Redefining CyberSecurity

In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX’s innovative approach to browser security and its relevance in today’s cybersecurity landscape.Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/vivekramachandran/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Evgeniy Kharam, Co-Founder, Security Architecture [@secarchpodcast]On LinkedIn | https://www.linkedin.com/in/ekharam/Website | https://www.softskillstech.ca/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of The Redefining CyberSecurity Podcast, host Sean Martin speaks with Evgeniy Kharam about the essential role of soft skills in the technology and cybersecurity sectors. While many discussions in this field tend to center on hard technical skills or the latest cyber threats, this episode shifts the focus to the often-overlooked soft skills that can drive success.Evgeniy Kharam, who is also an author and holds a key position in his company, shares insightful perspectives from his newly released book 'Architecting Success: The Art of Soft Skills in Technical Sales.' According to Evgeniy, effective communication and connection are foundational elements not just for sales engineers and teams, but for anyone working in any field, including cybersecurity. He notes that regardless of how advanced one's technical skills might be, the ability to connect with people, convey ideas clearly, and build lasting relationships is crucial.One of the primary points that Evgeniy discusses is the changing landscape for sales engineers. He mentions that the role has evolved significantly over the years. Previously, sales engineers primarily focused on giving demos and technical presentations. Today, they are expected to be deeply involved in the sales process, understand procurement intricacies, and effectively communicate technical merits and business values. HostSean Martin addresses the barriers that often exist within organizational cultures, where roles are tightly defined, and stepping outside of one's designated lane can be frowned upon. Evgeniy suggests that this old-school mentality needs to shift. Everyone in a company—from engineers to marketers and beyond—is involved in sales in some way. From making a strong first impression to ensuring clear and intentional communication, soft skills can enhance every aspect of organizational interaction.The duo also touches upon the importance of continuous self-improvement. Evgeniy advises that one of the best ways to practice soft skills is outside the workplace. Whether making a cashier smile or engaging in meaningful conversations with strangers, these efforts contribute to refining one's ability to connect and communicate effectively.Sean Martin concludes the episode by highlighting that everyone is, in essence, always selling something—whether it's a product, a service, or simply themselves. The more refined these soft skills, the better positioned anyone will be to achieve success in their respective fields. For those interested in taking a deeper dive into this topic, Evgeniy's book is a must-read, offering practical tips and strategies to help professionals hone their soft skills and, ultimately, architect success.About the BookIn today's crowded marketplace, technology alone isn't enough. Architecting Success equips sales professionals and anyone in tech and science to unlock their full potential through the power of soft skills.Architecting Success: The Power of Soft Skills in Technical Sales. Connect to Sell More is a practical guide for architects, sales professionals, and anyone in the technology and science sectors to enhance their effectiveness. The book begins by exploring the historical dynamics between sales and technical teams, emphasizing how soft skills can bridge the gap between these traditionally siloed groups. It highlights how focusing on mentoring, problem-solving, listening, teamwork, and empathy can connect to increase sales.Here is a call to action for technical sales professionals to embrace and cultivate their soft skills. By engaging and reflecting, readers can unlock their full potential and achieve personal and professional excellence in the competitive world of technical sales.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesArchitecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More (Book): https://amzn.to/3MVTYhTLinkedIn Post: https://www.linkedin.com/posts/ekharam_softskilltech-new-book-activity-7223356920441585664-NGrq___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.

In this Brand Story episode as part of the Black Hat Event Coverage featuring Sean Martin and Marco Ciappelli, guest Art Poghosyan, co-founder of Britive, discusses the evolution and challenges of identity and access management (IAM) in the modern technological landscape. Sean and Marco engage Art in a conversation that covers everything from the significance of effective IAM for businesses to the innovative solutions Britive is bringing to the market.Art shares the story behind the foundation of Britive and its journey from conception to a leading provider of cloud-native privileged access management solutions. He highlights the shift from static to dynamic identities, emphasizing the importance of automating and authorizing access in real time to meet the needs of modern DevOps and cloud environments.The conversation also touches on how traditional security measures are adapting to new cloud-based infrastructures, highlighting the growing complexity and necessity for advanced IAM solutions. Marco brings in a critical perspective on the changing nature of technology and security, questioning how modern companies can sustain their operations amid rapid technological changes.Art shares insight into the convergence of new ideas and the maturity of contemporary technologies, suggesting that today's advancements provide unique opportunities for innovative solutions. Sean and Marco steer the conversation to practical applications, with Art providing real-world examples of how Britive's technologies are being implemented by enterprises facing complex security challenges. He explains how Britive's API-first approach aids in operationalizing security without imposing on performance or user experience.Furthermore, the episode sets the stage for an upcoming deeper conversation at the Black Hat event, where Art, Sean, and Marco will continue exploring IAM and the critical role Britive plays in shaping the industry's future. Listeners also get information on how to connect with Art and the Britive team at the event.Learn more about Britive: https://itspm.ag/britive-3fa6Note: This story contains promotional content. Learn more.Guest: Art Poghosyan, Co-Founder, Britive [@britive1]On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/ResourcesCloud PAM: https://itspm.ag/britivxya3Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britiveView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources ___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Discover the keys to achieving cybersecurity success through insightful metrics and strategic integration of technology and human effort. Explore expert perspectives on effective risk management, protection, detection, and response to safeguard your organization against evolving cyber threats.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Dr. Kathleen Fisher, Information Innovation Office (I2O) Director, Defense Advanced Research Projects Agency (DARPA) [@DARPA]On LinkedIn | https://www.linkedin.com/in/kathleen-fisher-4000964/At Black Hat | https://www.blackhat.com/us-24/summit-sessions/schedule/speakers.html#dr-kathleen-fisher-48776____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this On Location with Sean and Marco episode, hosts Sean Martin and Marco Ciappelli engage in an insightful conversation with Dr. Kathleen Fisher from the Defense Advanced Research Projects Agency (DARPA). The discussion centers around the upcoming Black Hat and DEF CON events, where Dr. Fisher is scheduled to deliver a keynote on the intersection of artificial intelligence (AI) and cybersecurity, with a particular focus on DARPA's ongoing initiatives and competitions.Dr. Fisher begins by providing an overview of her background and DARPA's mission to prevent technological surprises that could undermine U.S. national security. She recounts the success of the High-Assurance Cyber Military Systems (HACMS) program, which utilized formal methods to create highly secure software for military vehicles. This program demonstrated the potential of formal methods to revolutionize cybersecurity, proving that robust software could be developed to withstand hacking attempts, even from world-class red teams.The conversation then shifts to the AI Cyber Challenge (AICC) program, a major highlight of her upcoming keynote. AICC aims to leverage the power of AI combined with cyber reasoning systems to automatically find and fix vulnerabilities in real open-source software—an ambitious extension of DARPA's previous Cyber Grand Challenge. This competition involves collaboration with major tech companies like Google, Anthropic, OpenAI, and Microsoft, offering competitors access to state-of-the-art models to tackle real-world vulnerabilities.Dr. Fisher emphasizes the importance of public-private collaboration in advancing cybersecurity technologies. DARPA's charter allows it to work with a diverse range of organizations, from startups to national labs, in pursuit of strategic technological advances. The episode also touches on the potential impact of cyber vulnerabilities on critical infrastructure, underscoring the need for scalable and automatic solutions to address these threats.Listeners can anticipate Dr. Fisher highlighting these themes in her keynote, aimed at business leaders, practitioners, policymakers, and risk managers. She will outline how the audience can engage with DARPA's initiatives and contribute to the ongoing efforts to enhance national security through innovative technology solutions.The episode promises to provide a nuanced understanding of DARPA's role in pioneering AI-driven cybersecurity advancements and offers a preview of the exciting developments to be showcased at Black Hat and DEF CON.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________ResourcesKeynote: Enhancing National Security with AI-Driven Cybersecurity: https://www.blackhat.com/us-24/summit-sessions/schedule/index.html#keynote--enhancing-national-security-with-ai-driven-cybersecurity-41250AI Cyber Challenge: https://aicyberchallenge.com/DARPA's Information Innovation Office: https://www.darpa.mil/about-us/offices/i2o?ppl=collapseHigh-Assurance Cyber Military Systems (HACMS): https://www.darpa.mil/program/high-assurance-cyber-military-systemsDARPAConnect Website: https://pathfinder.theari.us/darpaconnect/homeLearn more about Black Hat USA 2024: https://www.blackhat.com/us-24/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage w

Guest: Kris Rides, Co-Founder & Chief Executive Officer, Tiro Security [@tirosecurity]On LinkedIn | https://www.linkedin.com/in/krisrides/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin speaks with Kris Rides, founder of Tiro Security. They discuss the fascinating and somewhat unsettling topic of fake LinkedIn profiles, an issue that has become increasingly prevalent. Kris Rides, with years of experience in cybersecurity staffing and professional services, shares insights from a recent LinkedIn post that garnered significant engagement.The discussion kicks off with Sean Martin recounting how Kris's post about a suspicious LinkedIn account with 28,000 followers caught his attention. Despite having a large number of followers, the account consistently posted irrelevant comments and lacked meaningful engagement. This anomaly prompted Kris to investigate further, leading to a broader conversation about the implications and dangers of fake profiles on professional networking sites.One key takeaway from their conversation is the motivational factors behind creating fake profiles. Kris highlights a range of activities from promoting scams and fake job offers to phishing attempts and even cyber reconnaissance. Fake accounts might seek to gather personal information through seemingly legitimate contact requests or endorsements, which could then be used for nefarious purposes. Kris explains that fake profiles often masquerade as legitimate individuals or companies, which makes them hard to identify at a glance. He recounts instances where Endorsements were used as a tool by these profiles to build credibility. In one case, a fake profile had numerous endorsements from a marketing tool, unbeknownst to the people doing the endorsing. This exploitation of LinkedIn's features underscores the complexity of detecting inauthentic activities. The episode also touches on the sophisticated techniques used to enhance the legitimacy of fake profiles.Kris shares how these profiles sometimes share resumes and job offers to build trust within the LinkedIn community. Sean and Kris debate the ultimate end-goals of these activities, including using amassed information for large-scale phishing or vishing campaigns, perpetrating job offer scams, and scraping data for fraudulent purposes.For professionals and companies, the conversation provides crucial advice: maintaining vigilance and conducting regular checks on connections and endorsements can help mitigate risks. Both speakers emphasize the importance of trust but verify, suggesting that users report suspicious activities to LinkedIn and engage cautiously with unsolicited requests.In summary, the episode explores how fake LinkedIn profiles represent a growing concern, affecting both individuals and organizations. Through their shared experiences and insights, Sean Martin and Kris Rides bring valuable awareness to this issue, encouraging proactive measures to safeguard personal and professional information in the digital age.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesInspiring Post: https://www.linkedin.com/posts/krisrides_ive-reported-this-so-im-unsure-how-long-activity-7211061069274914817-aN43/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: L Jean Camp, Professor, Luddy School of Computing, Informatics, and Engineering, Indiana University [@IUBloomington]On LinkedIn | https://www.linkedin.com/in/ljean/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#l-jean-camp-37968Dalya Manatova, Associate Instructor/Ph.D. Student, Luddy School of Computing, Informatics, and Engineering, Indiana University [@IUBloomington]On LinkedIn | https://www.linkedin.com/in/dalyapraz/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#dalya-manatova-48133____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this Chats on the Road episode of the On Location with Sean and Marco podcast series, hosts Sean Martin and Marco Ciappelli engage in an insightful conversation about the intricacies of modern cybercrime, specifically focusing on ransomware gangs. The discussion revolves around the research conducted by their guests, L Jean Camp, a scholar specializing in the economics of security and privacy, and Dalya Manatova, a PhD student studying security informatics and the organizational social dynamics of e-crime.The episode explores how ransomware gangs, such as the notorious Conti group, operate much like legitimate businesses. These criminal organizations exhibit structured hierarchies, recruit testers who may not even realize they are part of an illegal operation, and employ professional negotiation tactics with their victims. The guests emphasize that the threat posed by these gangs is often misunderstood; rather than facing advanced government operations, most individuals and organizations are dealing with commoditized cyber-attacks that follow business-like procedures.Jean and Dalya share intriguing details about their methodology, including the linguistic and discourse analyses used to map out the relationships and organizational structures within these criminal groups. These analyses reveal the complexities and resilience of the organizations, shedding light on how they maintain operational efficiency and manage internal communications. For instance, the researchers discuss the use of jargon like “cat” to refer to crypto wallets, a nuance that highlights the challenges of interpreting cybercriminal chatter.Additionally, the conversation touches on the implications of these findings for cybersecurity practices and the broader business landscape. Jean notes the importance of information sharing and understanding the flow of chatter within and between criminal organizations. This awareness can empower defenders by providing them with better tools and methods to anticipate and counteract these threats.Overall, the episode provides a comprehensive look at the sophisticated nature of ransomware gangs and the importance of interdisciplinary research in understanding and combating cybercrime. The session mentioned in the episode, "Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang," is slated for Wednesday, August 7th at Black Hat, promising to offer more extensive insights into this critical issue.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________ResourcesRelationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang: https://www.blackhat.com/us-24/briefings/schedule/#relationships-matter-reconstructing-the-organizational-and-social-structure-of-a-ransomware-gang-39725An Argument for Linguistic Expertise in Cyberthreat Analysis: https://www.researchgate.net/publication/372244795_An_Argument_for_Linguistic_Expertise_in_Cyberthreat_Analysis_LOLSec_in_Russian_Language_eCrime_LandscapeBuilding and Testing a Network of Social Trust in an Underground Forum: Robust Connections and Overlapping Criminal Domains: https://www.researchgate.net/publication/371353386_Building_and_Testing_a_Network_of_Social_Trust_in_an_Underground_Forum_Robust_Connections_and_Overlapping_Criminal_DomainsUsable Security Lab: https://usablesecurity.net/Learn more about Black Hat USA 2024: https://www.blackhat.com/u

