad and deep. So is the information that is created by and for the maritime vessels floating around and underneath the surface. What is this information used for? And how can it be misused?Some OSINT should give us a few answers. Let's hear from a hacker with a passion to explore this world of open source intelligence generated by the maritime industry - commercial, defense, and otherwise.All aboard!____________________________GuestRae BakerOn LinkedIn | https://www.linkedin.com/in/rae-baker-7668644b/On Twitter | https://twitter.com/wondersmith_raeOn YouTube | https://www.youtube.com/channel/UCdPwaG4HiqFR8nV2jg_IXBw____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesOSINT on the Ocean: Maritime Intelligence Gathering Techniques - https://wondersmithrae.medium.com/osint-on-the-ocean-maritime-intelligence-gathering-techniques-2ee39e554fe1Maritime OSINT: Port Analysis - https://wondersmithrae.medium.com/maritime-osint-port-analysis-d09b4531728dYouTube: Layer 8 2020: OSINT On The Ocean: Maritime Intelligence Gathering - https://www.youtube.com/watch?v=mfHYE5XanfwYouTube: Layer 8 2021: Illuminating Maritime Supply Chain Threats using OSINT: A Suez Canal Post Mortem - https://www.youtube.com/watch?v=GGIuP6fMZ2g____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

It's time to change the way we think about cyber security training. Evidently, the cybersecurity community agrees — just look at the post made recently by Eric Thomas (you can find it in the resources section).To help us with this endeavor, Eric, a practitioner and training professional, takes us on a journey into the past, present, and future of bringing the next wave of cybersecurity professionals to market.____________________________GuestEric ThomasOn LinkedIn | https://www.linkedin.com/in/thomasthetech/On Twitter | https://twitter.com/TheEis4Extra____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesInspiring post: https://twitter.com/TheEis4Extra/status/1419154490435964929____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Back in 2013, I wrote a piece for TechTarget (sadly, it’s no longer online). It focused on mobile security and app security and referenced a report that included some interesting open source software stats that showed one particular shared library’s use outpacing the others by a longshot. Can you guess which one? 🤔Eight years later, that same library is making the news again — arguably, on a much grander scale.Let's discuss. Let's learn. Let's enjoy this much-needed no-FUD, no-BS conversation. We recorded this one live - which you can watch here if you like.Ready? GO! 📺🎙🤘____________________________GuestsAlyssa MillerOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-millerOn LinkedIn | https://www.linkedin.com/in/alyssam-infosec/On Twitter | https://twitter.com/AlyssaM_InfoSecKatie NickelsOn LinkedIn | https://www.linkedin.com/in/katie-nickels-631a044/On Twitter | https://twitter.com/likethecoinsEric ThomasOn LinkedIn | https://www.linkedin.com/in/thomasthetech/On Twitter | https://twitter.com/TheEis4ExtraMark NunnikhovenOn LinkedIn | https://www.linkedin.com/in/marknca/On Twitter | https://twitter.com/marknca____________________________This Episode’s Sponsors ____________________________ResourcesWatch the live recorded webcast: https://youtu.be/4gZoHp5LYVESimple overview video from Mark: https://www.linkedin.com/feed/update/urn:li:activity:6876932435272101888/ https://twitter.com/marknca/status/1471187984741507073____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

It seems that nearly every enterprise is in the midst of a cloud transformation. This begs the question, how and where does information security transformation fit into this bigger IT and business picture?That's exactly what we get to discuss with our guest, Helen Oakley, as she shares some thought-provoking insights regarding secure cloud transformation strategies, roadmaps, and best practices. We get to dig into her Sector CA session, Epic journey of an enterprise cloud transformation, as well.____________________________GuestHelen OakleyOn LinkedIn | https://www.linkedin.com/in/helen-oakley/On Twitter | https://twitter.com/e2hln____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSector CA Session: https://sector.ca/sessions/epic-journey-of-an-enterprise-cloud-transformation-while-building-security/More about Leading Cyber Ladies: https://leadingcyberladies.com/On Twitter | https://twitter.com/LadiesCyberOn LinkedIn | https://www.linkedin.com/company/leading-cyber-ladies____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The problem is not the problem, it is the way you think about the problem. Get outside the box.Fear, manipulation, influence, and deceit are some of the most powerful tools in the arsenal used by nation-state attackers and criminal actors. The most significant breaches have not occurred just because of flaws in software, or lack of proper controls. They have occurred because of the flaws in our way of thinking