Redefining CyberSecurity

Join Sean Martin and Aviv Cohen as they embark on a fascinating exploration of the often misunderstood world of cybersecurity. They discuss the importance of recognizing cybersecurity professionals as the modern-day heroes they are, and the need for children to understand and appreciate their parents' roles in this field. Cohen introduces a unique tool to bridge this understanding gap - a beautifully illustrated book titled "Castle Defenders: What Do Cyber Parents Do?". The book, written in engaging rhyme, uses the metaphor of a castle needing defense to explain the complex world of cybersecurity to children. It serves not only as a bedtime story but also as a platform for parents to discuss online safety and cybersecurity literacy with their children. The book has been met with enthusiastic feedback, with parents sharing their experiences of reading it to their children, and children asking for repeated readings. It also includes ten cybersecurity rules, providing children with practical tools to stay safe online. The conversation underscores the urgent need for more cyber defenders in our world and the importance of fostering understanding and respect for this role from a young age. This episode is a must-listen for anyone interested in the intersection of technology, cybersecurity, and society, and especially for those who wish to inspire the next generation of cyber defenders.About the Book: Castle Defenders: What Do Cyber Parents Do?Mommy is late for dinner again, and Emma and Oliver are frustrated. Daddy comes to the rescue with spaghetti and an enchanting tale of brave knights and mysterious castles, revealing how he and Mommy work tirelessly to protect the people on the internet from bad hackers and other online threats.Castle Defenders by Dana Meschiany is a charming story, filled with delightful illustrations and playful storytelling, is perfect for young minds eager to explore the captivating world of cybersecurity.Note: This story contains promotional content. Learn more.Guest: Aviv Cohen, CMO at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/avivco/ResourcesLearn more about Pentera and their offering: https://itspm.ag/pentera-tyuwCatch more stories from Pentera at https://www.itspmagazine.com/directory/penteraBook | Castle Defenders: What Do Cyber Parents Do?: https://www.amazon.com/Castle-Defenders-What-Cyber-Parents/dp/B0C51PCQ6QAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Immerse yourself in the rhythmic cadence of 'Thanksgiving Tribute: An Ode to the Cybersecurity Heroes,' a poignant and heartfelt poem that resonates with the unsung heroes of our digital age. This evocative piece weaves together the themes of gratitude, dedication, and quiet sacrifice inherent in the world of cybersecurity.From the tireless practitioners to the visionary CISOs, each verse pays homage to those who safeguard our digital frontiers, even on Thanksgiving Day. As the poem unfolds, it not only celebrates their unwavering commitment but also acknowledges those who spend this festive holiday in service of our cyber safety. Perfect for a reflective moment, this audio rendition brings to life the essence of thanksgiving in a world increasingly dependent on digital protection.Listen now and join in honoring the invisible warriors who make our online world safer.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Joe Sulllivan, CEO at Ukraine Friends [@UkraineFriends_]On Linkedin | https://www.linkedin.com/in/joesu11ivan/At Black Hat Europe | https://www.blackhat.com/eu-23/briefings/schedule/speakers.html#joe-sullivan-47056____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesMost of the time, for these event coverage conversations, we get to connect with keynote speakers to learn more about the topic they plan to share at the event. During our conversation with Joe Sullivan, we did that ... and so, so much more.We talk about Joe's role in prosecuting cyber crime—and the ironic twist where he was charged and convicted as the former CISO at Uber. We touch on Tim Brown's situation with the SEC as a result of the SolarWinds Breach. And then Joe takes this conversation to the stratosphere to shed some light on the trends he is seeing, the rise in the pressure for the role and the rise in the temperature across the CISO community. He discusses the challenges the CISO role continues to face, and how the growing fear of personal liability as a result of the conflict between the public and private sectors could ultimately ice the role and make it ineffective. Joe wants to change this, is leveraging Black Hat, ITSPmagazine, and other outlets to do so. But he needs the community's help as well.Tune in to this (dare we say, approaching emotional) conversation to hear about Joe's journey and all the things he is doing to help keep the CISO role safe and successful. And, most importantly, how you—a security professional that cares about good winning over evil—can join yet another fight for good.About Joe's Keynote at Black Hat Europe 2023 in London, England—'My Lessons from the Uber Case': In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him. The decision reverberated throughout the security community, but still left many unanswered questions. Before the judge sentenced him, Sullivan committed that he would speak wherever possible about the need for a better model for collaboration between the private sector and government. The judge rejected the claims by the prosecutors and Uber that the use of an NDA during the investigation was a coverup, and sentenced Sullivan to probation only.Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine Friends. In a candid conversation, Sullivan will share the lessons he hopes security professionals all learn from his case, so that they, their team, and their company don't ever go through anything similar. He will also make suggestions for how the private sector and government can better collaborate and share other insights about the high-stakes pressures on security executives in an era of unrelenting breaches, ransomware, and automated attacks.____________________________ResourcesMy Lessons from the Uber Case: https://www.blackhat.com/eu-23/briefings/schedule/index.html#my-lessons-from-the-uber-case-36399Black Hat Executive Summit: https://www.blackhat.com/eu-23/executive-summit.htmlLearn more about Black Hat Europe 2023: https://www.blackhat.com/eu-23/____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelBlack Hat Europe 2023 playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQXpNVL6L8zfXXDip7JtQY1Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Allyn Stott, Senior Staff EngineerOn LinkedIn | https://www.linkedin.com/in/whyallyn/On Twitter | https://twitter.com/whyallynOn Mastodon | https://infosec.exchange/@whyallynAt Black Hat Europe | https://www.blackhat.com/eu-23/briefings/schedule/speakers.html#allyn-stott-42433____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________Episode NotesIn this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin engages in a thought-provoking conversation with guest Allyn Stott, a seasoned cybersecurity professional and senior staff engineer. The discussion orbits around the challenges and solutions in building a modern detection response program.Allyn shares his unique perspective on why blue teams often fail. He suggests that the failure is not due to a lack of technical skills, but rather a lack of a broader strategy and understanding of the overall detection response program. He emphasizes the importance of integrating the detection response team into broader business conversations, thereby fostering a more holistic approach to managing risk.The conversation also explores the role of threat intelligence and the need for continuous learning and adaptation in the face of evolving threats. Allyn underscores the importance of understanding the business's actual risk and aligning the detection response program accordingly.Allyn also shares his experience in creating a framework to help teams understand their current capabilities and how to evolve towards a more effective detection response program. This framework, he suggests, can help prioritize work within the program and provide a roadmap for reporting out.This episode is a treasure trove of insights for CISOs, managers, directors, and builders in the cybersecurity field. It provides a roadmap for identifying skill sets, prioritizing work within the program, and reporting out, all crucial elements in building a modern detection response program.The conversation is a blend of practical advice and philosophical musings on the nature of cybersecurity, making it a must-listen for anyone interested or practicing in the field.About Allyn's Black Hat Europe 2023 Session, 'How I Learned to Stop Worrying and Build a Modern Detection & Response Program': You haven't slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you'll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).Gone are the days of buying the ol' EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there are a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.