Guests: Vas Mavroudis, Principal Research Scientist, The Alan Turing InstituteWebsite | https://mavroud.is/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757Jamie Gawith, Assistant Professor of Electrical Engineering, University of BathOn LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event.Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas.The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area.Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments.Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures.Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited.Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult.Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation.Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems.Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe

Guest: Dr. Kostas Papapanagiotou, Advisory Services Director, Census S.A.On LinkedIn | https://www.linkedin.com/in/kpapapan/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesCybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices.No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach.Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards.Furthermore, Kostas points out that regulations like the FDA’s post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later.Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority.The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities.This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesTraceability in cyber security: lessons learned from the medical sector (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTbW/traceability-in-cyber-security-lessons-learned-from-the-medical-sector___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join the On Location Podcast co-hosts, Sean Martin and Marco Ciappelli, as they kick off an engaging conversation with Dror Liwer, Co-Founder of Coro, discussing SMB cybersecurity and preparations for Black Hat 2024.Dror emphasizes Coro’s excitement about participating in Black Hat for the second year, where they will be showcasing their offerings at booth 4734. He contrasts Black Hat with other conferences, noting its unique focus on cybersecurity practitioners and those who carry the weight of their organizations' security.Throughout the discussion, Dror tackles the buzzwords and trends in the cybersecurity industry. This year, the buzzword is "platform," and Dror provides insight into what truly constitutes a cybersecurity platform. He distinguishes between various types of platforms, such as those built from multiple vendors, internally developed ones like Cisco and Palo Alto, and Coro's own from-the-ground-up modular platform. He also discusses the advantages of a unified and seamless approach to cybersecurity.The conversation covers the practical benefits of Coro’s platform for service providers and end customers. Dror mentions how Coro simplifies cybersecurity by allowing easy onboarding and flexible licensing. He highlights Coro’s data governance capabilities and modular design, which enable users to scale their security needs up or down efficiently.Dror also teases his upcoming talk at Black Hat, titled “Platformization, Consolidation, and Other Buzzwords Debunked,” promising a comprehensive framework to help organizations evaluate and select the right cybersecurity platforms for their needs.The episode closes with Sean and Marco expressing their enthusiasm for continuing the conversation at Black Hat and encouraging listeners to connect with Coro’s energetic team. They also invite the audience to stay tuned for more updates and insights from the event.Learn more about CORO: https://itspm.ag/coronet-30deNote: This story contains promotional content. Learn more.Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]On LinkedIn | https://www.linkedin.com/in/drorliwer/ResourcesLearn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coroView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Allyn Stott, Senior Staff Engineer, meoward.coOn LinkedIn | https://www.linkedin.com/in/whyallynOn Twitter | https://x.com/whyallyn____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesThe Fault in Our Metrics: Rethinking How We Measure Detection & Response (BSIDES Session): https://bsideslv.org/talks#EVFTBT___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Theodore Heiman, CEO, CISO GuruOn LinkedIn | https://www.linkedin.com/in/tedheimanOn Twitter | https://x.com/tedrheiman____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Ted Heiman, CEO of the cybersecurity practice CISO Guru, in an insightful conversation about the complexities and evolving landscape of password management and multi-factor authentication (MFA). Sean Martin introduces the session by highlighting the challenges practitioners and leaders face in building security programs that enable organizations to achieve their objectives securely.The discussion quickly steers towards the main topic - the evolution of passwords, the role of password managers, and the critical implementation of MFA. Ted Heiman shares his extensive experience from over 25 years in the cybersecurity industry, observing that passwords are a relic from a time when networks were isolated and less complex. As organizations have grown and interconnected, the weaknesses of static passwords have become more apparent. Heiman notes a striking statistic: 75 to 80 percent of breaches occur due to compromised static passwords.The conversation examines the history of passwords, starting as simple, memorable phrases and evolving into complex strings with mandatory special characters, numbers, and capitalization. This complexity, while intended to increase security, often leads users to write down passwords or repeat them across multiple platforms, introducing significant security risks. Solutions like password managers arose to mitigate these issues, but as Heiman highlights, they tend to centralize risk, making a single point of failure an attractive target for attackers.The discussion shifts to MFA, which Heiman regards as a substantial improvement over static passwords. He illustrates the concept by comparing it to ATM use, which combines something you have (a bank card) and something you know (a PIN). Applying this to cybersecurity, MFA typically involves an additional step, such as an SMS code or biometric verification, significantly reducing the possibility of unauthorized access.Looking forward, both Heiman and Martin consider the promise of passwordless systems and continuous authentication. These technologies utilize a combination of biometrics and behavioral analysis to constantly verify user identity without the need for repetitive password entries. This approach aligns with the principles of zero-trust architecture, which assumes that no entity, inside or outside the organization, can be inherently trusted. Heiman stresses that transitioning to these advanced authentication methods should be a priority for organizations seeking to enhance their security posture. However, he acknowledges the challenges, especially concerning legacy systems and human behaviors, emphasizing the importance of a phased and managed risk approach.For listeners involved in cybersecurity, Heiman’s insights provide valuable guidance on navigating the intricate dynamics of password management and embracing more secure, advanced authentication mechanisms.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year’s coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year’s event.Getting Ready for Black Hat 2024The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat.Introducing Jeswin Mathai and SquareXJeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product’s efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat.The Birth of SquareXSean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security.Addressing Security GapsJeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity.Innovative Security SolutionsSquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience.A Scalable and Privacy-Safe SolutionMarco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws.Real-World Use CasesTo illustrate SquareX’s capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats.Looking Ahead to Black Hat and DEF CONThe discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today’s cybersecurity challenges and solutions.ConclusionIn conclusion, the conversation with Jeswin Mathai offers a comprehensive look at how SquareX is revolutionizing browser security. Their innovative solutions address critical gaps in traditional security measures, ensuring both consumer and enterprise users are protected against sophisticated threats. Join us at Black Hat Conference 2024 to learn more and engage with the experts at SquareX.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Jeswin Mathai, Chief Architect, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/jeswinmathai/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of persona

Guest: Jason Healey, Senior Research Scholar, Cyber Conflict Studies, SIPA at Columbia University [@Columbia]On LinkedIn | https://www.linkedin.com/in/jasonhealey/At BlackHat: https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jason-healey-31682____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesOpening Remarks:Sean Martin and Marco Ciappelli set the stage with their signature banter, creating an inviting atmosphere for a deep dive into cybersecurity. Marco introduces a philosophical question about measuring success and improvement in the field, leading seamlessly into their conversation with Jason Healey.Meet the Expert:Sean introduces Jason Healey, a senior research scholar at Columbia University and a former military cybersecurity leader with extensive experience, including roles at the Pentagon and the White House. Jason shares his excitement for Black Hat 2024 and the anniversary celebrations of ITSPmagazine, expressing anticipation for the discussions ahead.The Role of Defense in Cybersecurity:Jason previews his journey from military service to academia, posing the critical question, “Is defense winning?” He provides a historical perspective, noting that cybersecurity challenges have been present for decades. Despite significant investments and efforts, attackers often seem to maintain an edge. This preview sets the stage for a deeper exploration of how to measure success in defense, which he plans to address in detail at the conference.Shifting the Balance:Jason highlights the need for a comprehensive framework to evaluate the effectiveness of defense mechanisms. He introduces the concept of metrics like “mean time to detect,” suggesting that these can help gauge progress over time. Jason plans to discuss the importance of understanding system-wide dynamics at Black Hat, emphasizing that cybersecurity is about continual improvement rather than quick fixes.Economic Costs and Broader Impacts:Sean shifts the discussion to the economic aspects of cybersecurity, a topic Jason is set to explore further at the event. Jason notes that while financial implications are substantial, other indicators, such as the frequency of states declaring emergencies due to cyber incidents, provide a broader view of the impact. He underscores the need to address disparities in cybersecurity protection, pointing out that not everyone has access to the same level of defense capabilities.Community and Collaboration:Marco and Jason discuss the importance of community involvement in improving cybersecurity. Jason stresses the value of shared metrics and continuous data analysis, calling for collective efforts to build a robust defense against evolving threats. This theme of collaboration will be a key focus in his upcoming session.Looking Forward:As they wrap up, Sean and Marco express their anticipation for Jason’s session at Black Hat 2024. They encourage the audience to join in, engage with the topics discussed, and contribute to the ongoing conversation on cybersecurity.Conclusion:Sean concludes by thanking Jason for his insights and highlighting the importance of the upcoming Black Hat sessions. He invites listeners to follow ITSPmagazine's coverage for more expert discussions and insights into the field of cybersecurity.For more insightful sessions and expert talks on cybersecurity, make sure to follow ITSPmagazine's Black Hat coverage. Stay safe and stay informed!Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________ResourcesIs Defense Winning? (Session): https://www.blackhat.com/us-24/briefings/schedule/index.html#is-defense-winning-40663Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visi