about the problems. Determined adversaries will use every tool in order to gain an advantage whether it’s hardware, software or wetware.Join us as our guest, Morgan Wright, takes us into the mind of the attackers from a non-technical view and explore the psychology of cybersecurity.GuestMorgan WrightOn LinkedIn | https://www.linkedin.com/in/morganwright150/On Twitter | https://twitter.com/morganwright_us____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSector CA Session: https://sector.ca/sessions/what-elon-musk-and-spacex-can-teach-us-about-ransomware-and-cybersecurity/More from Morgan: https://www.morganwright.us/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Product Management: the team responsible for new product development. Information Security: the team responsible for ensuring systems and data are protected from inaccessibility, loss, theft, and misuse. How and where do these two teams collide? Let's find out.In today's episode, we catch up with information security leader Christie Chaffee. We dig into what product management is compared to security product management, looking at the connection (or disconnection, as is the case for many organizations) between the two. Tune in to hear about overlapping goals, common challenges, best practices, and more.GuestChristie ChaffeeOn LinkedIn | https://www.linkedin.com/in/ciecee/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We keep hearing the mantra that CISOs and CSOs need to be business leaders. So how come we keep seeing job descriptions and hearing about interviews that focus on the technical certifications like the CISSP and many others? That's exactly the question posed in a post on LinkedIn that caught our attention - and that of many others!Join us for a candid conversation with the post's author, a current CIO and CISO, Brian Bobo, as we explore the realities of what a CISO should be focused on and why relying on a technical security certification could turn the business looking in the wrong direction and leaving their risk profile in a bad way.From The LinkedIn PostI don’t post much but I need to go on a bit of a rant. I earned my CISSP years ago. As I am updating my CPEs to stay current I realize that almost nothing I do as a CISO counts for CPEs, I don’t even see a place to document incident management. And what does count can only really be categorized under the Security and Risk Management domain. Presenting, educating, serving on ISC(2) boards are all well and good but they still don’t make me a better CISO. There is nothing about strategy, leadership, presenting to a board, incident management, etc. As a CISO, strategy and leadership should be your focus. You should hire then allow and enable great people to do their jobs. So we need to STOP requiring Directors and above to have a CISSP and start thinking about these as leadership positions with a security focus.____________________________GuestBrian BoboOn LinkedIn | https://www.linkedin.com/in/brianbobo/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLinkedIn thread that inspired this conversation: https://www.linkedin.com/posts/brianbobo_stop-requiring-cisos-to-have-a-cissp-i-don-activity-6841017539837997056-HGwu/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Leadership can make or break an organization's chance for success, and eventually, it will. It doesn't matter what company, organization, or community teams you lead—all you do and how you do it matters for the end result.Given the nature of the function within the cybersecurity industry, someone may think that their style needs to be more decisive than most; that maybe they even and get some "wild cards" due to the uniqueness of their role. The truth is that there is no "uniqueness" in this industry, and the basic rules of effective leadership work the same for all. You are either a good leader, or you are not.Today's conversation extends well beyond cybersecurity as our guest, Scott Olson, brings to bear the realities of what it takes to be a leader in any industry, in any function, and find fulfillment in a leadership position. Becoming a leader doesn't happen magically. It also doesn't require you to excel in the roles you lead or know what it feels like to be in any position you oversee. Instead, it involves understanding and embracing the big picture and transitioning your sense of self-worth when needed."The mistake that we make in the leadership industry is that we think behaviors correlate to performance: here are the ten things that great leaders do; here are the five things that great leaders avoid. I'm an influenced leader. I'm a charismatic leader. I'm a servant leader. People don't follow you because you're a specific type of leader. People don't even follow because they like you. What I've found is that people follow you if they know you like them if they know that you value them, that you see who and what they are, that you appreciate what they're capable of, and that you appreciate that they are doing what you need." —Scott OlsonWhat does "being fascinated" have to do with good leadership? Have a listen to find out.