* How worrying can be a superpower* Why blue teams fail* The framework I've developed for building a detection and response program____________________________ResourcesHow I Learned to Stop Worrying and Build a Modern Detection & Response Program: https://www.blackhat.com/eu-23/briefings/schedule/#how-i-learned-to-stop-worrying-and-build-a-modern-detection--response-program-34241A Security Newsletter with a Cute Cat: https://www.meoward.co/subscribeLearn more about Black Hat Europe 2023: https://www.blackhat.com/eu-23/____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelBlack Hat Europe 2023 playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQXpNVL6L8zfXXDip7JtQY1Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining CyberSecurity podcast, host Sean Martin engages in an insightful conversation with Julie Haney, the leader of the human-centered cybersecurity program at NIST. The discussion revolves around the challenges organizations face in implementing security awareness and other information security training programs, products, and operations.During the conversation, Julie introduces the NIST phish scale, a tool that helps training coordinators contextualize phishing click rates. It considers user context and alignment with individual roles, allowing organizations to tailor their phishing simulation exercises to engage employees effectively. This approach goes beyond numbers and focuses on the human factor in cybersecurity.Sean and Julie discuss the various challenges organizations encounter when implementing security awareness programs. These challenges include obtaining leadership support, allocating sufficient resources, and finding engaging approaches for a diverse workforce. They emphasize the importance of collecting user-generated security incidents and gathering feedback to identify areas for improvement and enhance awareness programs. Throughout the conversation, Sean and Julie highlight the significance of understanding and addressing human factors in cybersecurity. They stress that effective security awareness and training programs should go beyond compliance and consider the individual's mindset, attitudes, and behaviors. Additionally, they discuss the lack of effective metrics to measure program success and impact, emphasizing the need for organizations to gather data and feedback to continuously improve their programs. Overall, this episode offers practical insights and advice for organizations seeking to enhance their security awareness and training initiatives. It emphasizes the importance of a human-centric approach and provides valuable tools, such as the NIST phish scale, to help organizations tailor their programs to engage employees effectively.So, tune in to this episode as Sean and Julie take a journey into the challenges and solutions surrounding security awareness in the ever-evolving world of cybersecurity.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesHuman-Centered Cybersecurity: https://csrc.nist.gov/projects/human-centered-cybersecurityNIST Unveils Newly Named Human-Centered Cybersecurity Program: https://www.nist.gov/blogs/cybersecurity-insights/nist-unveils-newly-named-human-centered-cybersecurity-programJulie's LinkedIn post about NIST Unveils Newly Named Human-Centered Cybersecurity Program: https://www.linkedin.com/feed/update/urn:li:activity:7113240410604363778/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.Sincerely, Marco Ciappelli and TAPE3________Marco Ciappelli is the host of the Redefining Society Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Sean Martin—where you may just find some of these topics being discussed. Visit Marco on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story episode, Sean Martin, along with Gabi Stapel and Erez Hasson from Imperva, explores the complex landscape of retail web and mobile security and the increasing role of AI-enabled bots (both good and bad) in e-commerce and the potential threats they pose.Gabi and Erez highlight how these bots can exploit business logic and application capabilities, leading to new account fraud, account takeover, and price manipulation. They emphasize the importance of layered security and anomaly detection as key strategies to counter these threats.The discussion also explores the need for businesses to differentiate between human and bot traffic. Gabi and Erez point out the potential backlash from legitimate users when bots buy and deplete inventory, and the subsequent impact on customer experience and the company's reputation. They also touch on the importance of monitoring the total value of the cart, as bots tend to purchase single items, resulting in net losses for the retailer.The conversation further delves into the global and local aspects of commerce, including regulatory considerations like PCI DSS. Gabi and Erez discuss the upcoming changes in PCI DSS v4, which requires retailers to focus on managing scripts and changes to payment pages to prevent data breaches.The episode also offers valuable insights for both large-scale and smaller retailers. Gabi and Erez underscore the importance of staying on top of security and vulnerabilities, regardless of the size of the business. They provide practical advice for retailers, such as implementing a waiting room web page or a raffle system for big sales events, and auditing purchases for limited product drops.This episode is a must-listen for anyone involved in e-commerce and cybersecurity, providing a comprehensive understanding of the evolving landscape of cyber threats in the retail industry.Note: This story contains promotional content. Learn more.Guests: Gabi Stapel, Cybersecurity Threat Research Content Manager at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/gabriella-stapel/On Twitter | https://twitter.com/GabiStapelErez Hasson, Product Marketing Manager at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/erezh/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaBlog | Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season: https://itspm.ag/impervkb2gAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: J. David Grossman, Vice President, Regulatory Affairs, Consumer Technology AssociationOn LinkedIn | https://www.linkedin.com/in/jdgrossman/At CES | https://www.ces.tech/sessions-events/speaker-directory/david-grossman.aspx____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of the ITSPmagazine On Location Event Coverage series, hosts Marco and Sean discuss the highlights and trends for CES 2024 with J. David Grossman, VP, Regulatory Affairs, Consumer Technology Association (CTA). The trio explores topics such as IoT, food tech, health tech, cybersecurity, autonomous vehicles, privacy, diversity and inclusion, human security, AI, and the over role technology plays in solving global challenges.Together, they emphasize the importance of improving the cybersecurity of consumer connected devices and providing consumers with more information about the security measures in place. They also discuss the need for a national privacy bill to create a consistent privacy framework for protecting consumer data.The conversation delves into the role of AI in the technology landscape and the ethical considerations surrounding AI, as well as the intertwining of AI, data privacy, and consumer protection. It is an exciting innovations in fitness, wearables, gaming, esports, Web3, metaverse, sports technology, and space. The trio highlight the role of technology in addressing global challenges, such as food security, healthcare access, environmental protection, and economic security.Throughout the conversation, there is a focus on the impact of technology on society and the need for a balanced approach to regulating AI while protecting consumer data. The hosts and guest stress the importance of using technology for positive change and fostering societal improvement.