In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP).The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification.The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats.Key Points Discussed:Behavioral Detection vs. Signature-Based Methods:Brooke emphasized the limitations of signature-based detection in addressing modern cloud security challenges. RAD Security's shift to behavioral detection ensures early identification of zero-day attacks, addressing both runtime and software supply chain vulnerabilities.Enhanced Capabilities for Real-Time Response:The platform provides automated response actions such as quarantining malicious workloads, labeling suspicious activities, and terminating threats. It leverages machine learning and large language models to classify detections accurately, aiding security operations centers (SOC) in quicker and more effective remediation.Recognition and Impact:RAD Security’s innovative approach has earned it a finalist spot in the prestigious Black Hat Startup Spotlight Competition, signifying industry acknowledgment of the need to move beyond traditional, reactive signatures to a proactive, behavioral security approach. They were also recognized during RSA Conference, one of the only startups to garner such a position.Supply Chain Security:Brooke highlighted the importance of analyzing third-party services and APIs at runtime to get a comprehensive threat picture. RAD Security’s verified runtime fingerprints ensure a defense-ready posture against supply chain attacks, exemplified by its response to the recent XZ Backdoor vulnerability.Future of Cloud Security:As security teams navigate increasingly complex cloud environments, the legacy method of relying on signatures is no longer viable. RAD Security's behavioral approach represents the future of cloud detection and response, offering a robust, resilient solution against novel and evolving threats.RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection.For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation.Learn more about RAD Security: https://itspm.ag/radsec-l33tzNote: This story contains promotional content. Learn more.Guest: Brooke Motta, CEO & Co-Founder, RAD Security [@RADSecurity_]On LinkedIn | https://www.linkedin.com/in/brookemotta/On Twitter | https://x.com/brookelynz1ResourcesA Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4biOpen Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kroLearn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-securityView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Kim Jones, Director, Intuit [@Intuit]On LinkedIn | https://www.linkedin.com/in/kimjones-cism/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin explores the importance of achieving velocity in cybersecurity operations with Kim Jones, a seasoned leader with nearly four decades of experience in intelligence, security, and risk.Jones, who has served in various roles such as Army Intel Officer, CISO, and most recently, in Performance Acceleration at Intuit, brings a wealth of knowledge to the table. Jones stresses that cultural alignment is crucial for cybersecurity teams to move faster without compromising security. He highlights the importance of leaders setting clear priorities and fostering an environment where team members feel comfortable raising conflicts and collaborating to find solutions. “A good leader is going to push the organization 5 percent beyond what it thinks it can do,” says Jones, emphasizing the necessity of pushing teams beyond their perceived limits while ensuring they work cohesively.One of the key takeaways from the discussion is Jones' analogy of velocity: “Velocity implies taking that motion in a given appropriate direction,” he explains. For Jones, mere motion is insufficient if it lacks direction. He believes that enterprises must align their resources toward a common goal to achieve true velocity, minimizing internal friction and inefficiencies along the way. Effective leadership, according to Jones, plays a pivotal role in this alignment. He argues that leaders need to create a culture where collaboration and conflict resolution are normalized practices. “Not every leader has to be charismatic, but every leader has to lead and set the tone,” Jones notes, adding that consistent and principled leadership is more impactful than charisma alone. Jones also touches on the real-world repercussions of failing to balance velocity with cultural alignment.Drawing from his extensive career, he shares that misalignment often leads to burnout and inefficiencies. He underscores the importance of leaders making time for their peers and team members, noting, “Inaction is as reckless as acting without thought.” Jones advises that prioritizing responses and maintaining open communication channels can significantly enhance team effectiveness. For organizations aiming to boost their cybersecurity operations, Jones' insights offer a valuable roadmap. By focusing on cultural alignment, setting clear priorities, and encouraging effective leadership, businesses can achieve the velocity needed to thrive. Jones' approach underscores that achieving velocity isn't about making things move faster in disarray but rather about coordinated and purposeful acceleration toward shared goals.Top Questions AddressedHow can organizations achieve velocity in their cybersecurity operations?Why is cultural alignment important for achieving velocity?What role does effective leadership play in achieving cybersecurity velocity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesInspiring Resource: https://www.linkedin.com/posts/kimjones-cism_velocity-simplified-activity-7201763704848175104-sprZ/Velocity, Simplified (Blog Post): https://www.security2cents.com/post/velocity-simplified___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Fred Heiding, Research Fellow, HarvardOn LinkedIn | https://www.linkedin.com/in/fheiding/On Twitter | https://twitter.com/fredheidingOn Mastodon | https://mastodon.social/@fredheidingOn Instagram | https://www.instagram.com/fheiding/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this Chats on the Road episode as part of the On Location with Sean and Marco series, hosts Sean Martin and Marco Ciappelli invite listeners into an engaging dialogue with Fred Heiding, a research fellow in computer science at Harvard. The episode dives into the intricacies of national cybersecurity strategies, exploring the intersection of technology, policy, and economics in safeguarding nations against cyber threats.Fred opens up about his journey from a technical background to a more policy-focused role at Harvard’s Kennedy School, driving home the importance of a multidisciplinary approach to cybersecurity. This sets the stage for a captivating discussion on the collaborative research project he's leading, which aims to evaluate and enhance national cybersecurity strategies worldwide.Listeners are treated to an insightful narrative on how the project originated from an insightful question Fred posed at a Harvard conference, leading to a fruitful partnership with national security researcher Alex O'Neill and Lachlan Price, a pivotal figure in crafting Australia's renowned cybersecurity strategy. Together, they've been investigating the effectiveness of various national strategies, emphasizing the need for context-specific evaluations.A major highlight of the episode is the discussion on the inclusion of emerging technologies, particularly AI, in these cybersecurity policies. Fred provides an optimistic update on how even slightly older documents are proactively addressing future-proof strategies against new technological threats. This is paired with a deep dive into the concepts of resilience and the importance of creating detailed, actionable policy documents that can be evaluated for effectiveness over time.Sean and Marco steer the conversation towards the practical implications of these strategies, questioning how economic factors influence cybersecurity policy and the trade-offs between system security and usability. Fred’s insights into the economic dimensions of cybersecurity, including the balance between investment in protection and the potential costs of cyber attacks, add a valuable perspective to the discussion.The episode promises to inspire listeners with Fred’s forward-thinking approach and the practical applications of his research. As Fred previews his upcoming presentation at Black Hat, excitement builds for those interested in the detailed findings and innovative strategies he will share.Tune in to this episode for a thought-provoking exploration of national cybersecurity strategies, enriched by Fred Heiding’s expert insights and the dynamic interaction between the hosts and their guest. Whether you're a policymaker, technologist, or cybersecurity enthusiast, this conversation offers valuable takeaways and a fresh perspective on the ever-evolving cyber landscape.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Contributors to A Multilateral Framework for Evaluating National Cybersecurity Strategies (BlackHat Session): Fred Heiding | Research Fellow, HarvardAlex O'Neill | IndependetLachlan Price | Research Assistant, HarvardEric Rosenbach | Senior Lecturer in Public Policy, Harvard____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________ResourcesA Multilateral Framework for Evaluating National Cybersecurity Strategies: https://www.blackhat.com/us-24/briefings/schedule/#a-multilateral-framework-for-evaluating-national-cybersecurity-strategies-40879Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/re

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesVroom Vroom! The Black Hat Tradition with Sean and MarcoIt's that time of year again, and Sean Martin and Marco Ciappelli are kicking things off with their customary banter on the road to Black Hat USA 2024. This time, there's no need to "vroom vroom" their way to Las Vegas as they'll be flying there instead. But no matter how they get there, it's all about reaching the grand event that is Black Hat.A Decade of ITSP Magazine and Black HatMarco highlights a significant milestone for their publication: ITSP Magazine is celebrating its 10th anniversary, a journey that began alongside the Black Hat conference. Steve Wylie, who has also been with Black Hat since 2014, shares this sentiment of growth and reflection.What to Expect at Black Hat USA 2024Steve Wylie provides a comprehensive overview of what attendees can expect this year. As always, the event will bring the heat—literally, with Las Vegas temperatures scaling up to 108 degrees Fahrenheit. But beyond the weather, the Black Hat event itself will feature a multitude of new expansions.Key HighlightsExpanded Content Program: Black Hat is adopting a three-day format instead of its usual two, adding a day packed with additional activities and events.More Networking Opportunities: Attendees can look forward to broadening their professional circles with a variety of planned and unplanned networking events, including the Meetup Lounge and Track Chair Meet and Greets.Day Zero Program: Designed especially for newcomers, this pre-event briefing will help attendees make the most out of their experience.Innovative Summits: New summits, including an AI Summit, Innovators and Investors Summit, Industrial Controls Summit, and Cyber Insurance Summit, will target both technical and managerial audiences.Deep Dives and Panel DiscussionsSteve reveals a notable deviation from tradition: this year's keynote will be a panel discussion focused on defending democracy in an election year, featuring top cybersecurity leaders from the U.S., the EU, and the UK. This will be an essential kickoff, reflecting on the year’s heavy election schedule and the growing influence of AI.Fireside Chat with Moxie MarlinspikeAnother unique addition is a fireside chat with Moxie Marlinspike, founder of Signal, moderated by Jeff Moss. This discussion will delve into privacy concerns and the ever-important balance between privacy and security in today's technological landscape.Arsenal and the NOC: Fan Favorites ReturnSean and Steve both tip their hats to recurring features such as Arsenal, which showcases cutting-edge tools developed by the cybersecurity community, and the NOC, where attendees can witness real-time network management and protection.Wrapping UpAs Sean and Marco prepare to experience another electrifying Black Hat, they remind readers and listeners alike to subscribe to ITSP Magazine for exclusive coverage and insights. Whether you're able to attend in person or follow along remotely, Black Hat USA 2024 promises to be a crucial event for anyone in the cybersecurity field.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________ResourcesLearn more about Black Hat USA 2024: https://www.blackhat.com/us-24/The list of keynotes can be found on this page: https://www.blackhat.com/us-24/keynotes.htmlDirect links to keynotes:https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-from-the-office-of-the-ciso-smarter-faster-stronger-security-in-the-age-of-ai-42061https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-understanding-and-reducing-supply-chain-and-software-vulnerability-risks-42104https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-let-me-tell-you-a-story-technology-and-the--vs-41962https://www.blackhat.com/us-

Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco’s exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco’s asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't.Why does this matter: The systems that typically track and report CVEs, don’t report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform’s exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it’s observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what’s working and what’s not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place.How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization’s security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams.Learn more about Sevco: https://itspm.ag/sevco250d8eNote: This story contains promotional content. Learn more.Guest: J.J. Guy, CEO and Co-Founder, SevcoOn LinkedIn | https://www.linkedin.com/in/jjguy/On Twitter | https://x.com/jjguy?lang=enResourcesState of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9blLearn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevcoView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ISMS.online has released its ‘State of Information Security’ report which surveyed 502 people in the UK (over 1500 globally) who work in information security across 10 sectors including technology, manufacturing, education, energy and utilities and healthcare. The main findings that it exposed are: 79% of businesses have been impacted due to an information security incident caused by a third-party vendor or supply chain partner. Over 99% of UK businesses received hefty fines for data breaches or violation of data protection rules over the last year Deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organisations.What does all of this mean? As data breaches continue to surge, government entities and trade bodies are in turn, trying to meet these challenges with updates and implementation of regulations and compliance mandates. Listen in as Luke speaks to IT managers about the need to build robust and effective information security foundations, invest in securing their supply chains and increasing employee awareness and training.Learn more about ISMS.online: https://itspm.ag/ismsonline08ab81Note: This story contains promotional content. Learn more.Guest: Luke Dash, CEO, ISMS.onlineOn LinkedIn | https://www.linkedin.com/in/luke-dash-33867b25/ResourcesThe State of Information Security Report 2024: https://itspm.ag/ismsonlinef56b77Learn more and catch more stories from ISMS.online: https://www.itspmagazine.com/directory/isms-onlineView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest Brand Story episode, host Sean Martin chats with Brian Reed, Mobile Security Evangelist, and Chris Roeckl, Chief Product Officer at AppDome, during the OWASP Global AppSec event in Lisbon. The episode dives into pivotal aspects of mobile app security and consumer expectations.Brian Reed articulates how AppDome collaborates with OWASP to tackle mobile app security challenges. He underscores the significant role consumers play in these endeavors. According to AppDome's annual survey, consumer feedback is indispensable, revealing that a staggering 97% of consumers would abandon a brand after an insecure app experience, while 95% would advocate for a brand offering a secure experience. This highlights the stark consequences of neglecting mobile security.Chris Roeckl elaborates on how AppDome’s annual survey, spanning four years, has amassed data from over 120,000 consumers across 12 countries. This wealth of information provides a clear trend: consumers increasingly prioritize security, particularly in banking, e-wallet, healthcare, and retail apps. Interestingly, while social media is not at the forefront of security concerns, it is rapidly becoming a focus area as users grow more conscious of account security and privacy.The discussion brings to light how brands can effectively communicate their security protocols to consumers. Reed and Roeckl suggest transparency through dedicated web pages, direct email outreach, and in-app notifications. This communication helps build trust and reassures consumers that their security concerns are being addressed.The conversation also touches on the integration of security into the development lifecycle. Developers often face the challenge of ensuring robust security without compromising the user experience. Reed mentions the importance of making security processes seamless and non-invasive for developers. By leveraging machine learning and AI, AppDome aims to automate many security tasks, allowing developers to focus on creating innovative, user-friendly applications.Moreover, Roeckl points out that a holistic approach is essential. This means incorporating input from various teams within an organization - from product leaders focusing on user engagement to engineers ensuring crash-free applications and cybersecurity teams safeguarding data integrity. This collaborative effort ensures that the final product not only meets but exceeds consumer expectations.The insights shared in the episode are a call to action for businesses to prioritize mobile security. With six billion humans using mobile apps globally, the stakes are higher than ever. Brands must recognize the direct correlation between secure mobile experiences and customer loyalty. By investing in robust security measures and effectively communicating these efforts, businesses can foster a secure and trustworthy environment for their users.Listeners are encouraged to download the full AppDome report for a deeper understanding of consumer attitudes towards mobile app security. This empathetic report offers valuable insights that can help developers, product managers, and cybersecurity teams align their strategies with consumer expectations, ultimately leading to safer and more secure mobile applications.Learn more about Appdome: https://itspm.ag/appdome-neuvNote: This story contains promotional content. Learn more.Guests: Brian Reed, SVP AppSec & Mobile Defense, Appdome [@appdome]On LinkedIn | https://www.linkedin.com/in/briancreed/Chris Roeckl, Chief Product Officer, Appdome [@appdome]On LinkedIn | https://www.linkedin.com/in/croeckl/ResourcesLearn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdomeView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode — Part 1 of 3 Parts — of the Redefining CyberSecurity Podcast on ITSPmagazine, host Sean Martin dives into a comprehensive discussion with Kush Sharma, a distinguished leader with vast experience across Accenture, Deloitte, the City of Toronto, and CP Rail. The conversation explores the intricacies of building a Chief Information Security Officer (CISO) office from the ground up, offering invaluable insights for current and aspiring CISOs.Kush Sharma emphasizes the multifaceted role of a CISO, particularly the distinct challenges faced when establishing a cybersecurity program in various organizational contexts—government, private sector, and consulting firms. He points out that in governmental environments, the focus is typically on how to benefit citizens or internal staff while operating under tight scrutiny and budget constraints. In contrast, consulting and private sectors prioritize efficiency, quick deployment, and direct benefits to the organization.A significant part of the discussion centers on enterprise risk management. Sharma highlights the importance of aligning cybersecurity initiatives with organizational objectives. From mergers and acquisitions (M&A) to digital transformations, CISOs must ensure that their strategies mitigate risk while supporting the broader business goals. Kush Sharma advises that during such major projects, security measures need to be integrated from the ground up, focusing on things like role-based access and the segmentation of business processes.Additionally, the challenges of engaging with governmental bodies are explored in depth. Sharma explains the extensive bureaucratic processes and the need for consensus-building, which often lead to significant delays. Understanding these processes allows for better navigation and more efficient outcomes. Sharma also brings out the importance of understanding and acting upon business processes when integrating cybersecurity measures. For instance, in large-scale ERP implementations, it is crucial to map out detailed roles and ensure that security provisions are applied consistently across all integrated systems. By focusing on the distinct roles within these processes, such as AP clerks or accounting managers, CISOs can develop more granular and effective security measures.The episode underscores that success in building a CISO office lies in strategic alignment, efficient resource allocation, and thorough understanding of both technical and business processes. For cybersecurity leaders, this conversation with Kush Sharma offers crucial guidance and real-world examples to help navigate their complex roles effectively. Be sure to listen to the episode for a deeper dive into these topics and more. And, stay tuned for Parts 2 and 3 for even more goodness from Sean and Kush.Top Questions AddressedWhat are the complexities of establishing a CISO office from scratch?How do the requirements and focus differ when establishing a cybersecurity program in governmental versus private sectors?What is the approach to managing enterprise risk during digital transformations and mergers & acquisitions (M&A)?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources ___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Jess Nall, Partner, Defense Against Government Investigations, Baker McKenzie, LLP [@bakermckenzie]On LinkedIn | https://www.linkedin.com/in/jess-nall/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs the countdown to Black Hat 2024 begins, ITSP Magazine’s “Chats On the Road” series kicks off with a compelling pre-event discussion featuring Jess Nall, a partner at Baker McKenzie with over two decades of experience in federal investigations and defending Chief Information Security Officers (CISOs). Hosted by Sean Martin and Marco Ciappelli, the episode blends humor and serious insights to tackle the evolving challenges faced by CISOs today.The Dodgeball Analogy: Setting the StageThe conversation starts on a light-hearted note with a playful dodgeball analogy, a clever metaphor used to illustrate the growing complexities in the cybersecurity landscape. This sets the tone for a deeper exploration of the pressures and responsibilities that modern CISOs face, bridging the gap between legacy technology and contemporary cybersecurity challenges.Legacy Technology vs. Modern CybersecurityDrawing from the dodgeball metaphor, Sean and Marco highlight the burden of legacy technology and its impact on current cybersecurity practices. Jess Nall shares her perspective on how past business operations influence today’s cybersecurity strategies, emphasizing the need for CISOs to adapt and innovate continually.ITSP Magazine’s Milestone and Black Hat ConnectionsThis episode also marks a celebratory milestone for ITSP Magazine. Sean and Marco reflect on their journey from Los Angeles to Las Vegas, the birthplace of ITSP Magazine, and how their experiences have shaped the publication’s mission and growth. As they gear up for Black Hat 2024, they express their excitement about reconnecting with the cybersecurity community and exploring new opportunities for collaboration.Introducing Jess Nall: Expertise and ExperienceJess Nall, a seasoned expert in federal investigations, brings invaluable insights to the discussion. She underscores the severe implications of government scrutiny on CISOs, drawing from high-profile cases like SEC v. SolarWinds and Tim Brown. Jess provides practical advice for CISOs to avoid regulatory pitfalls and highlights the importance of staying vigilant and proactive in their roles.The Internet’s Troubled History and Its ImpactMarco steers the conversation towards the Internet’s troubled history and its initial lack of security foresight. Jess reflects on how these historical challenges have shaped modern cybersecurity practices, emphasizing the difficulties of keeping up with evolving threats and expanding attack surfaces. She also discusses the controversial strategy of targeting CISOs to influence corporate cybersecurity measures, a practice she staunchly opposes.The Perfect Storm: AI and CybersecurityThe discussion turns to the increasing complexity of cybersecurity in the age of AI. Sean and Jess delve into the pressures CISOs face as they balance the incorporation of AI technologies with maintaining robust cybersecurity measures. Jess describes this scenario as a “perfect storm,” making the role of a CISO more challenging than ever.Regulation and Legislation: A Critical ExaminationMarco raises critical concerns about the reactive nature of current cybersecurity legislation and regulation. Jess discusses how federal agencies often target individuals closest to a cybersecurity breach and outlines the topics she will cover in her upcoming Black Hat presentation. She aims to educate CISOs on preventive measures and strategic responses to navigate these challenges effectively.Looking Ahead: Black Hat 2024As the episode concludes, Sean emphasizes the importance of awareness and proactive measures among CISOs. Marco encourages listeners to attend Jess Nall’s presentation at Black Hat 2024 on August 7th at Mandalay Bay in Las Vegas. This critical discussion promises to equip CISOs and their teams with the knowledge and tools to navigate their increasingly scrutinized roles.Stay Tuned with ITSP MagazineSean and Marco remind their audience that this episode is just the beginning of a series of insightful conversations leading up to Black Hat 2024. They invite listeners to stay tuned for more engaging episodes that will continue to explore the dynamic world of cybersecurity.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTub

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Rogier Fischer, co-founder and CEO of Hadrian, to delve into the evolving landscape of cybersecurity. The discussion navigates through the intricacies of modern cybersecurity challenges and how Hadrian is providing innovative solutions to tackle these issues. Sean Martin sets the stage by emphasizing the importance of operationalizing cybersecurity strategies to manage risk and protect revenue. Rogier Fischer shares his journey from an ethical hacker working with Dutch banks and tech companies to co-founding Hadrian, a company that leverages advanced AI to automate penetration testing.Fischer highlights the limitations of traditional cybersecurity tools, noting they are often too passive and fail to provide adequate visibility. Hadrian, on the other hand, offers a proactive approach by simulating hacker behavior to identify vulnerabilities and exposures. The platform provides a more comprehensive view by combining various aspects of offensive security, enabling organizations to prioritize their most critical vulnerabilities.One of the key points Fischer discusses is Hadrian's event-driven architecture, which allows the system to detect changes in real-time and reassess vulnerabilities accordingly. This ensures continuous monitoring and timely responses to new threats, adapting to the ever-changing IT environments. Another significant aspect covered is Hadrian's use of AI and machine learning to enhance the context and flexibility of security testing. Fischer explains that AI is selectively applied to maximize efficiency and minimize false positives, thus allowing for smarter, more effective security assessments.Fischer also shares insights on how Hadrian assists in automated risk remediation. The platform not only identifies vulnerabilities but also provides clear guidance and tools to address them. This is particularly beneficial for smaller security teams that may lack the resources to handle vast amounts of raw data generated by traditional vulnerability scanners. Additionally, Hadrian's ability to integrate with existing security controls and workflows is highlighted. Fischer notes the company's focus on user experience and the need for features that facilitate easy interaction with different stakeholders, such as IT teams and security engineers, for efficient risk management and remediation.In conclusion, Rogier Fischer articulates that the true strength of Hadrian lies in its ability to offer a hacker’s perspective through advanced AI-driven tools, ensuring that organizations not only identify but also effectively mitigate risks. By doing so, Hadrian empowers businesses to stay ahead in the ever-evolving cybersecurity landscape.Top Questions AddressedWhat drove the creation of Hadrian, and what gaps in the cybersecurity market does it fill?How does Hadrian's event-driven architecture ensure continuous risk assessment and adaptation to changing environments?How does Hadrian leverage AI and machine learning to improve the effectiveness of penetration testing and risk remediation?Learn more about Hadrian: https://itspm.ag/hadrian-5eiNote: This story contains promotional content. Learn more.Guest: Rogier Fischer, Co-Founder and CEO, Hadrian [@hadriansecurity]On LinkedIn | https://www.linkedin.com/in/rogierfischer/ResourcesView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Tyler Wall, CEO, Cyber NOW EducationOn LinkedIn | https://www.linkedin.com/in/tylerewallOn YouTube | https://www.youtube.com/@cybernoweducationJarrett Rodrick, Sr. Manager, Threat Management at Omnissa [@WeAreOmnissa]On LinkedIn | https://www.linkedin.com/in/jarrett-rodrick/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of Redefining CyberSecurity, host Sean Martin converses with Tyler Wall and Jarrett Rodrick, co-authors of "Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success." The discussion dives into the essential aspects of starting and advancing a career as a Security Operations Center (SOC) analyst, shedding light on the realities and opportunities within the cybersecurity landscape.Tyler Wall, a full-time cybersecurity professional and founder of CyberNow Education, highlights that entering the SOC analyst role doesn't necessarily require a college degree. Wall emphasizes the importance of certifications like Security+ and Network+, combined with real-world IT experience. The discussion points out that many successful SOC analysts have transitioned from desktop support roles or other IT positions, using these pathways to gain relevant experience and knowledge.Jarrett Rodrick, formerly a SOC lead at VMware and now overseeing multiple security teams at Omnissa, underscores that this field values practical skills and continuous learning. Rodrick's own journey from combat soldier to SOC manager exemplifies the diverse backgrounds from which professionals can emerge. He points out that, during the COVID-19 pandemic, the cybersecurity job market was robust, but now there is fiercer competition with many qualified candidates vying for roles.Wall and Rodrick discuss the structure of their book, which includes five real-world stories from various SOC analysts. These stories serve to inspire and provide practical insights into the everyday challenges and rewards of the role. The book also covers the technical and non-technical skills necessary for SOC analysts, such as curiosity, the ability to delve into rabbit holes of information, and a thorough understanding of cloud security.Networking and community involvement are vital for career growth, as highlighted by Wall. He advises aspiring SOC analysts to join groups like DEF CON, 2600, and online communities such as Black Hills Information Security to build connections and gain industry insights. Blogging about one's learning journey and challenges can also attract attention and establish a professional network.The conversation also touches upon the future of the SOC analyst role, particularly in light of advancements in automation. Rodrick notes that while automation will handle some of the more mundane tasks, it will never completely replace human analysts. These tools are designed to enhance efficiency and allow analysts to focus on more complex and strategic issues. Wall adds that having a background or education in cloud security is increasingly important as more companies migrate to cloud environments.In summary, the episode provides a comprehensive overview of the SOC analyst career path, highlighting the need for practical skills, continuous learning, and community engagement. Wall and Rodrick's insights and recommendations serve as a valuable guide for anyone looking to enter or advance in this critical cybersecurity role. Their book, "Jump-start Your SOC Analyst Career," is a testament to their commitment to supporting the next generation of SOC analysts and promoting a secure digital world.Key Questions AddressedHow can one get started as a SOC analyst?What skills are necessary for a SOC analyst?How is automation impacting the SOC analyst role?About the BookThe frontlines of cybersecurity operations include many unfilled jobs and exciting career opportunities.A transition to a security operations center (SOC) analyst position could be the start of a new path for you. Learn to actively analyze threats, protect your enterprise from harm, and kick-start your road to cybersecurity success with this one-of-a-kind book.Authors Tyler E. Wall and Jarrett W. Rodrick carefully and expertly share real-world insights and practical tips in Jump-start Your SOC Analyst Career. The lessons revealed equip you for interview preparation, tackling day one on the job, and setting long-term development goals.This book highlights personal stories from five SOC professionals at various career levels with keen advice that is immediately applicable to your own journey. The gems of knowledge shared in this book provide you with a notable advantage for entering this dynamic field of work.The recent surplus in demand for SOC analysts makes Jump-start Your SOC Analyst Care