____________________________GuestScott OlsonOn LinkedIn: https://www.linkedin.com/in/scottolsonexec/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesThe book, Can.Trust.Will. Hiring For The Human Element in the New Age of Cybersecurity., will be published here: https://www.businessexpertpress.com/Podcast | Trust, Gratitude, Mentorship And Other Lessons From A Spy Recruiter | A Conversation With Robin Dreeke | Tech Done Different With Ted Harrington: https://itspmagazine.simplecast.com/episodes/trust-gratitude-mentorship-and-other-lessons-from-a-spy-recruiter-a-conversation-with-robin-dreeke-tech-done-different-with-ted-harrington____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

So what's it like to be a CISO? We came across a thread on Twitter posted by now Deputy (and then acting) CISO of a billion-dollar crypto company that in the role for three months during the spring bull run. Aside from the burnout, what else can we glean from J.M. Porup's experience?____________________________GuestJ.M. PorupOn Twitter 👉 https://www.twitter.com/toholdaquill____________________________ResourcesInspiring thread on Twitter: https://twitter.com/toholdaquill/status/1424421690143019008____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo______________________________ResourcesInfoSec London Presentation: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.2093.57923.aston-martins-road-to-zero-threats.htmlMachina 1, MachinaFilms: https://machinafilms.com____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Our guest, Robin Smith, Head of Cyber and Information Security, Aston Martin Lagonda, is a self-proclaimed advocate for lean cybersecurity. But does lean cybersecurity equate to weak cybersecurity? Only if you let it be defined that way. Robin doesn't let it be defined that way.Based on years of experience, Robin posits that cybersecurity has become key to protecting the value streams of any organization. So, for Aston Martin, it's essential that the vehicles are designed, protected, and updated to address any risk issues that could impact the business. That's a value stream. That's a security value stream.When the organization has a mindset toward cybersecurity that is predicated not just on the financial cost but on the value that can be amplified by better security, that's a critically important move forward for the organization's leaders and the industry at large.____________________________GuestRobin SmithOn Twitter 👉https://twitter.com/@machinatrilogy____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb______________________________ResourcesInfoSec London Presentation: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.2093.57923.aston-martins-road-to-zero-threats.htmlMachina 1, MachinaFilms: https://machinafilms.com____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security teams are very technical and tactical by nature, often looking at risk through a specific lens they've developed over time. But, of course, the reality is that the possible security incident can — and likely will be — much more extensive and require different teams and expertise. One bad mishandle and an event or incident could become an even more significant risk.Successfully managing risk is not just about InfoSec; it's not just business operations, and it's not just a legal risk either. The truth is, an incident is a business risk that requires the synergy of many teams within the organization — this includes the general counsel.As you listen to this episode, hopefully, you will start thinking a little more about how legal was (and should be) involved — or not, in some cases — in the information security program planning and incident response handling.____________________________GuestsJames YarnallOn Linkedin 👉https://www.linkedin.com/in/jamesyarnall/Cody WamsleyOn Twitter 👉https://twitter.com/codywamsleyOn Linkedin 👉https://www.linkedin.com/in/codywamsley/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

While it may seem appealing — and you can certainly try — sorry, but you can't tech your way out of ethics issues.In this episode we speak to co-authors of a research paper to critique existing governance in cyber-security ethics as they did so in providing an overview of some of the ethical issues facing researchers in the cybersecurity community and highlighting shortfalls in governance practice as part of their research work and resulting publication, Ethics in cybersecurity research and practice.