____________________________Catch all of our CES 2024 event coverage: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverageWatch this and other videos on ITSPmagazine's YouTube ChannelCES 2024 Las Vegas playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcuvjsP6zvFyZkL7z2D8WZRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqRedefining Society Podcast with Marco Ciappelli playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources"Conversation with a Commissioner" CES Edition: https://www.ces.tech/sessions-events/ips/ips04.aspxCan a Public-Private IoT Device Certification Process Better Protect Consumers?: https://www.ces.tech/sessions-events/ips/ips02.aspxUnlicensed Innovation - The Impact of Wi-Fi & Beyond on Daily Life: https://www.ces.tech/sessions-events/ips/ips10.aspxLearn more about CES 2024: https://www.ces.tech/____________________________For more CES 2024 Event Coverage visit: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this series, ‘Cyber Shadows Over Serenity,’ we unravel the tales of three emblematic small businesses that stand as pillars in the peaceful community, each facing the dark storm of a ransomware attack that sought to shroud their digital realms in chaos. As we revisit the serene streets of our digital saga in 'Cyber Shadows Over Serenity,' we prepare to witness the concluding chapter of Clay Creationz's ordeal and the profound lessons learned by the entire town. Join us in this final narrative as resilience, recovery, and newfound digital wisdom emerge from the shadows.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Malcolm Harkins, Chief Security & Trust Officer at HiddenLayer [@hiddenlayersec]On Linkedin | https://www.linkedin.com/in/malcolmharkins/On Twitter | https://twitter.com/ProtectToEnable____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin engages in a thought-provoking conversation with guest Malcolm Harkins about the challenges and failures of the CISO role. They discuss the importance of setting clear design goals and standards to determine success or failure. The conversation delves into risk management and the complexities of goal-setting, highlighting the role of integrity in the CISO's decision-making process.They explore the gray areas and potential conflicts that arise when balancing risk perspectives within an organization. Sean also touches on the idea of having multiple specialized CISOs and the inflation of job titles in the industry. They examine where breakdowns occur and whether they stem from lack of clear design or succumbing to company pressure or vendor hype.The episode also take a turn to exploration the CISO's role in ensuring the cybersecurity integrity of a company, drawing parallels to the roles of general counsel and CFO in maintaining legal and financial integrity.Throughout the conversation, Sean and Malcolm provide insights and anecdotes from their own experiences, offering valuable perspectives on redefining the CISO role and addressing the challenges faced in the cybersecurity industry. The discussion encourages listeners to consider the ethical implications of their decision-making and the importance of designing control environments that prioritize true protection over profiting from insecurity.If you're interested in gaining a deeper understanding of the complexities and failures of the CISO role, as well as exploring the gray areas and conflicts that arise in risk management, this episode is a must-listen.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesMateriality Matters: https://www.icitech.org/post/materiality-mattersIntegrity Matters: https://www.uscybersecurity.net/csmag/integrity-matters/Integrity Matters (RSAC): https://www.rsaconference.com/library/blog/integrity-matters-lets-keep-the-conversation-going____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this series, ‘Cyber Shadows Over Serenity,’ we unravel the tales of three emblematic small businesses that stand as pillars in the peaceful community, each facing the dark storm of a ransomware attack that sought to shroud their digital realms in chaos. In Part 3, witness the Baker family's battle against a crippling ransomware attack at The Sweet Retreet and discover how Clay Creationz, a haven of creativity, navigates the uncharted waters of the digital world. This juxtaposition of resilience and naivety presents a striking narrative on the importance of digital vigilance in today's interconnected age. Join us as we unfold these compelling stories, each offering unique insights and lessons on cybersecurity. Subscribe now to follow the continuing journey of "Cyber Shadows Over Serenity" and learn how even the most tranquil towns are not immune to digital shadows.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this series, ‘Cyber Shadows Over Serenity,’ we unravel the tales of three emblematic small businesses that stand as pillars in the peaceful community, each facing the dark storm of a ransomware attack that sought to shroud their digital realms in chaos. In Part 2, we pick up where we left off in Chapter 1 last time to re-enter the realm of Lexicon Hayven. Here, we find ourselves amidst Eleanor's meticulous preparations to guard against cyber malevolence. When we last visited, we discovered a well-scripted disaster recovery plan, a narrative etched with diligence and foresight, awaiting its execution.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Jeff Reich, Executive Director of Identity Defined Security Alliance [@idsalliance]On Linkedin | https://www.linkedin.com/in/jreich/On Twitter | https://twitter.com/JeffReichCSOOn YouTube | https://www.youtube.com/channel/UC8yfa2vRYDjS7TUWKAHIrwg____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CybersSecurity, host Sean Martin connects with Jeff Reich to dive deep into the world of digital identities and identity management. Through their lively and thought-provoking conversation, they explore various aspects of identities, from multiple personas in apps to the challenges and risks associated with identity sharing.They discuss the impact of cloud adoption and remote work on identity security, emphasizing the need for organizations to prioritize securing digital identities. They also touch on the role of artificial identities in smart devices and cars, and how AI and machine learning can be utilized in identity use cases.Throughout the episode, Sean and Jeff bring a philosophical and science fiction perspective to the topic, using metaphors and engaging storytelling techniques to captivate listeners. They highlight the importance of policy and control in identity management, and the need for organizations to take proactive measures in securing digital identities. They also provide valuable insights from a research survey, revealing that identity security is a top priority for a significant percentage of organizations.They emphasize the complexities of identity management and the evolving nature of identities in today's digital landscape. Overall, this episode offers a captivating and informative discussion on digital identities, leaving listeners with valuable takeaways and a deeper understanding of the importance of identity security in the modern world.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesIDSA: https://www.idsalliance.org/2023 Trends In Securing Digital Identities (White Paper): https://www.idsalliance.org/white-paper/2023-trends-in-securing-digital-identities/2023 Trends In Securing Digital Identities (Infographic): https://www.idsalliance.org/wp-content/uploads/2023/08/IDSA-2023Trends-Infographic.pdf____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this series, ‘Cyber Shadows Over Serenity,’ we unravel the tales of three emblematic small businesses that stand as pillars in the peaceful community, each facing the dark storm of a ransomware attack that sought to shroud their digital realms in chaos. We begin with Chapter 1: Tales from a Tranquil Town.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Gary Hayslip, Chief Security Officer at SoftBank Investment AdvisersOn Linkedin | https://www.linkedin.com/in/ghayslip/On Twitter | https://twitter.com/ghayslip____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin and guest Gary Hayslip engage in a conversation about thought leadership and knowledge sharing in the cybersecurity community. They discuss the process of creating a matrix or list of topics of interest and grading them based on comfort and expertise levels. But is it thought leadership we seek or thought mentorship? 🤔Gary emphasizes the importance of passion and purpose in thought leadership, viewing it more as mentorship rather than traditional leadership roles. He shares his own journey, starting small by speaking at local chapters and gradually expanding to larger conferences. Various writing platforms like LinkedIn, Medium, and personal websites are discussed as avenues for sharing content and seeking feedback from the community.The conversation emphasizes the continuous learning and updating of knowledge to provide valuable insights. Gary highlights the qualities of a thought leader, including passion, purpose, and a genuine desire to help others.Overall, the episode offers insights on thought leadership, knowledge sharing, and the process of becoming a trusted mentor in the cybersecurity field. Listeners can expect an engaging and informative conversation between Sean Martin and Gary Hayslip that focuses on the practical aspects of sharing expertise and making a positive impact in the community.