Guest: Oleg Shanyuk, Platform Security, Delivery Hero [@deliveryherocom]On LinkedIn | https://www.linkedin.com/in/oleg-shanyuk/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this On Location episode, Sean Martin discusses the complexities of application security (AppSec) and the challenges surrounding the integration of artificial intelligence (AI) with Oleg Shanyuk at the OWASP Global AppSec Global conference in Lisbon. The conversation delves into various aspects of AppSec, DevSecOps, and the broader scope of securing both web and mobile applications, as well as the cloud and container environments that underpin them.One of the core topics Martin and Shanyuk explore is the pervasive influence of AI across different sectors. AI's application in coding, for instance, can significantly expedite the development process. However, as Sean Martin highlights, AI-generated code may lack the human intuition and contextual understanding crucial for error mitigation. This necessitates deeper and more intricate code reviews by human developers, reinforcing the symbiotic relationship between human expertise and AI efficiency.Shanyuk shares insightful anecdotes about the history and evolution of programming languages and how AI's rise is reminiscent of past technological shifts. He references the advancement from physical punch cards to assembly languages and human-readable code, drawing parallels to the current AI boom. Shanyuk stresses the importance of learning from past technological evolutions to better understand and leverage AI's full potential in modern development environments.The conversation also explores the practical applications of AI in fields beyond straightforward coding. Shanyuk discusses the evolution of automotive batteries from 12 volts to 48 volts, paralleling this shift with how AI can optimize various processes in different industries. This evolution demonstrates the potential of technology to drive efficiencies and reduce costs, emphasizing the need for ongoing innovation and adaptation.Martin further navigates the discussion towards platform engineering, contrasting its benefits of consistency and control with the precision and customization needed for specific tasks. The ongoing debate encapsulates the broader dialogue within the tech community about finding the right balance between standardization and flexibility. Shanyuk's perspective offers valuable insights into how industries can leverage AI and platform engineering principles to achieve both operational efficiency and specialized functionality.The episode concludes with forward-looking reflections on the future of AI-driven models and their potential to transcend the limitations of human language and traditional coding paradigms. The thoughtful dialogue between Martin and Shanyuk leaves listeners with a deeper appreciation of the challenges and opportunities within the realm of AI and AppSec, encouraging continued exploration and discourse in these rapidly evolving fields.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesBret Victor: https://worrydream.com/Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the hilarious yet insightful tale, join the eccentric Dr. Frankenstream and his quirky assistant Igor, as they bring an AI system to life, only to face unexpected challenges and hilarious missteps. Discover how they, along with cybersecurity expert Inga, navigate the perils of modern technology, reminding us of the crucial balance between innovation and responsibility.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity]On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps.Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones.A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested.Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities.Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers.For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesLeaveHomeSafe Pentest Report: https://7asecurity.com/reports/pentest-report-leavehomesafe.pdfCoverDrop Pentest Report: https://7asecurity.com/reports/pentest-report-coverdrop.pdfWhy You Need a Pentest: https://www.youtube.com/watch?v=oBVTlKrLw-kLearn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Jim Dempsey, Senior Policy Advisor, Stanford Program on Geopolitics, Technology and Governance [@FSIStanford]; Lecturer, UC Berkeley Law School [@BerkeleyLaw]On LinkedIn | https://www.linkedin.com/in/james-dempsey-8a10a623/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinHost: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliView This Show's Sponsors___________________________Episode NotesJoin Sean Martin and Marco Ciappelli for a dynamic discussion with Jim Dempsey as they unearth critical insights into the rapidly evolving field of cybersecurity law. Jim Dempsey, who teaches cybersecurity law at UC California Berkeley Law School and serves as Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance, shares his extensive knowledge and experience on the subject, providing a wealth of information on the intricacies and developments within this legal domain.Cybersecurity law is a relatively new but increasingly important area of the legal landscape. As Dempsey pointed out, the field is continually evolving, with significant strides made over the past few years in response to the growing complexity and frequency of cyber threats. One key aspect highlighted was the concept of 'reasonable cybersecurity'—a standard that demands organizations implement adequate security measures, not necessarily perfect ones, to protect against breaches and other cyber incidents. This concept parallels other industries where safety standards are continually refined and enforced.The conversation also delved into the historical context of cybersecurity law, referencing the Computer Fraud and Abuse Act of 1986, which initially aimed to combat unauthorized access and exploitation of computer systems. Dempsey provided an enlightening historical perspective on how traditional laws have been adapted to the digital age, emphasizing the role of common law and the evolution of legal principles to meet the challenges posed by technology.One of the pivotal points of discussion was the shift in liability for cybersecurity failures. The Biden administration's National Cybersecurity Strategy of 2023 marks a significant departure from previous policies by advocating for holding software developers accountable for the security of their products, rather than placing the entire burden on end-users. This approach aims to incentivize higher standards of software development and greater accountability within the industry.The discussion also touched on the importance of corporate governance in cybersecurity. With new regulations from bodies like the Securities and Exchange Commission (SEC), companies are now required to disclose material cybersecurity incidents, thus emphasizing the need for collaboration between cybersecurity teams and legal departments to navigate these requirements effectively.Overall, the episode underscored the multifaceted nature of cybersecurity law, implicating not just legal frameworks but also technological standards, corporate policies, and international relations. Dempsey's insights elucidated how cybersecurity law is becoming ever more integral to various aspects of society and governance, marking its transition from a peripheral concern to a central pillar in protecting digital infrastructure and information integrity. This ongoing evolution makes it clear that cybersecurity law will continue to be a critical area of focus for legal professionals, policymakers, and businesses alike.Top Questions AddressedWhat is the importance of defining 'reasonable cybersecurity,' and how is this standard evolving?How has the shift in legal liability for cybersecurity incidents, particularly under the Biden administration, impacted the software industry?In what ways are historical legal principles, like those from the Computer Fraud and Abuse Act, being adapted to meet modern cybersecurity challenges?About the BookFirst published in 2021, Cybersecurity Law Fundamentals has been completely revised and updated.U.S. cybersecurity law is rapidly changing. Since 2021, there have been major Supreme Court decisions interpreting the federal computer crime law and deeply affecting the principles of standing in data breach cases. The Securities and Exchange Commission has adopted new rules for publicly traded companies on cyber incident disclosure. The Federal Trade Commission revised its cybersecurity rules under the Gramm-Leach-Bliley Act and set out new expectations for all businesses collecting personal information. Sector-by-sector, federal regulators have issued binding cybersecurity rules for critical infrastructure, while a majority of states h

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today.The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues.The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations.A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance.Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically.The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively.Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We are in the era of dynamic computing – and while that gives way to innovation, it also escalates the risks every business faces. Computing no longer occurs solely within the perimeter, and cybersecurity threats are increasingly more sophisticated. In fact, organizations today operate in a climate where entire systems can be taken offline in just a few short hours – and leaders need to be prepared for recovery from an interruption to the networks, systems, or data that underpin their business. With the advent and proliferation of new technologies, there is more pressure than ever to secure organizations’ computing. Ultimately, the evolution of computing has forced businesses into a paradox of innovation and risk. They must balance technology with security and business resilience, which requires a new way of thinking.Conduct a thorough assessment of risk areas to understand the barriers across your IT estate.Assess your organization’s dynamic computing initiatives and design security measures from the outset of implementation to ensure compliance and mitigate future risks.Allocate resources strategically to align cybersecurity initiatives with business objectives across silos.Forge partnerships with external collaborators to augment your organization’s security expertise.Regularly adapt your approach to meet the demands of an evolving computing landscape and expanding attack surface.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Ida Hameete, Application Security Consultant, ZenrosiOn LinkedIn | https://www.linkedin.com/in/idahameete/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesJoin Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses.Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices.Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge.The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization.Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences.Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success.Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesLearn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/Ida's Session: https://owaspglobalappseclisbon2024.sched.com/event/1VdB4/winning-buy-in-mastering-the-art-of-communicating-security-to-management____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Robert Fernandes, Chief Information Security Officer, The Investment Center, Inc.On LinkedIn | https://www.linkedin.com/in/robert-fernandes-cybersecurity/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a compelling conversation with Robert Fernandes, CISO at the Investment Center, a financial service provider based in New Jersey. Together, they delve into the concept of viewing cybersecurity not merely as a cost center but as a profit center. This innovative perspective is fundamentally altering how businesses approach their cybersecurity investments.Sean Martin opens the discussion by addressing the evolving landscape of cybersecurity. He highlights how traditional views of cybersecurity — such as those held for an insurance policy — are outdated. Robert Fernandes agrees and emphasizes that times have changed; there's a growing need for businesses to leverage their cybersecurity posture as a competitive advantage. He advocates for the proactive use of a robust cybersecurity program to attract clients and secure trust, much like other marketing strategies.Drawing parallels from various industries, Fernandes notes that grocery stores and restaurants don't just sell food; they sell safe and high-quality food experiences. Similarly, automobile manufacturers sell not just vehicles but also safety and comfort. In the same vein, cybersecurity should be seen as an integral part of the product, enhancing its value and appeal to customers. For Fernandes, this shift in thinking can transform a company's cybersecurity program from a necessary expense into a key marketing asset.Fernandes also discusses the importance of breaking down silos within organizations. Effective communication between different departments, such as marketing, operations, and cybersecurity, can lead to a more cohesive strategy where cybersecurity is embedded in the company's culture and operations. This integration can significantly enhance the company's security posture, making it a selling point rather than an afterthought.One particularly intriguing point Fernandes makes is the role of education in shifting perceptions about cybersecurity. He stresses the need to inform and educate stakeholders - from end-users to executives - about the importance of cybersecurity. By moving past buzzwords and misconceptions, businesses can better understand and articulate the value of their cybersecurity measures to clients and partners. Martin and Fernandes also touch on the role of cyber insurance in conveying trust. A robust cyber insurance policy can serve as a testament to the company's strong security posture, further building client confidence.Ultimately, the conversation underscores that by rethinking cybersecurity - from product design to marketing and beyond - businesses can realize substantial benefits. This episode is a must-listen for business leaders looking to turn their cybersecurity efforts into a profitable and strategic advantage.Top Questions AddressedHow can businesses transform cybersecurity from a cost center to a profit center?What are the benefits of breaking down organizational silos in cybersecurity strategy?How does educating stakeholders affect the perception and effectiveness of cybersecurity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesInspiring Post: https://www.linkedin.com/pulse/cybersecurity-profit-center-transforming-risk-robert-fernandes-uskwe___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Earlier this year, the NSA released updated zero-trust guidance in which microsegmentation is listed as a daunting, advanced endeavor, only suitable to the most mature organizations. Zero Networks is committed to challenging this sentiment. While some may hesitate, thinking microsegmentation is beyond their reach, we urge organizations to reconsider. Waiting is not an option when it comes to securing your network against evolving threats. By prioritizing microsegmentation, you're taking a proactive stance against unauthorized lateral movement, thwarting advanced attacks, and effectively blocking ransomware. Zero Networks has helped organizations of all sizes, maturity, and complexity levels to deploy our radically simple microsegmentation solution in a click, without breaking anything, and with little to no effort.As ransomware attacks double, microsegmentation has been hailed by Gartner, Forrester, the NSA, and leading security trade media outlets, as the most promising solution for halting lateral movement and satisfying zero trust guidelines. You can’t have a zero trust architecture without microsegmentation – but you also need to implement a solution quickly, without breaking anything, and without extensive costs and complexities. Zero Networks offers exactly this solution. Zero Networks' microsegmentation solution locks down lateral movement, effectively stranding hackers and preventing them from spreading ransomware. For an added layer of security, we apply MFA authentication to the network layer, allowing organizations to protect assets that could not be easily protected by MFA before: legacy applications, databases, OT/IoT devices, mainframes, on-prem VMs, and IaaS VMs. Our just-in-time MFA also applies an additional layer of security to privileged remote admin protocols like RDP, SSH, and WinRM – commonly exploited by attackers. This also supports organizations with compliance needs. “Never trust, always verify” comes automatically with Zero Networks.Zero Networks' microsegmentation solution provides agentless, automated, and multi-factor authentication (MFA) powered architecture. By monitoring and learning all network connections over a 30-day period, Zero Networks creates precise firewall rules that are centrally applied to all assets. This agentless architecture ensures that every asset, whether on-premises or in the cloud, including OT/IoT devices, is segmented without disrupting normal operations. One of the key challenges with traditional microsegmentation solutions is their complexity and associated costs. Forrester highlights the difficulty in quantifying the business benefits of microsegmentation due to its indirect impact on productivity and user experience. A global independent investment bank, Evercore, was undergoing the major challenge of effectively responding to an incident when a workstation was compromised, and a threat actor was able to gain access to their network to move laterally. They had firewalls, whitelists, blacklists and other measures that could slow them down but nothing that could immediately shut them down. Chris Turek, CIO of Evercore, said “Zero Networks is creating a new sphere of security capabilities.See the platform for yourself - reach out to us at zeronetworks.com for a demo.Learn more about Zero Networks: https://itspm.ag/zeronet-al2d2Note: This story contains promotional content. Learn more.Guest: Benny Lakunishok, Co-Founder and CEO, Zero Networks [@ZeroNetworks]On LinkedIn | https://www.linkedin.com/in/bennyl/On Twitter | https://x.com/lakunishokResourcesLearn more and catch more stories from Zero Networks: www.itspmagazine.com/directory/zero-networksLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Taiye Lambo, Founder of Holistic Information Security Practitioner Institute (HISPI), Founder and Chief Technology Officer of CloudeAssurance, Inc.On LinkedIn | https://www.linkedin.com/in/taiyelambo/Pam Kamath, Founder, Adaptive.AIOn LinkedIn | https://www.linkedin.com/in/pamkamath/Aric Perminter, CEO, Lynx Technology Partners, LLC.On LinkedIn | https://www.linkedin.com/in/aricperminter/Darrel Hawkins, Cyber Chief Technology Officer, Otis Elevator Co.On LinkedIn | https://www.linkedin.com/in/darrellhawkinscissp/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesThe latest episode of Redefining CyberSecurity Podcast brought together a distinguished panel of experts to delve into the intricacies of artificial intelligence, its benefits, and its risks. Hosted by Sean Martin, the panel included Aric Perminter, Founder and Chairman of Lynx Technology Partners; Pam Kamath, Founder of Adaptive AI; Darrell Hawkins, an IT industry veteran with extensive experience in cybersecurity; and Taiye Lambo, who established the Holistic Information Security Practitioner Institute in Atlanta, Georgia. One of the primary topics discussed was the pervasive influence of AI in various industries, particularly the dichotomy between generative AI and traditional AI.Pam Kamath highlighted the overlooked capabilities of traditional AI in fields like healthcare, which already show significant advancements in areas such as radiology. This underscores the point that while generative AI, epitomized by models like ChatGPT, garners much of the public's attention, traditional AI applications continue to evolve and solve complex problems efficiently.Darrell Hawkins brought a commercial perspective into the discourse, emphasizing the balancing act between leveraging AI for profitability versus ensuring societal safety. The key takeaway was that AI's role in enhancing productivity and creating new opportunities is undeniable, yet it is imperative to remain vigilant about its societal implications, such as privacy concerns and job displacement.Taiye Lambo shared insights from his experience with AI's practical applications in cyber operations. He underscored the diversity of AI's utility, from improving threat intelligence to automating secure responses, demonstrating its potential to transform cybersecurity protocols dramatically. Lambo also provided a thought-provoking view on privacy, suggesting that with the integration of AI into daily operations, the traditional concept of privacy might inevitably evolve or even diminish.Aric Perminter, focusing on sales and operational efficiencies, shared his insights on how AI-driven analytics can profoundly impact sales strategies, enhancing proposal effectiveness and positioning high-value services. This reflects AI’s broader potential to revolutionize internal business processes, making organizations nimbler and more data-driven. A common thread throughout the discussion was the emphasis on learning from past technological advances, like the adoption of cloud services, to guide AI implementation.Sean Martin and the panelists agreed that clear use cases and identified outcomes remain critical to leveraging AI effectively while managing risks thoughtfully. In doing so, organizations can harness AI's strengths without repeating past mistakes. Ultimately, the episode revealed that the journey with AI entails navigating both opportunities and risks. By focusing on practical applications and maintaining a vigilant eye on ethical and societal concerns, businesses and individuals can find a balanced approach to integrating AI into their ecosystems. This nuanced conversation serves as a valuable guide for anyone looking to understand and leverage the power of AI in a meaningful and responsible way.Top Questions AddressedWhy do we need a special view on AI compared to data and applications?How is AI being integrated into various industries and what are the implications?What are the risks and opportunities associated with AI adoption?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesBeyond the hype: Capturing the potential of AI and gen AI in tech, media, and telecom: https://www.mckinsey.com/~/media/mckinsey/industries/technology%20media%20and%20telecommunications/high%20tech/our%20insights/beyond%20the%20hype%20capturing%20the%20potential%20of%20ai%20and%20gen%20ai%20in%20tmt/beyond-the-hype-capturing-the-potential-of-ai-and-gen-ai-in-tmt.pdfAI Summit Roundtable Topics S