____________________________GuestsDr Kevin MacnishOn Twitter 👉https://twitter.com/KMacnishOn Linkedin 👉https://www.linkedin.com/in/kevinmacnish/Dr Jeroen van der HamOn Twitter 👉https://twitter.com/1sand0sOn Linkedin 👉https://www.linkedin.com/in/vdham/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesInspiration — Ethics in cybersecurity research and practice: https://www.sciencedirect.com/science/article/pii/S0160791X19306840Smart Information Systems in Cybersecurity: An Ethical Analysis: https://www.sciencedirect.com/science/article/pii/S2515856220300080?via%3DihubCode of Ethics for Incident Response and Security Teams (ethicsfIRST): https://ethicsfirst.org/University of Twente and NCSC-NL: https://www.ncsc.nl/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What is an architecture? Is it a document? A process? A policy? A map? A discipline? A mindset? When you hear what it is, you may have to re-evaluate how you approach your cybersecurity program. Are you ready?“The ideal architect should be a man of letters, a skillful draftsman, a mathematician, familiar with historical studies, a diligent student of philosophy, acquainted with music, not ignorant of medicine, learned in the responses of jurisconsults, familiar with astronomy and astronomical calculations.” ― VitruviusAbout the BookCybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.GuestsDiana KelleyOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/diana-kelleyEd MoyleOn Twitter 👉 https://twitter.com/securitycurveOn Linkedin 👉 https://www.linkedin.com/in/edmoyle/This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesBook — Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects: https://www.amazon.com/Practical-Cybersecurity-Architecture-implementing-cybersecurity/dp/1838989927____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Threat intelligence automation should be how we share, not how “Intel” is produced.Yet, we continue to create more data - generate more noise - introduce more false positive - require more analysis - increase the need for correlation - which, in turn, forces the need for more automation.GuestsCyberSquarePeg (aka Rebecca Ford)On Twitter 👉 https://twitter.com/CyberSquarePegAndy PiazzaOn Twitter 👉 https://twitter.com/klrgrzOn Linkedin 👉 https://www.linkedin.com/in/andypiazza/This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesWhat's Wrong with Cyber Threat Intelligence: https://www.tandfonline.com/doi/full/10.1080/08850607.2020.1780062CTI is Better Served with Context: Getting better value from IOCs: https://klrgrz.medium.com/cti-is-better-served-with-context-getting-better-value-from-iocs-496343741f80Considerations for Leveraging Cyber Threat Feeds Effectively: https://klrgrz.medium.com/considerations-for-leveraging-cyber-threat-feeds-effectively-1d1cfa9fb140Inspiring tweet thread: https://twitter.com/klrgrz/status/1382412354063831040____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Geopolitical winds of change are upending global supply chains at an unprecedented pace and scope. There are challenges and opportunities.GuestAndrea Little LimbagoOn Twitter 👉 https://twitter.com/limbagoaOn Linkedin 👉https://www.linkedin.com/in/andrea-little-limbago/This Episode’s SponsorsEdgescan: https://itspm.ag/itspegwebKey Resources Security: https://itspm.ag/keyresources-2876____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The CISO role has always been challenging. The last year brought the meaning of RESILIENCE to an all new level.GuestDr Reem Faraj AlShammariOn Twitter 👉 https://twitter.com/Q8ThundersOn Linkedin 👉 https://www.linkedin.com/in/dr-reem-faraj-alshammari-b6324159/This Episode’s SponsorsBlue Lava: https://itspm.ag/blue-lava-w2qsKey Resources Security: https://itspm.ag/keyresources-2876____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Pushing the Panic or the Not Panic button may as well just be a difference in company culture. Planning, readiness, and experience are part of it, but not all of it. It all starts with how we define a crisis and how we react to it.Successfully leading an organization through a crisis is one of the most challenging – and rewarding – experiences a leader will face in their career. Effective executives understand that the foundation for crisis management planning begins long before the problem arises and is grounded in developing cultures of trust and integrity.This episode explores the role of communication, relationships, accountability, humility, kindness, and confidence in navigating a crisis, giving listeners insight into how to lead their teams and organizations through adversity.If you are looking for ways to balance risk management with incident management... Have a listen.If you want to find the best path forward to escape the chaos that often surrounds a crisis... Have a listen.If you are wondering how to come out of a disaster, recovered as opposed to broken... Have a listen.GuestParham Eftekhari, S.V.P. & Executive Director | The Cybersecurity CollaborativeThis Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Unless there's a plan that's been practiced, one's gut reaction is probably how things will roll when an incident occurs. #TableTopTuesday on Twitter from Meg Hargrove captures some of those "moments" — let's discuss.Before we do, though, do any of these sound like your go-to first step during a cyber incident?