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesWhen Virtual Reality Is A Commodity, Will True Reality Come At A Premium?: https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Questions on Developing Your Thought Leadership: https://www.linkedin.com/pulse/questions-developing-your-thought-leadership-gary-hayslip/CISO Desk Reference Guide Website: https://cisodrg.com/So You Want to be a CISO?: https://www.linkedin.com/pulse/so-you-want-ciso-approach-success-gary-hayslip-cissp-____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Jules Okafor, BISO and CEO and Founder of RevolutionCyberOn LinkedIn | https://www.linkedin.com/in/julesmgmt/David Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedInOn LinkedIn | https://www.linkedin.com/in/david-meece-cybertech-dave/Jay Jay Davey, Global Security Operations Centre Lead, Marks and SpencerOn LinkedIn | https://www.linkedin.com/in/secopsjay/?originalSubdomain=uk____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesHello to all our listeners out there! Marco and Sean here, and we are thrilled to bring you a special episode today. For the third consecutive year, we've been invited to host a panel for an event that's become a cornerstone for the infosec community. And guess what? We've been involved right from its inception. That's right! We are talking about the SOC Analyst Appreciation Day™, a day designed to shed light on the unsung heroes of the cybersecurity world.Now, for those new to this, let us dive a bit deeper. The life of a SOC analyst isn't always glamorous. They often find themselves caught in the whirlwind of immense workload, sometimes feeling like the weight of the entire digital universe rests on their shoulders. Overworked and, sadly, often underappreciated, these analysts face challenges that can lead to burnout and, ultimately, a high turnover rate.Enter Devo, the brilliant minds behind the establishment of the SOC Analyst Appreciation Day™. Their mission? To offer a hearty shoutout to these hardworking individuals and to prompt organizations globally to step up, recognizing the importance of their analysts' satisfaction and mental well-being.If you've been following the event, you know that this year was jam-packed with on-demand content that was nothing short of enlightening. With presentations from some of the most influential thought leaders in the infosec community, topics ranged from real-life use cases to the intricacies of SOC automation and the critical importance of managing mental well-being in such high-pressure roles.But, listeners, we have a treat for you. Today, we're going to dive deep into one of the event's highlights. We had the privilege of moderating a panel that, trust us, you won't want to miss. So, whether you're a budding SOC analyst, a seasoned pro, or just someone with a keen interest in the world of infosec, sit back, relax, and let's delve into some insightful discussions.This panel will take a look at the ins and outs of SOC life. From the tier one analyst role to leadership positions to everything in between, the day-to-day in each type of SOC can look very different — and this panel will cover all perspectives. Moderated by Sean Martin and Marco Ciappelli from ITSP MagazineJules Okafor, BISO and CEO and Founder of RevolutionCyberDavid Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedInJay Jay Davey, Global Security Operations Centre Lead, Marks and SpencerThanks for tuning in to this special episode. Let's get started!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesSOC Analyst Appreciation Day: https://re4.ms/0b41ee____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/At RSA | https://www.rsaconference.com/experts/laura-robinson____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesCISO Perspectives on Transforming Third-Party Risk Management: https://www.rsaconference.com/library/webcast/158-ciso-persp-transfer-third-party?utm_source=x&utm_medium=social&utm_content=158-ciso-persp-transfer-third-party-webcast&utm_campaign=september-2023-rsac365&postID=11353906220____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join us for a fictional journey through Neoterica, where the lines between nature, technology, and humanity blur. Dive into a world facing existential questions and emerge with thoughts that might change how you perceive your own reality.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Laura Payne, Chief Enablement Officer & VP Security Consulting at White Tuque [@WhiteTuque]On Linkedin | https://www.linkedin.com/in/laura-l-payne/?originalSubdomain=ca____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this Chats on the Road episode of the ITSPmagazine Podcast Network, hosts Marco Ciappelli and Sean Martin embark on a road trip to the SecTor cybersecurity conference in Toronto, Canada. Along the way, they engage in playful banter about using a time machine or an autonomous car to reach their destination. Once they arrive, they sit down with Laura Payne, this year's keynote speaker at SecTor.Laura shares her journey in the cybersecurity field and her experience working with various organizations. The conversation delves into the future of cybersecurity and the impact of artificial intelligence. They discuss the importance of resilience, the adoption of AI in small businesses, and the challenges of regulating AI. They also touch on the skills that security practitioners need to develop, such as understanding protocols and APIs.Throughout the conversation, they emphasize the need to build security into new technologies from the start and to maintain a focus on the basics of cybersecurity. They also reflect on the recurring nature of cybersecurity challenges and the importance of learning from history to predict the future. Overall, this thought-provoking episode dives into the future of technology, cybersecurity, and society, providing insights and perspectives from industry experts. The conversation is a mix of playful banter, practical advice, and philosophical reflections, offering listeners a well-rounded and engaging discussion.About Laura's Keynote Session: If 2023 was the year of AI exploding into popular use, what is on the horizon for 2024? There are a lot of predictions for what is coming, but what should we be preparing for as security professionals? We'll look at some of the most popular predictions, view them as if they've already happened and see if history is just repeating itself with past lessons to learn from.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesKeynote: 2024 Predictions in Future-Hindsight View - Get Ready!: https://www.blackhat.com/sector/2023/briefings/schedule/#keynote--predictions-in-future-hindsight-view---get-ready-36117Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Marina Krotofil, Senior Cyber Security Advisor, Critical Infrastructure ProtectionOn Linkedin | https://www.linkedin.com/in/marina-krotofil/Marina's Website | https://www.cyberphysicalsecurity.info/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________Episode NotesIn this episode of Chats on the Road, hosts Marco Ciappelli and Sean Martin are joined by Marina Krotofil, a specialist in cyber physical security, at the SecTor Canada security conference in Toronto. Marina sheds light on the world of cyber warfare and the evolution of cyber weapons. She discusses the leaked Vulkan files, which reveal Russia's centralized strategy and software platform for managing cyber operations. Marina emphasizes the combination of cyber and physical sabotage required in attacks on critical infrastructure and the focus on controlling the masses through disinformation and propaganda. The conversation covers a range of topics, including the link between cybersecurity and political science, societal implications, and the need for independent thinking. Marina highlights the importance of preparing for cyber attacks during peacetime and the vulnerability of small and medium-sized organizations. She shares insights into Russia's cyber capabilities and practices, providing evidence of their development and testing throughout the years. Marina invites listeners to think critically and independently, encouraging them to consider the political and societal implications of cyber warfare. The episode provides thought-provoking insights into the complexities of cyber warfare and the need to be prepared and vigilant in the face of evolving threats. It explores the manipulation of media and propaganda, the dangers of controlling information flow, and the importance of understanding the