Guests: ✨ Dr. Melanie Garson, Cyber Policy & Tech Geopolitics Lead, Tony Blair Institute for Global Change [@InstituteGC]On LinkedIn | https://www.linkedin.com/in/melaniegarson/Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli_____________________________This Episode’s SponsorsBlackCloak 👉 https://itspm.ag/itspbcwebBugcrowd 👉 https://itspm.ag/itspbgcweb_____________________________Episode IntroductionIn an era where technology is the backbone of society, resilience in the face of cyber threats, natural disasters, and geopolitical strife is paramount. This was the focal point of the discussion between Sean Martin, Marco Ciappelli, and Dr. Melanie Garson in their recent conversation on "Hurricanes, Hacktivists, & HPCs: Building Resilience for the Compute Era."Dr. Melanie Garson, the Cyber and Tech Geopolitics Lead at the Tony Blair Institute for Global Change and Associate Professor at University College London, brings a wealth of expertise to the topic. Her work revolves around understanding how new and disruptive technologies like cyber warfare, brain-computer interfaces, and genetic engineering affect global stability. This episode delves into her insights on the evolving landscape of cyber resilience and the steps needed to brace for future challenges.The conversation begins with an exploration of how legacy infrastructure poses a significant risk to our digital and physical security. Dr. Garson emphasizes the importance of addressing these foundational elements, noting examples like the 2006 earthquake in Taiwan, which disrupted 22 communication cables. She warns of the potential catastrophes linked to outdated infrastructure and underscores the need for modernization and robust protection against not just cyberattacks but physical disruptions as well.The geopolitical aspect of technology is another critical element discussed. Dr. Garson highlights the role of private companies like Microsoft and Amazon in global conflicts, noting the effects seen during the Russia-Ukraine conflict where cloud services played a pivotal role in preserving data. This involvement signals a shift in how we understand power dynamics and control over critical technologies and raises questions about the responsibilities and decision-making processes of these tech giants. Furthermore, the discussion covers the intersection of emergency situations and technological dependencies.Using real-world instances like the hurricane in West Africa that knocked out major cables, Marco Ciappelli and Sean Martin emphasize how such events lead to significant economic impacts, illustrating how interconnected and vulnerable our systems are. Dr. Garson also touches upon the evolving nature of warfare, especially with the advent of electromagnetic spectrum manipulation and the reliance on GPS technologies. She notes the increasing use of electromagnetic interference for strategic advantage, a trend seen in ongoing global conflicts. The idea of compute diplomacy—ensuring countries have the sustainable computational power needed to remain competitive and secure—resonates strongly throughout their dialogue.The conversation wrapped with a powerful call to action: the need for both public and private sectors to address vulnerabilities throughout the entire tech stack, not just the application layer. This holistic approach is essential to safeguarding our digital infrastructure against a multitude of threats.In conclusion, building resilience in the compute era requires a multi-faceted approach that integrates robust cyber defense, modernized infrastructure, and a keen understanding of the geopolitical landscape. The insights shared by Dr. Melanie Garson underscore the importance of proactive measures and collaborative efforts in securing our interconnected world. This episode serves as a crucial reminder that as technology advances, so must our strategies to protect against emerging threats.Top Questions AddressedWhat are the biggest threats to our current digital infrastructure and how can we address them?How do geopolitical dynamics and private tech companies influence global cyber resilience?What role does emerging technology play in modern warfare and how should we prepare for it?_____________________________ResourcesHurricanes, Hacktivists & HPCs: Building Resilience for the Compute Era (Session): https://www.ukcyberweek.co.uk/uk-cyber-week-2024-agenda/hurricanes-hacktivists-hpcs-building-resilience-for-the-compute-eraThe State of Access to Compute Index 2023: https://www.institute.global/insights/tech-and-digitalisation/state-of-compute-access-how-to-bridge-the-new-digital-divideUK Cyber Week Exp

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/On Twitter | https://x.com/Soheil__K____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.They dive into Soheil’s background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.Top Questions AddressedWhat are request forgery attacks and how have they evolved over time?How do modern browsers and applications handle security against these attacks?What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesIn the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VdAy/in-the-same-site-we-trust-navigating-the-landscape-of-client-side-request-hijacking-on-the-webLearn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of per

Guests:Isabel Praça, Coordinator Professor, ISEP - Instituto Superior de Engenharia do PortoOn LinkedIn | https://www.linkedin.com/in/isabel-pra%C3%A7a-07b86310/At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/icpDinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]On LinkedIn | https://www.linkedin.com/in/diniscruz/On Twitter | https://twitter.com/DinisCruzAt OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/dinis.cruzRob van der Veer, Senior director at Software Improvement Group [@sig_eu]On Linkedin | https://www.linkedin.com/in/robvanderveer/On Twitter | https://twitter.com/robvanderveerAt OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/rob_van_der_veer.1tkia1sy____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, host Sean Martin embarks on a solo adventure to discuss the upcoming OWASP AppSec Global conference in Lisbon. He is joined by three distinguished guests: Isabel Praça, a professor and AI researcher; Dinis Cruz, an AppSec professional and startup founder; and Rob van der Veer, a software improvement consultant and AI standards pioneer.The episode kicks off with introductions and a light-hearted comment about Sean’s co-host, Marco Ciappelli, who is more of a psychology enthusiast while Sean delves into the technical aspects. Sean expresses his enthusiasm for the OWASP organization and its impactful projects, programs, and people.Each guest contributes unique insights into their work and their upcoming presentations at the conference. Isabel Praça, from the Polytechnic of Porto, shares her journey in AI and cybersecurity, emphasizing her collaboration with the European Union Agency for Cybersecurity (ENISA) on AI security and cybersecurity skills frameworks. She underscores the importance of interdisciplinary expertise in AI and cybersecurity and discusses her concept of "trust cards" for AI, which aim to provide a comprehensive evaluation of AI models beyond traditional metrics.Dinis Cruz, a longstanding member of OWASP with extensive experience in AppSec, brings attention to the challenges and opportunities presented by AI in scaling application security. He discusses the importance of a deterministic approach to AI outputs and provenance, advocating for a blend of traditional AppSec practices with new AI-driven capabilities to better understand and secure applications.Rob van der Veer, founder of the OpenCRE team and a veteran in AI, elaborates on the integration of multiple security standards and the essential need for collaboration between software engineers and data scientists. He shares his perspective on AI’s role in security, highlighting the pitfalls and biases associated with AI models and the necessity of applying established security principles to AI development.Throughout the episode, the conversation touches on the complexities of trust, the evolving landscape of AI and cybersecurity, and the imperative for ongoing collaboration and education among professionals in both fields. Sean wraps up the episode with a call to action for data scientists and AppSec professionals to join the conference, either in person or through recordings, to foster a deeper understanding and collective advancement in AI-enabled application security.Listeners are encouraged to attend the OWASP AppSec Global conference in Lisbon, where they can expect not only insightful sessions but also vibrant discussions and networking opportunities in a picturesque setting.Key Questions AddressedWhat roles and expertise are needed to effectively address AI and cybersecurity challenges?How does AI bring new dimensions to application security and what traditional methods remain relevant?Why is it important for data scientists and cybersecurity professionals to collaborate?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesTrust Cards for AI (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaD/trust-cards-for-aiDeterministic GenAI Outputs with Provenance (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaO/deterministic-genai-outputs-with-provenanceAI is just software, what could possibly go wrong? (Session): http