- “Brown alert”- “Cry for a minute”- “Update resume”While there may get a chuckle from someone looking in on a fake situation presented on social media, incident response is no joking matter when real life is at stake. And that's why I wanted to have a conversation with @cybersecmeg — what she is doing with #TableTopTuesday on Twitter is nothing short of brilliant: present an incident use case and get feedback from the community for how they would respond.There's no single right nor wrong answer, of course. And, the conversation doesn't just stop abruptly with an answer either — there's some good dialog from the community, presenting some solid options and some meaningful back-and-forth as the scenario unfolds.Take this scenario, for example:Credentials for your AWS cloud environment have been accidentally left hard coded into a PUBLIC GitHub repository. You check your cloud portal and find $75K worth of spend not created by your org. What do you do?Well, time us up. The incident is happening. What do you do? What should you do?First, listen to this chat with Meg and then check out the #TableTopTuesday threads to start planning and practicing.GuestMeg Hargrove, Cybersecurity Incident Response Manager (@cybersecmeg on Twitter)This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesInspiration for this conversation:https://twitter.com/cybersecmeg/status/1384603498323582976https://twitter.com/cybersecmeg/status/1379523065999155201https://twitter.com/cybersecmeg/status/1376981399719321604____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A lot can be done by CSOs/CISOs to maximize value and reduce risks when working with PR/media. However, the path forward is not always straightforward. What are the common hiccups, screw-ups, and give-ups?As part of our ongoing "CISO functional relationships" series, in today's episode, we look at the role of PR and the media as a function of establishing and maintaining trust internally with the executives, the board, the partners, and externally with the customers and the public.There's an old saying, "There is no such thing as bad press. All press is good press," but that is precisely an "old" saying. Nowadays, branding and reputation matter, which is even more true in information security. The impact of a breach on the company's reputation and bottom line can cause some severe damage, but the story is more complex than that. Nowadays, there is an entire system that needs to change to manage reputation in the right way. The conversation with the media and the public can be more positive, constructive, and transparent.In this podcast, we talk about this and much more.GuestsMelanie Ensign, Founder & CEO, Discernible (@iMeluny on Twitter)Ed Amoroso, Founder and CEO of TAG Cyber (@hashtag_cyber on Twitter)This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesMedium Post by Melanie: https://medium.com/discernible/security-privacy-incident-hiccups-f-ck-ups-and-give-ups-e972ef46c3d____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Nowadays, every company is pretty much a technology company, and as such, they all should have some understanding of quality assurance (QA). Also, an understanding of information security would be nice. The question is, how and where do these two worlds collide?And, is that security world AppSec or DevSecOps? Or is it something completely different?The QA role often approaches testing an application through user stories and use cases, working toward verifying that it does everything it is supposed to do. On the other hand, an application security team often comes to the situation from a different perspective; they try to get the system to do something it is not supposed to do, going beyond the user interface and breaking free from documented user scenarios.While these two perspectives may differ significantly, there is still a ton of shared vision for reaching the end goal: rooting out as many bugs as they can to deliver the best possible product. They also share some common challenges as they try to connect and work with the line-of-business owners, architects, IT, operations, and engineering teams. With this in mind, what, specifically, are the synergies, and how can these two teams help each other succeed? Should they be working together, or does it make sense for them to remain separate?Tune in to this episode with guests: Tom Morrissey (a long-time QA and engineering director) and Cassio Goldschmidt (a very active application security expert and OWASP leader) reach back to the past to help us understand how QA has evolved and what lessons the application security professionals can learn from their history.GuestsTom Morrissey, Director of Software EngineeringCassio Goldschmidt, Sr. Director & CISO at ServiceTitan | OWASP Chapter Leader (@CassioGold on Twitter)This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesLearn more about OWASP: https://owasp.org/ (@owasp on Twitter)____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.