long-term game of cyber operations. The conversation is not sensationalized or journalistic in nature, but rather focuses on informing and educating listeners about the realities of cyber warfare.Marina's session at the conference, "Do We Really Need to Worry about Critical Infrastructure?" goes deeper into the analysis of Russia's cyber operations and their connection to the leaked Vulkan documents. Overall, this episode offers listeners a chance to gain a deeper understanding of the challenges posed by cyber warfare and the need for proactive defense measures. It encourages independent thinking and critical analysis, highlighting the importance of staying informed and prepared in an age of evolving cyber threats.About Marina's SecTor Session: In the past, the definition of hybrid war was frequently reduced to a composition of kinetic and cyber warfare to simplify the discussion. Lessened to just two components and in the absence of real-world examples of hybrid war, it was often argued that cyberwarfare, and especially attacks on various critical infrastructures, had the potential of having a critical role at times of significant conflicts with combat actions. However, the events in the Ukrainian war theater have shown that kinetic weapons were preferred at the time of tactical military operations. Ever wondered why this was the case?This talk will consist of two parts. The first part will provide a short yet comprehensive summary of the recently leaked "Vulkan files", classified documentation which provides details about Russian hybrid warfare strategy and distributed software platforms to prepare and manage cyber- and information operations in a centralized manner. In the second part, we will analyze notable Russian cyber operations in the post-Stuxnet era (after 2010) and show how Russia gradually evolved and tested its cyber capabilities and hybrid warfare vision. Some of the operations will be discussed with technical details based on first- and second-hand experiences with such operations. By the end of this talk, the audience should get a better idea about a wide range of factors that impact the success of cyber operations and why cyber attacks on critical infrastructures are more frequently opportunistic than strategic as well as may not always yield the desired impact. In conclusion, the talk will outline a type of cyber operations being conducted in war and peace times.Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!ResourcesDo We Really Need to Worry about Critical Infrastructure? Discussion about Cyber Operations in the Context of Leaked Vulkan Files: https://www.blackhat.com/sector/2023/briefings/schedule/#do-we-really-need-to-worry-about-critical-infrastructure-d

The recent report by Mozilla, shedding light on the privacy concerns around modern vehicles, struck a chord. Notably, every car brand reviewed, including behemoths like Ford, Volkswagen, and Toyota, flunked the privacy test. This revelation steered a fascinating conversation with Chris Pierson and Ingrid Gliottone from BlackCloak during a brand story recording for the Redefining Society podcast. Our focus veered towards the lurking privacy and security issues tied to the modern, tech-savvy vehicles we so casually entrust with our data.The modern car is no longer just a mode of transport—it's a smart gadget, a data hub on wheels. But as the wheels spin, so does the reel of our personal information, weaving into the vast web of data, ready for harvest by not just the car makers, but a string of 'they' – the infotainment system providers, app developers, network providers, and possibly cyber rogues. The conversation took a deeper dive as Chris, the CEO of BlackCloak, elucidated the firm's mission—shielding corporate executives and key personnel from personal cyber threats that could ricochet back to the corporations.The Mozilla report is an alarm bell, underscoring the high time to separate the wheat from the chaff in terms of what data is essential for functionality and what merely serves as a gold mine for advertisers or a hunting ground for cyber-attackers. This blend of privacy and security, or the lack thereof, is a cocktail we are forced to sip, as Ingrid pointed out the lack of clarity presented to buyers at the point of sale concerning the privacy policies tied to these vehicles.The promise of tech advancements in vehicles is dazzling—better shocks for off-roaders, safety features to prevent accidents during a sudden snooze, and so on. Yet, as Chris highlighted, there's a dark side. Some policies mentioned collecting data about one's sex life and genetic information— a far cry from the basic expectations of privacy.As the conversation with BlackCloak unrolled, the blend of excitement and concern was palpable. The question now is not about halting the march of technology but steering it towards a path where privacy and security are not the passengers but co-drivers.The findings from the Mozilla report and insights from BlackCloak are not just food for thought, but a call to action. It is crucial to reckon with the reality of the modern-day vehicles doubling as data hubs and to steer the conversation towards a road where transparency, consent, and security are the landmarks. I urge you to dive into BlackCloak's offerings to explore how they are redefining the security landscape, ensuring the privacy and security of your personal digital realm, including that computer on wheels parked in your driveway. Visit BlackCloak to discover what they offer in shielding the modern-day knights from the unseen arrows of the digital world.Guests:Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonIngrid Gliottone, Chief Experience Officer of BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ingridgliottone/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Nia Luckey, Senior Cybersecurity Business Consultant at Infosys [@Infosys]On LinkedIn | https://www.linkedin.com/in/nia-f-713270127/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin and guest Nia Luckey discuss the California Delete Act (California Senate Bill 362) and its impact on data privacy and protection. They delve into the concept of data brokers and the sensitive information they gather, such as personal details, credit data, facial recognition, and driving behaviors.Presenting a couple examples, the conversation raises questions about responsibility for data protection in the realms of autonomous vehicles and platforms like Meta. They emphasize the need for businesses to understand the data they collect, educate themselves on data privacy regulations, and consider offering opt-out options for customers. Of course, providing the option to delete data is going to be a non-negotiable customer feature.The discussion also touches on the challenges faced by smaller organizations in complying with the bill and provides advice on data inventory and protection. They stress the importance of knowing what data is being collected, where it is stored, and how to protect it to an appropriate standard. They highlight the need for businesses, regardless of size, to prioritize data protection and privacy. The ultimate aim is to empower individuals and businesses to have control over their data and protect privacy in an interconnected world.The conversation takes a consumer-centric approach, discussing the implications for individuals and their rights to opt out of data collection. They explore the potential difficulties in deleting data from various platforms and emphasize the importance of making the process accessible and user-friendly.Throughout the episode, Sean and Nia engage in a thoughtful and informative conversation, touching on topics such as data classification schemes, data handling practices, and the overall spirit of the California bill. They encourage businesses to proactively manage risk and ethics and take steps to protect data and privacy.By listening to this episode, listeners can expect to gain a deeper understanding of the California Delete Act, its implications for data privacy, and the responsibilities businesses have in protecting sensitive information. They provide practical advice and insights to help individuals and organizations navigate the complex landscape of data protection and privacy regulations.