Guest: JC Heinbockel, Associate, Seyfarth Shaw LLPOn LinkedIn | https://www.linkedin.com/in/j-c-heinbockel-6563996a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of Redefining CyberSecurity, Sean Martin delves into an intriguing conversation with JC Heinbockel, an intellectual property lawyer specializing in brand protection. The episode primarily focused on the intersection of the ELVIS Act and rights of publicity in the age of AI.The discussion kicked off with JC Heinbockel providing a primer on intellectual property and the rights of publicity. He explained that while intellectual property encompasses discrete categories such as copyrights, patents, and trademarks, the right of publicity is more nuanced and often intertwined with personal privacy rights. Essentially, the right of publicity allows individuals to exploit their likenesses for commercial purposes or prevent others from doing so without permission. Heinbockel emphasized that the right of publicity is particularly relevant to celebrities and public figures whose likenesses hold significant market value. However, with the advent of generative AI and deepfake technology, protecting one's likeness has become more complicated.The new ELVIS Act in Tennessee is designed to address these challenges by extending the right of publicity to include voices and by explicitly targeting the misuse of likenesses through deepfake technology. The episode also touched on various instances where deepfake technology has already led to unauthorized use of celebrity likenesses. JC Heinbockel cited examples like deepfake ads featuring Clint Eastwood and Tom Hanks, highlighting the legal and ethical complications these technologies introduce.The Elvis Act serves as a legislative response to these advancements, aiming to protect individuals' likenesses from unauthorized commercial exploitation. For business leaders and security professionals, the conversation underscored the imperative need to develop robust AI policies, especially within marketing and advertising departments. Heinbockel urged organizations to carefully navigate the use of AI in creating content, as both the input and output of AI-generated material need to be scrutinized for compliance with existing laws and ethical standards. Moreover, the potential pitfalls of using generative AI extend beyond marketing to areas such as customer support and even internal operations.Heinbockel warned of the risks associated with using AI platforms that might inadvertently disclose confidential information or generate legally dubious content. He emphasized the necessity of setting strict guidelines and having comprehensive policies in place to mitigate these risks.The episode concluded with a call to action for companies to be proactive in understanding the implications of using AI and to plan accordingly. By doing so, they can better navigate the complex legal landscape surrounding intellectual property and publicity rights in the digital age. This timely discussion with JC Heinbockel highlights not just the challenges but also the opportunities for businesses to adapt and thrive in this evolving technological environment.Top Questions AddressedWhat are the rights of publicity, and how do they relate to intellectual property laws?How does the ELVIS Act in Tennessee address the challenges posed by deepfake technology?What should businesses be aware of when using AI to ensure they are compliant with legal and ethical standards?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesThe Gadgets, Gigabytes, & Goodwill Blog: https://www.gadgetsgigabytesandgoodwill.com/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this BlackCLoak Brand Story, hosts Sean Martin and Marco Ciappelli engage in an in-depth conversation with Founder Chris Pierson, Chief Information Security Officer Ryan Black, and Product Manager Matt Covington. The discussion explores the company’s dedication to protecting security and privacy for CISOs, executives, and high-net-worth individuals.The episode kicks off with Martin and Ciappelli extending a warm welcome to Pierson, Black, and Covington while highlighting the mission-driven approach of BlackCloak. Pierson elaborates on BlackCloak’s unique focus on protecting not just organizations but also extending security measures to the personal lives of executives and their families. This connection underscores the significance of safeguarding home environments, which are increasingly becoming targets for cyberattacks.Covington shares his intriguing journey from having a master's degree in literary theory to becoming involved in cybersecurity, emphasizing the importance of empathy in product development. He explains how BlackCloak's technology seeks to scale its services efficiently by automating repetitive tasks, thereby allowing their experts to focus on critical problem-solving for clients.Throughout the conversation, Ryan Black describes the flexible, personalized concierge service that BlackCloak offers, aimed at addressing the unique security needs of individuals outside the corporate framework. He emphasizes that their approach goes beyond traditional enterprise security, focusing on protecting personal devices and networks that executives use at home.The episode also touches on the emotional and psychological aspects of cybersecurity, illustrating how personal experiences with phishing attacks have driven both Black and Covington in their professional paths. The hosts and guests also discuss the personal side of cybersecurity, addressing behavioral vulnerabilities and the integration of user-friendly technology in personal security measures.Finally, the session highlights the collaborative and proactive culture at Black Cloak, where team members are committed to going above and beyond to protect their clients. This episode offers listeners valuable insights into how BlackCloak is pioneering an empathetic and comprehensive approach to cybersecurity.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonRyan Black, Chief Information Security Officer, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ryancblack/Matt Covington, VP of Product, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/mecovington/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebBlackCloak welcomes Ryan Black: https://www.linkedin.com/posts/blackcloak_personalcybersecurity-cybersecurity-executiveprotection-activity-7198293889777098752-Bd5zAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Kim Wuyts, Manager Cyber & Privacy, PwC Belgium [@PwC_Belgium]On LinkedIn | https://www.linkedin.com/in/kwuyts/On Twitter | https://twitter.com/WuytskiOn Mastodon | https://mastodon.social/@kimwAvi Douglen, CEO / Board of Directors, Bounce Security & OWASPOn LinkedIn | https://www.linkedin.com/in/avidouglen/On Twitter | https://twitter.com/sec_tigger____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, host Sean Martin offers a deep dive into the OWASP AppSec Lisbon event, engaging in a meaningful conversation with Kim Wuyts and Avi Douglen. Sean starts by setting the stage for an insightful discussion focused on privacy, security, and the integration of both in modern application development.Kim Wuyts, a Cyber and Privacy Manager at PwC Belgium, shares her journey from a security researcher to a privacy engineering expert, emphasizing the importance of privacy threat modeling and the intricate balance between security and privacy. She explains how privacy not only strengthens security but also involves complex considerations like legal, ethical, and technological aspects. Kim highlights the need for companies to adopt privacy by design, ensuring data is used with care and transparency, rather than merely being collected and stored.Avi Douglen, Lead Consultant at Bounce Security, brings his experience in threat modeling to the conversation, recounting his learning curve in understanding the depths of privacy beyond mere confidentiality. He speaks about the importance of educating security engineers on privacy considerations and using value-driven security to protect stakeholders' interests. Avi stresses that privacy and security should be integrated from the beginning of the application development process to avoid clashes and ensure robust, privacy-respecting systems.Throughout the discussion, the guests delve into various privacy engineering practices, including data minimization, the handling of meta-information, and the potential conflicts between security requirements and privacy needs. They touch on real-world scenarios where privacy can enhance overall security posture and how privacy engineering aligns with compliance requirements such as GDPR.Sean, Kim, and Avi also explore the concept of architectural data mapping and selecting the right components for privacy. They discuss the evolving skill set required for privacy engineering and how integrating privacy with existing security practices can add significant value to any organization.The episode concludes with a look at the upcoming training session at the OWASP AppSec event in Lisbon, emphasizing the need for a diverse audience, including security engineers, privacy professionals, and developers. This session aims to foster a collaborative environment where participants can expand their knowledge and apply practical privacy by design principles in their work.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesTraining: https://lisbon.globalappsec.org/trainings/#sku_PPBDThreat modeling manifesto: https://www.threatmodelingmanifesto.org/Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Jim Manico, Founder and Secure Coding Educator, Manicode SecurityOn LinkedIn | https://www.linkedin.com/in/jmanico/On Twitter | https://x.com/manicode____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, host Sean Martin engages in a compelling discussion with Jim Manico about the current landscape of application security. Jim, a notable leader in the field, delves into several critical topics surrounding application security and its evolving challenges.The conversation opens by touching on the significant influence of artificial intelligence (AI) on application security, suggesting a future episode dedicated entirely to exploring this complex topic. They then shift focus to the necessity of having a formalized approach when dealing with security vulnerabilities. Jim underscores the importance of planning and preparation before tackling security threats, emphasizing that structured processes lead to more effective management of potential issues.A significant portion of the dialogue explores the challenges associated with identifying and managing vulnerable or outdated libraries within codebases. Jim and Sean discuss how modern development practices often lead to the incorporation of various libraries, each of which can introduce potential security risks if not properly maintained. The intricacies of keeping these libraries updated to prevent vulnerabilities are highlighted, including the frequent necessity of updating or replacing libraries to ensure robust security.Jim also touches upon the noise generated by automated security findings, which can overwhelm development teams with alerts and potential issues. He stresses the value of effectively prioritizing and addressing these findings to ensure that the most critical vulnerabilities are tackled promptly, reducing the risk of exploitation.Throughout the episode, Jim and Sean highlight the balance that must be struck between developing new features and maintaining a secure, resilient application environment. Ensuring that security is integrated into the development lifecycle rather than being an afterthought is a recurring theme in their discussion.This engaging episode provides listeners with a deep dive into the strategic and tactical aspects of application security, offering valuable insights and practical advice on navigating the often complex and ever-evolving security landscape.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesTraining: https://lisbon.globalappsec.org/trainings/#sku_ASTJMOWASP ASVS: https://github.com/OWASP/ASVS/tree/master/5.0/enOWASP Cheatsheet Series: https://cheatsheetseries.owasp.org/Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQDr. Cori Faklaris, Assistant Professor, University of North Carolina at Charlotte [@unccharlotte], Director, Security and Privacy Experiences (SPEX) research group [@SPEX_lab]On LinkedIn | https://www.linkedin.com/in/corifaklaris/On Twitter | https://twitter.com/heycoriOn Mastodon | https://hci.social/@HeycoriOn Facebook | https://www.facebook.com/heycori____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this new episode of the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney welcomed Dr. Cori Faklaris, an assistant professor at the University of North Carolina, Charlotte, to discuss the intricate relationship between human-centered research and cybersecurity. Dr. Faklaris, who leads the Security and Privacy Experience Research Group at the university, shared valuable insights on the intersection of human behavior and security practices.The episode delved into Dr. Faklaris' extensive research on security attitudes and behaviors. She introduced the Security Attitudes (SA) scales, particularly the SA-6 and SA-13, which are tools designed to measure people's security attitudes. These scales provide a reliable and valid means to gauge individuals' perspectives on cybersecurity, which can be critical for organizations looking to enhance their security training programs. By regularly measuring security attitudes before and after training, organizations can assess the effectiveness of their initiatives and identify areas for improvement. Dr. Faklaris emphasized the importance of considering not just attitudes but also social norms and perceived behavioral control when examining security behaviors.A significant portion of the discussion centered around the challenges posed by smishing—phishing attacks conducted via SMS. Dr. Faklaris highlighted that younger people and college students are particularly vulnerable to such attacks. Her research indicates that demographic factors can influence susceptibility to smishing, underscoring the need for targeted awareness campaigns and tailored security measures.The episode also touched on the broader implications of trust and usability in communication systems, with Dr. Faklaris stressing the importance of clear and trustworthy communication channels to prevent user fatigue and mistrust. In addition to her academic endeavors, Dr. Faklaris is spearheading a new cybersecurity clinic at UNC Charlotte. This initiative aims to support local organizations, particularly small businesses and non-profits, by providing them with valuable cybersecurity guidance and services free of charge. The clinic, which will involve student teams working on real-world problems, seeks to bridge the gap between academic research and practical application while fostering community engagement and providing hands-on experience to students.The episode serves as a treasure trove of insights for security leaders and practitioners, offering practical advice on enhancing security training and awareness programs. By leveraging research-backed methods and fostering community partnerships, organizations can better navigate the complex human factors that influence cybersecurity practices. Dr. Faklaris' work serves as a powerful reminder of the critical role human-centered approaches play in building robust and effective security frameworks.Top Questions AddressedHow can you measure security attitudes?What is smishing and why are younger people more vulnerable to it?How can organizations utilize human-centered research to enhance their security training programs?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Robin Smith, CISO of Aston Martin [@astonmartin]On LinkedIn | https://www.linkedin.com/in/robin-s-78148a133/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe latest episode of "On Location With Marco and Sean" features an in-depth discussion with Robin Smith, the Chief Information Security Officer (CISO) at Aston Martin. Recorded live in the media room at Infosecurity Europe 2024 in London, this episode explores the essential role of culture in cybersecurity. Sean Martin and Marco Ciappelli guide the conversation, touching on everything related to the complexities of organizational security culture.The IcebreakerThe conversation kicks off with some light-hearted banter about yogurt and its cultural significance, setting a relaxed tone before diving into the serious business of cybersecurity. Sean and Marco's playful exchange effectively breaks the ice, before Sean introduces Robin Smith, emphasizing how this conversation is the final one in their Infosecurity Europe coverage. Robin reciprocates with a warm thank you, before sharing insights on Aston Martin’s cybersecurity culture.Life at Aston MartinRobin elaborates on his role at Aston Martin, revealing that he considers himself the "luckiest man in cyber." He explains how a commitment to high-quality IT initially existed at Aston Martin but not a fully developed cybersecurity culture. Over the past three years, his mission has been to build that culture, aligning it with Aston Martin’s values and brand prestige.Building a Cybersecurity CultureRobin describes how he introduced a comprehensive security program that aligns with Aston Martin’s renowned design and engineering standards. He discusses the importance of integrating cybersecurity as a full-spectrum approach to business improvement, not just a technological add-on.Lessons LearnedThe conversation shifts to some of the challenges and failures encountered along the way. Robin recounts an ambitious but ultimately unsuccessful attempt to engage the board with an open-source intelligence report on their personal information. Though the exercise did not go as planned, it provided invaluable lessons on cultural sensitivity and resource allocation.The Vision for the FutureRobin and Sean discuss the forward-thinking mindset necessary to navigate both immediate and long-term cybersecurity challenges. Robin emphasizes the need for a balanced approach that combines visionary planning with effective tactical response. He highlights Aston Martin's ambition for full automation and AI-driven security measures.Impact on Customers and CommunityMarco Ciappelli raises the question of how this robust security culture affects Aston Martin's customers. Robin assures that high-value customers expect the best, including top-notch security. He underscores the importance of securing the entire value chain, from suppliers to dealership networks.Community and CollaborationSean explores the role of community among CISOs. Robin shares his positive experiences with the automotive CISO community, emphasizing the value of honest and sometimes brutal feedback. This collaborative environment helps him and his peers continually improve their security programs.Wrapping UpAs the conversation winds down, both hosts thank Robin for his insights. They reflect on the passion and dedication evident in the cybersecurity community throughout the event. Sean invites Robin for another discussion on cyber futurism, hinting at more intriguing conversations to come.Marco and Sean close the episode by thanking their audience and expressing their excitement for future events. They hope to see everyone again at next year's Infosecurity Europe, promising more engaging content and enlightening discussions.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4QkrBe sure to share and subscribe!____________________________ResourcesLearn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/re