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesAn Analysis of California Senate Bill 362 - The California Delete Act: https://www.linkedin.com/pulse/analysis-california-senate-bill-362-delete-act-nia-f-luckey-lssbbInternational Association of Privacy Professionals (IAPP). California Legislature Passes Delete Act for PI Aggregated by Data Brokers: https://iapp.org/news/a/california-legislature-passes-delete-act-for-pi-aggregated-by-data-brokers/#:~:text=The%20California%20State%20Legislature%20passed,information%20collected%20by%20data%20brokersCalifornia Legislature. (2023). Senate Bill 362.: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362California's 'Delete Act' Could Let You Scrub Your Data From Brokers' Files.: https://fortune.com/2023/09/15/california-delete-act/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join us for an immersive fictional game show story that delves into the critical factors and decisions driving the number of CISOs an organization might need in today's complex cybersecurity landscape.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Evgeniy Kharam, Cybersecurity Professional, Security Architecture Podcast [@secarchpodcast]On Linkedin | https://www.linkedin.com/in/ekharam/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Evgeniy Kharam to explore the world of browser security and browser isolation. They discuss the user experience and the policies that organizations can apply to protect against security threats.The conversation delves into the concept of remote browser isolation and its application in ensuring user safety when visiting unknown or malicious websites. They also dive into the benefits of using enterprise browsers and the control they provide over website access, malware scanning, data loss prevention, and more.The episode touches on the impact of browser security on security programs, team structures, and the tech stack. They discuss the relatively new browser security space and its potential to disrupt the SASE and SSE markets. Evgeniy shares insights into the potential transformation of the cybersecurity landscape and predicts that endpoint solutions may incorporate isolation technology. The episode concludes with a preview of Evgeniy's upcoming session at the SecTor security conference in Toronto, where he will dive deeper into browser security isolation.Overall, this episode offers valuable insights into the evolving world of browser security and its potential impact on cybersecurity practices. Listeners can expect an engaging conversation that combines technical knowledge with practical applications.About Evgeniy's SecTor Session: There has been renewed hype about adding more security efforts around the browser. New security startups and the bigger players as well have been making the case that because browsing is such an inherent part of our work and personal lives, we should address phishing and other attacks there. After interviewing and analyzing the offerings of many providers, I will share my findings and perspective on the market. This session will go over key points on how such a technology might be used in your organization, the pitfalls and how it fits in with / competes with other product suites like SASE and EDR. What you will learn:- Use cases for browser isolation/enterprise browser- ZTNA using browser isolation/enterprise browser- Where browser isolation/enterprise browser fits in an environment- Vendor land space- What we should expect in the next 12-18 months____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesBrowser Security / Isolation-101 (session): https://www.blackhat.com/sector/2023/briefings/schedule/#browser-security--isolation-101-34279Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Andrew Braunberg, Principal Analyst at Omdia [@OmdiaHQ]On Linkedin | https://www.linkedin.com/in/andrew-braunberg-74a69/On Twitter | https://twitter.com/abraunberg____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a thought-provoking conversation with Andrew Braunberg, a principal analyst at Omdia. They explore the world of risk-based vulnerability management and its potential to revolutionize security operations and risk management programs.The discussion delves into the challenges of traditional vulnerability management, including the reliance on Common Vulnerability Scoring System (CVSS) scores and the increasing volume of software vulnerabilities. They stress the importance of context, value, and verifiable risk reduction in prioritizing actions to effectively mitigate risk.Andrew shares insights on the convergence of risk management and vulnerability management, as well as the role of telemetry in gaining a comprehensive view of the digital landscape. The conversation also touches on the need to understand the external threat landscape and consolidate threat information for better predictions. They discuss the expansion of vulnerability management into dev environments and the broader view of vulnerability, encompassing exposure management and misconfigurations.The potential for self-serve tools and services in risk-based vulnerability management is explored, along with the consolidation of security control validation and attack path validation capabilities. Throughout the episode, the importance of rethinking security programs and embracing a proactive security posture based on risk reduction is emphasized. Collaboration and communication between security teams, asset owners, and management are highlighted as crucial for effective vulnerability management and risk mitigation.The conversation provides valuable insights into the world of risk-based vulnerability management and the shift towards proactive cybersecurity. So if you're seeking innovative approaches to vulnerability management and risk reduction, tune in to this enlightening episode of Redefining CyberSecurity Podcast with Sean Martin and Andrew Braunberg.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesOmdia research finds risk-based vulnerability management set to encompass the vulnerability management market by 2027 (press release): https://omdia.tech.informa.com/pr/2023/09-sep/omdia-research-finds-risk-based-vulnerability-management-set-to-encompass-the-vulnerability-management-market-by-2027____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Allie Mellen, Senior Analyst at Forrester [@forrester]On Linkedin | https://www.linkedin.com/in/hackerxbella/On Twitter | https://twitter.com/hackerxbella____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn the fast-paced world of cybersecurity, market dynamics constantly evolve, driven by technological advancements, strategic partnerships, and acquisitions. One recent development that has captured the industry's attention is Cisco's intended acquisition of Splunk. This move promises to reshape the cybersecurity landscape and prompts us to explore the implications it holds for market competitiveness and security program effectiveness. In this conversation, Sean Martin and Allie Mellen take a journey into the intricacies of this acquisition, examining its impact on the dynamics of the cybersecurity space overall.Sean and Allie discuss some of the key drivers behind the acquisition, touching on the challenges Splunk has faced and the industry’s need for more innovation in security operations. They dive into the challenges faced by security teams, particularly regarding SIEM cost management and a lack of innovation. They also touch on the importance of talent management, training beyond the tools, and improving the analyst experience to drive transformation efforts.The conversation expands to consider the broader market impact of the acquisition. They discuss the opportunities for other security analytics and SIEM vendors to position themselves as alternatives to Splunk. The emergence of the XDR market expanding deeper into the security response space is also explored, focusing on its potential to provide bundled offerings that replace some of the traditional SIEMs on the market.Sean and Allie also discuss the potential vision for SIEM and whether the shift towards XDR and endpoint-focused solutions limits the potential for a broader security operations scope. While XDR vendors aim to expand beyond endpoints, the discussion acknowledges the need for more comprehensive solutions like Splunk that remain ready to handle events and incidents that occur beyond the endpoint.They also have a discussion on potential future trends, such as federated search and access of data, and the interest in building a more comprehensive, sustainable IT operations platform.