Guests: Marcin Gajkowski, Head of Liability Underwriting Team, Generali PolandOn LinkedIn | https://www.linkedin.com/in/marcin-gajkowski-4a6685134/ Michal Balwinski, Senior Underwriter and Cyber Practice Leader, Generali PolandOn LinkedIn | https://www.linkedin.com/in/micha%C5%82-balwi%C5%84ski-136105197/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesExploring Cyber Insurance Nuances Across Europe with Generali Poland at InfoSecurity Europe 2024Picture this: bustling conversations, gleaming booths, and thought-provoking sessions at InfoSecurity Europe 2024, held in the vibrant city of London. Amidst this atmosphere, Sean Martin and Marco Ciappelli of "On Location With Marco and Sean" invite listeners into a fascinating discussion focusing on the intricacies of cyber insurance within Europe. Joined by two brilliant minds from Generali Poland, Marcin Gajkowsky and Michal Balwinski, this episode immerses us into understanding cyber insurance and its varied landscape across the continent.Setting the Scene: InfoSecurity Europe 2024The episode kicks off with Marco and Sean's characteristically witty banter. They joked about their numerous travels and questioned their whereabouts, reflecting the lively and spontaneous spirit of live recording. They also introduce their esteemed guests, Marcin Gajkowsky and Michal Balwinski, from Generali Poland. The discussion's setting is none other than the renowned InfoSecurity Europe event, where cybersecurity professionals gather to forge connections and share innovative security solutions.Understanding Cyber Insurance: Perspectives from Generali PolandMarcin Gajkowsky, leading Generali Poland's Liability Team, opens up about his journey into cyber insurance. Despite his initial background in casualty and professional indemnity underwriting, Gajkowsky has grown passionate about the potential and challenges of cyber insurance, especially within Poland. With the deployment of their local cyber insurance policy in 2021, Generali Poland has committed to navigating and shaping this emerging market.Michal Balwinski, a senior underwriter and cyber insurance practice leader at Generali Poland, delves further into the policies and market dynamics. He highlights the significant knowledge gap in Central and Eastern Europe, a relic of historical and geopolitical contexts. This awareness gap necessitates steps for thorough market education and awareness building, ensuring businesses understand and value the importance of cyber insurance.Market Dynamics: Diversity Across EuropeBalwinski emphasizes the differing levels of cyber risk awareness across Europe. The UK, Western Europe, and the Mediterranean regions each present unique insurance needs and challenges based on their levels of digital sophistication and historical development. Poland's market reveals a stark contrast with larger enterprises adopting sophisticated vendor technologies akin to global banks, while smaller and mid-sized companies lag behind, often unaware of the essential benefits and protections cyber insurance provides.Adapting to the Market: Educational and Technological PartnershipsReflecting on the unique role of cyber insurance, the Generali Poland team outlines their approach to nurturing client relationships. They provide comprehensive risk assessments, engaging conversations, and tailored recommendations. True to their philosophy, Generali Poland extends beyond the role of mere policy provider, establishing themselves as committed partners in their clients' cybersecurity journeys.One pivotal shift in insurance strategy involved offering additional prevention tools alongside policies, such as an anti-phishing package equipped with cutting-edge security kits. The goal is to bridge the evident gap in cyber preparedness among smaller enterprises, ensuring they have robust mitigation measures in place before a policy comes into effect.Resilience and Ransomware: To Pay or Not to Pay?A highlight of the discussion revolves around ransomware and the ethical and practical dilemmas associated with ransom payments. Marcin and Michal elucidate Generali Poland's firm stance against paying ransoms, except in extraordinary circumstances where lives are at stake. They stress that paying ransoms perpetuates the cycle of cybercrime funding and escalation. Instead, their approach focuses on bolstering clients' overall cyber resilience through comprehensive support, including 24/7 incident response services, business interruption coverage, and holistic risk management.Conclusion: Building a Borderless Cyber-Aware FutureAs the insightful conv

Guests: Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/On Twitter | https://x.com/HoutMadeleinPaul McKay, Vice President, Research Director at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/paul-mckay-5304a115/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Human Side of CybersecurityInfosecurity Europe 2024 in London brought together some of the industry's most knowledgeable professionals. Marco Ciappelli and Sean Martin, your hosts, were joined by Madeline Van Der Hout, Paul McKay, both from Forrester, and various other experts to discuss the latest trends, challenges, and solutions within the cybersecurity landscape. This exciting episode of "On Location With Marco and Sean" dives deep into essential topics such as the significant role of the human element in cybersecurity, skill shortages, industry fragmentation, and future trends.Reimagining Cybersecurity: Back to the FutureThe episode begins with a nostalgic touch as Sean Martin and Marco Ciappelli discuss the iconic movie "Back to the Future". Drawing a parallel between the film's theme of time travel and the evolving cybersecurity landscape, they emphasize how the industry might benefit from lessons of the past while anticipating the future.The Reality of Cybersecurity InnovationMadeline Van Der Hout and Paul McKay shed light on the changing dynamics of cybersecurity events. Paul mentions that events like Infosecurity Europe must now compete with other regional events like CyberSec Europe in Brussels. This healthy competition fosters localized insights and innovations.Madeline adds that cybersecurity innovation often stems from startups. She believes these events stimulate larger vendors to communicate with smaller startups, thus supporting the entire ecosystem.API Security: A Case for ConsolidationBoth Paul and Madeline reflect on the notable presence of API security vendors at the conference. Madeline points out the consolidation in the market driven by various approaches to API security. CISOs today expect API security to be an integral part of their infrastructure, driving the conversation towards prioritization and efficient resource management.The Human Element and Mental HealthOne of the crucial points discussed was the significant skill shortage in the cybersecurity industry. Madeline stresses the need for more conversations around mental health and burnout prevention among cybersecurity professionals. Paul supports this by highlighting common hiring challenges where organizations are often looking for the "purple squirrel" or the "five-legged sheep."Training and Educating Future TalentThe conversation moves towards the barriers to entry for new talent in the industry. Both experts agree that focusing on certifications alone can create a class divide. Paul argues that this practice restricts access to the industry for those unable to afford costly certifications.Madeline emphasizes the need to work closely with HR departments to create better job profiles and hiring practices. This could alleviate some of the industry's talent shortages.Cybersecurity's Future: More Than Just a Business ProblemMadeline takes a broader view by asserting that cybersecurity is not just a business problem. It's a civilian issue as well, affecting everyone with a digital footprint. She encourages leveraging the power of informed voting and education to address cybersecurity at a societal level.Data-Driven Decision Making: The Key to Security's EvolutionSean Martin concludes by discussing the immense data available in the cybersecurity sector. He emphasizes the potential for the industry to drive businesses by making better, data-driven decisions. Paul agrees, pointing out the need for cybersecurity to evolve similarly to how the CIO function has over the years.Conclusion: A Call for Innovation and HumanityThe episode wraps up by reinforcing the focus on the human element. Marco highlights the need to utilize existing resources effectively rather than being distracted by the latest technological gadgets. Madeline's call to talk more about humans in every cybersecurity breach serves as a profound takeaway.As the conversation echoes through the media room at Infosecurity Europe 2024, it's clear that the journey forward in cybersecurity involves a blend of technology, human touch, and innovative thinking.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://w

Guests:Brian Honan, Founder, BH ConsultingOn LinkedIn: https://www.linkedin.com/in/brianhonan/On X: https://x.com/BrianHonanSuk Paul, Director - EMEA Services GTM, Kudelski SecurityOn LinkedIn: https://www.linkedin.com/in/suk-paul-mba-99757412/Heather Lowrie, Chief Information Security Officer (CISO), The University of ManchesterOn LinkedIn: https://www.linkedin.com/in/heather-lowrie/On X: https://x.com/HeatherELowrieTim Grieveson, Senior Vice President - Global Cyber Risk Advisor, BitsightOn LinkedIn: https://www.linkedin.com/in/timgrieveson/On X: https://x.com/timgrievesonDaniel Lattimer, Area Vice President - EMEA West, SemperisOn LinkedIn: https://www.linkedin.com/in/daniel-lattimer-37533016/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesWATCH THE VIDEO: https://youtu.be/3VQ5VsD-DKQIn recent news, the NHS has been severely impacted by a ransomware cyber attack. This once again highlights the vulnerability of critical infrastructure to cyber threats. In this episode of ITSPmagazine, Marco Ciappelli and Sean Martin dive into this alarming incident while at the InfoSecurity Europe event in London, engaging with a panel of esteemed professionals in the field of information security.One of the significant themes that emerged from the conversation is that cybercrime is no longer the domain of rogue teenage hackers working from their basements. As Brian Honan emphasized, cybercriminals today are often part of organized crime syndicates involved in drug trafficking, arms dealing, and human trafficking. They are driven by financial gain and are willing to go to great lengths to achieve their goals.This particular incident affected NHS pathology services, causing surgeries and blood transfusions to be canceled or postponed, directly impacting patient care. Suk Paul pointed out that this kind of attack is not isolated. Since the conflict in 2022, the UK has witnessed a rise in cyber-attacks on public infrastructure, including hospitals and universities. He stated that the human intelligence element is crucial in identifying the techniques and methods used in such attacks.The conversation also shed light on the complexity of managing third-party supply chain risk. Heather Lowrie suggested considering cybersecurity as a business enabler and not just a technical issue. She stressed the need for robust communication and collaboration between internal teams, external partners, and even at the board level to create a resilient cybersecurity posture.To this end, Tim Grieveson echoed the importance of having a security leader with excellent communication skills who can align security strategies with business outcomes. This alignment is particularly essential in critical sectors like healthcare, where the focus is on maintaining patient-centric care.Furthermore, Daniel Lattimer highlighted the challenges faced by the NHS in funding cybersecurity measures. He mentioned that while the NHS has made strides in improving its cybersecurity capabilities, there is still a dilemma of prioritizing between lifesaving patient care and investing in cybersecurity. More specific guidance and a legislative approach similar to US standards could help in achieving minimum security standards.Brian Honan described the importance of legislative measures like the EU's Digital Operations Resilience Act (DORA) and the Network and Information Security Directive (NIS2), which focus on resilience in critical infrastructure. The key is not just to prevent cyber-attacks but to ensure continuity of services during and after an attack.During the discussion, a repeated point was the inevitability of cyber incidents and the need for preparation and response. Tim Grieveson stressed the necessity of identifying critical assets and vulnerabilities, communicating risks to the board, and developing a clear response plan. He pointed out that it is not just about the technical aspects but also about storytelling and helping the organization understand the real-world implications of cyber risks.The significance of cross-sector collaboration was also highlighted. Heather Lowrie noted that cyber threats are a societal challenge, not limited to individual organizations or sectors. Therefore, collective preparation and response are crucial for building resilience against cyber threats. She called for more exercises within and across sectors to prepare teams for real-world events.Lastly, the episode discussed the ethical dilemma of paying ransoms. Brian Honan strongly advocated against paying the ransom, citing the lack of guarantee that systems would be restored securely and

Here we are, once again from the bustling show floor at Infosecurity Europe 2024 in London, situated at the Excel Centre. Sean Martin of ITSP Magazine is your host, and he's joined by Dror Liwer, co-founder of CORO Security. Both are excited to dive deep into how CORO is expanding its focus into the European market.Day Three: Nonstop Conversations and PresentationsFrom the get-go, Dror shares his enthusiasm about being part of this prestigious event for the first time. With a primary presence in the U.S., CORO is now aggressively moving into EMEA, starting right here in London. This move is in response to increasing demand from small to medium-sized enterprises (SMEs) in Europe who need robust cybersecurity solutions.Addressing the Security Needs of SMEsSean recalls the comprehensive capabilities of CORO discussed in previous episodes. CORO provides multiple layers of security tailored to an organization’s specific needs, such as regulatory requirements, budget, and staffing capabilities. Sean encourages everyone to revisit those insightful seven-minute chats from RSA Conference to get an in-depth view.Dror emphasizes that CORO is unique in targeting the mid-market from the ground up, unlike other companies that retrofit enterprise solutions to fit smaller businesses. With a focus on simplicity and powerful protection, CORO ensures that its solutions are manageable even for lean IT teams.Navigating the Complexities of EuropeOne of the significant discussions revolves around the differences between the U.S. and European markets. While Sean and Dror acknowledge the similar types of cyber threats faced globally, operational nuances like data residency and privacy regulations differ widely across Europe. CORO has established a data center in Germany to comply with local data residency requirements, ensuring that email and file inspections stay within the EU boundaries.Real-World Applications and ChallengesSean drives the conversation into the specific challenges CORO has faced and the different attack scenarios in Europe compared to the U.S. Dror mentions that while SME awareness of being targets has been prevalent in the U.S. for a while, European SMEs are just beginning to realize the same. As a result, CORO is educating this market about the imminent threats and how to efficiently protect against them without becoming overwhelmed.The Importance of AffordabilityDror and Sean discuss the financial challenges faced by SMEs, such as difficult decisions on whether to invest in cybersecurity or other critical needs like educational resources. Dror emphasizes that CORO has priced its suite of security solutions to remove this barrier, making comprehensive coverage affordable for even the smallest enterprises.Team and Technology: The Backbone of COROThe conversation takes a moment to appreciate CORO’s dedicated team. Sean praises the high energy and mutual support visible at CORO’s booth. Dror points out that customer reviews often highlight how easy it is to work with CORO—a testimony to the company’s dedication to protecting overlooked small and mid-sized businesses.The Future of SME CybersecurityCORO aims to remove the guesswork ("threat roulette”) for SMEs by providing an all-encompassing platform that is accessible and easy to manage. This approach ensures that small businesses can protect themselves comprehensively without the need to prioritize between different threat vectors due to budget constraints.CORO’s MissionAs the conversation winds down, Dror reiterates CORO's mission to protect SMEs globally and make cybersecurity as effortless as possible. Sean encourages attendees of Infosecurity Europe to visit CORO's dynamic and innovative booth, and for those who cannot make it, to check out CORO online. For more information, visit CORO's website at Coro.netThanks to everyone for joining us. Expect more exciting updates from CORO, possibly next time from Las Vegas!Learn more about CORO: https://itspm.ag/coronet-30deNote: This story contains promotional content. Learn more.Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]On LinkedIn | https://www.linkedin.com/in/drorliwer/ResourcesLearn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coroView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company’s journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community.Setting the StageThe bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security’s origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management.Phoenix Security’s Journey and VisionCipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes.Innovative Solutions for Modern Cybersecurity ChallengesPhoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively.Success Stories and Client FeedbackCipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction.Expanding Reach Through Strategic PartnershipsHighlighting the importance of collaboration, Cipollone mentions Phoenix Security’s recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies.ConclusionThe conversation concludes with insights into future security trends and Phoenix Security’s commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters.We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024.Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.