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources ____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests:Devon Bryan, Global CIO at Carnival Corporation On LinkedIn | https://www.linkedin.com/in/devonabryan/Kimberly Quan, Senior Manager, Cyber Fusion at Juniper Networks [@JuniperNetworks]On LinkedIn | https://www.linkedin.com/in/kimberlyq/Katrina M, VP of Product Security at Akamai Technologies [@Akamai]On LinkedIn | https://www.linkedin.com/in/katrina-m-8477361/Dr. Elizabeth Kolmstetter, Chief People Officer at Cybersecurity and Infrastructure Security Agency [@CISAgov]On LinkedIn | https://www.linkedin.com/in/elizabeth-kolmstetter-8217289/Licole Bursey, Alumni, NPower [@NpowerOrg]On LinkedIn | https://www.linkedin.com/in/licole-bursey-5a25a3176/Event Host: Nelson Abbott, Senior Director, Advanced Program Operations at NPower [@NPowerOrg]On LinkedIn | https://www.linkedin.com/in/nelson-abbott/____________________________Moderator: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s Sponsors___________________________Episode NotesWith over 630K open cyber jobs in the US, NPower continues to produce a strong network of diverse cybersecurity professionals for in-demand cyber roles. Hear from industry execs Devon Bryan of Carnival Corporation, Kimberly Quan of Juniper Networks, Katrina M. of Akamai Technologies, Dr. Elizabeth Kolmstetter of Cybersecurity and Infrastructure Security Agency (CISA), and NPower alumni, Licole Bursey in a panel discussion on the cyber talent gap and ways to tap into a viable pipeline of nontraditional cyber talent.The panel delves into various aspects of the talent gap in cybersecurity, including the challenges organizations face in recruiting and retaining cyber talent, the need for diverse talent pipelines, and the importance of creating a sense of belonging in the workplace.Dr. Kolmstetter highlights the importance of purpose and making a connection with the organization's mission to attract diverse talent. She emphasizes the need for a workplace environment that celebrates diversity of opinions and thoughts, where people can thrive and feel they are making a difference.Devin discusses the image problem that cybersecurity still faces and the need for representation of diverse practitioners. He stresses the importance of visibility and showcasing cybersecurity’s fun and exciting aspects to attract more people, especially those from underrepresented communities.Licole shares her personal experiences and insights as someone who has successfully navigated the job market in cybersecurity. She discusses the importance of having a diverse skill set and approaching the job search with a holistic mindset, focusing on mental and physical readiness.Throughout the episode, the panelists emphasize the progress that has been made in addressing the talent gap, but acknowledge that more work needs to be done. They discuss strategies for attracting and retaining diverse candidates, such as removing degree requirements and leveraging non-traditional recruiting streams.The conversation offers practical insights and solutions for organizations and individuals in the cybersecurity field. It is a valuable listen for anyone interested in understanding the challenges and opportunities in closing the talent gap, promoting diversity and inclusion, and building successful cybersecurity careers.____________________________Watch the NPower video on YouTube: https://www.youtube.com/watch?v=LV4y_b26G5kWatch other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesEngaging with Advancing Tech Careers Collaborative for partnership opportunities: https://www.npower.org/get-involved/atcc/Command Shift Diversity Directive toolkit: https://diversity.commandshift.org/diversitydirective/NICE Job Description Toolkit: https://www.nist.gov/system/files/documents/2023/09/22/MTM%20Guidance%20on%20Writing%20a%20Hiring%20Rubric.pdfNPower Virtual Career and Resource Fair: https://app.premiervirtual.com/events/15495c07-5f3a-4639-8b08-fe90b3ddfd24/npower-virtual-career-and-resource-fair/organization____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join us for this fictional tale where we follow a cybersecurity team, long overshadowed, as they rise to embrace transformation and pioneer a new era in cyber defense.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this thought-provoking episode of the Redefining CyberSecurity Podcast on the ITSPmagazine Podcast Network, host Sean Martin connects with Matthew Rosenquist to engage in a discussion about the recent SEC notification ruling. They explore the importance of transparency and accountability in cybersecurity for public companies as they dig into topics such as the need for transparency in security posture, the impact on shareholders and potential investors, and the role of privacy regulations in raising the security posture of industries like healthcare. They emphasize the value of notification and the balance between providing timely information to shareholders and avoiding potential lawsuits.The conversation highlights the ethical implications of concealing information and the changing role of legal counsel in incident response. They discuss the potential emergence of whistleblowers to expose non-compliant companies and the impact of fines and penalties. They also touch on how transparency can drive accountability and impact business partners, vendors, and suppliers.Recognizing the challenges faced by companies in operationalizing security and stress the importance of continuous monitoring and evaluation of cybersecurity measures, the episode discusses the potential for companies to face lawsuits and the role of the board in overseeing cybersecurity controls.Overall, this episode offers valuable insights into the SEC notification ruling, providing listeners with a deeper understanding of its implications for cybersecurity, transparency, and accountability in public companies.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesSEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies: https://www.sec.gov/news/press-release/2023-139Matthew's post on LinkedIn: https://www.linkedin.com/posts/matthewrosenquist_clorox-says-last-months-cyberattack-is-still-activity-7109565860331065344-yRec/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join us for a fictional tale of two security leaders—Sarah and Roger—and their contrasting approaches to zero-day crisis management.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story episode, hosts Marco and Sean have a thought-provoking discussion with Peter Klimek from Imperva about the concept of "shift left" in application security. Have we gone too far?The conversation revolves around the challenges and benefits of identifying vulnerabilities earlier in the software development lifecycle and the need for collaboration between development and security teams. Peter emphasizes the importance of finding a balance between tools and human expertise in addressing vulnerabilities. He highlights the common issue of organizations having a backlog of vulnerabilities that need to be fixed, rather than a problem of finding vulnerabilities—it's "easy" to find them, harder to fix them all.The conversation also touches on the measurement of closure velocity and the significance of development team velocity as a core metric in application security. They discuss the role of APIs, platform engineering, and infrastructure as code in improving collaboration, automation, and trust in systems.Peter draws a parallel between guardrails on a highway and the need for guardrails in application security, emphasizing the importance of providing development teams with time to address critical vulnerabilities. They also explore the challenges of coordinating multiple teams and the role of operations in orchestrating the development and security processes.The need for a defensive mindset and the importance of leveraging the guardrails Peter noted to prevent fatal vulnerabilities is also discussed as they emphasize the significance of collaboration, measurement, and a balance between development and security teams in implementing shift left practices effectively.The episode provides valuable insights into the nuances, challenges, and benefits of integrating shift left practices into application security, while emphasizing the need for collaboration, balance, and the ethical use of tools.Note: This story contains promotional content. Learn more.Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988DevOps Research and Assessment (DORA): https://dora.dev2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sg47.4% of internet traffic wasn’t human in 2022! Get the research from @Imperva to learn how bots are taking over the internet.The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapelPart 2: https://redefining-cybersecurity.simplecast.com/episodes/why-protecting-your-business-data-is-more-like-securing-a-museum-than-a-bank-demystifying-data-protection-an-imperva-story-with-terry-ray-07mq5xex-q5rc-fw8From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | An Imperva Brand Story With Ryan Windham:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamPart 2: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-2-an-imperva-story-with-ryan-windhamCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guest: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this special episode of Redefining Cybersecurity—the CISO Circuit Series—Sean Martin and Michael Piacente come together to explore the role of a CISO and the challenges they face. They discuss how organizations are trimming cybersecurity activities, including the reduction or elimination of CISO roles, due to the impact of the economy. They explore the concept of "battlefield promotions," where individuals within organizations take on CISO responsibilities without the official title. They discuss the trend of an increasing number of job seekers in the cybersecurity market, with data revealing a significant rise in both proactive and reactive candidates. They also discuss the importance of executive-level support for CISOs and the impact it has on their job satisfaction and success.The conversation touches on the issue of executive sponsorship, with many companies failing to fully support their security programs, leading to frustration and turnover among CISOs. The conversation highlights the collaborative nature of the CISO community and its influence on the hiring process. They also explore the concept of ESG (Environmental, Social, and Governance) and its influence on individuals seeking new security roles.The desire to make a positive impact on the world and align with organizations that share that goal emerges as a driving force for CISOs. Give the challenges cybersecurity leadership encounters, the need for adequate support and resources continues to mount.Throughout the episode, Sean and Michael provide valuable insights into the evolving nature of the CISO role and the factors that influence job satisfaction and career moves in the cybersecurity industry. Listeners can expect a thoughtful and informative conversation that highlights the complexities and nuances of the CISO role in today's dynamic cyber landscape.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesPodcast: A Tale of 2 CISOs: Navigating the Evolving Landscape of Information Security and Ethics, Today and Tomorrow | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3: https://redefining-cybersecurity.simplecast.com/episodes/a-tale-of-2-cisos-navigating-the-evolving-landscape-of-information-security-and-ethics-today-and-tomorrow-a-musing-on-the-future-of-cybersecurity-and-humanity-with-sean-martin-and-tape3-read-by-tape3Blog Series: Am I Wrong For Saying I Could Never Be A CISO?Part 1 Of 4 | The Risks And Rewards Of Being A Chief Information Security Officer: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-the-risks-and-rewards-of-being-a-chief-information-security-officer-part-1-of-4Part 2 Of 4 | CISO Playbook: Preparation And Tools For Navigating The Cybersecurity Minefield: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-ciso-playbook-preparation-and-tools-for-navigating-the-cybersecurity-minefield-part-2-of-4Part 3 Of 4 | The Power Of Community And Communication: Just A Couple More (Critical) Pieces Of The CISO Puzzle: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-the-power-of-community-and-communication-just-a-couple-more-critical-pieces-of-the-ciso-puzzle-part-3-of-4____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecu

Guest: Kayla Williams, CISO of Devo Inc. [@devo_Inc] and co-host of the Locked Down Podcast [@LockedDownKT]On Linkedin | https://www.linkedin.com/in/kaylamwilliams1/On Twitter | https://twitter.com/kayla_obviouslyOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode, hosts Marco and Sean are joined by Kayla Williams, CISO for Devo Technology, to discuss the upcoming SOC Analyst Appreciation Day. The conversation covers various sessions that will be part of the event, including topics such as mental health, a day in the life of a SOC analyst, and the impact of AI and automation. They emphasize the need for empathy and understanding when it comes to mental health, highlighting the importance of recognizing signs of distress and offering support. They also discuss the challenges faced by SOC analysts, such as burnout and the lack of recognition, and stress the need for better communication and collaboration within the industry.The CISO panel that will be part of the event, titled "CISOs in the Hot Seat," sparks curiosity about the discussion topics, with hopes that people management and understanding the mental health of teams will be addressed. The session on AI and automation raises questions about whether it will make the life of SOC analysts easier or increase the threat landscape. There is tons of excitement from Sean and Marco about hosting the "Day in the Life of a SOC Analyst" panel, where they aim to explore the daily struggles and experiences of analysts. They underscore the importance of appreciation and recognition within the industry, as indicated by statistics showing that many analysts are seeking a way out of their roles.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesSOC Analyst Appreciation Day: https://re4.ms/0b41ee____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join us for this fictional story as we take a 10-year journey into the future, exploring the evolving challenges and opportunities facing two CISOs—Emma and Harper—today, and a decade from now.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A cautionary tale and a call to action for the digital age as we reimagine—perhaps even redefine—the relationship between technology and talent in cybersecurity.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: David Hunt, AuthorOn Linkedin | https://www.linkedin.com/in/david-hunt-b72864200/On Twitter | https://twitter.com/privateducky____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity, host Sean Martin engages in a thought-provoking conversation with David Hunt, author of the book, Irreducibly Complex Systems: An Introduction to Continuous Security Testing, to explore the topic presented in the book.David introduces the concept of irreducibly complex systems, explaining that continuous security testing requires a system where all the individual components must be functioning correctly for the system to work. He uses the analogy of a mousetrap to illustrate this idea, highlighting that removing even one component renders the entire system useless.The conversation also digs into the challenges of testing in changing environments and the need to understand how defenses perform during specific time frames. They discuss the value of continuous security testing in gaining visibility into the effectiveness of security defenses and shedding light on techniques used by malicious actors.Sean, having been a software quality assurance engineer in previous roles, and David, having held numerous roles in the commercial, public, and non-profit realms, explore the differences between continuous security testing and traditional security testing. They explain that continuous testing focuses on evaluating how defenses respond to attacks, rather than testing offensive capabilities. Moreover, continuous security testing operates at complete scale on production systems, unlike traditional testing which is often limited to development environments.They also discuss the importance of overcoming the dichotomy of skill sets required for continuous security testing. David explains that the offensive skills needed to create effective tests and attacks are often separate from the software skills needed to build a safe, high-assurance command and control center.Throughout the episode, Sean and David provide listeners with valuable insights into the world of continuous security testing and its significance in the evolving cybersecurity landscape. They emphasize the need for organizations to adopt this approach in order to gain better visibility and understanding of their defenses in the face of emerging threats.There’s a lot to take from this conversation, including an extreme example of how continuous security testing results have redefined cybersecurity in David’s organization.____________________________About the bookContinuous security testing (CST) is a new strategy for validating your cyber defenses. We buy security products that promise to protect us, like EDR, but how do we know they're working? CST takes the stance that endpoints are the center of your infrastructure universe. Whether the operating system verticalizes defense or a third party is bolted on, it is the job of the endpoint to protect itself from within. This new concept dictates testing should occur around the clock, in production and at scale. It provides an open model that others can use to approach testing and finally answer the question: Do you know with certainty that your defenses will protect you against the latest threats?____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesIrreducibly Complex Systems: An Introduction to Continuous Security Testing (Book): https://www.yellowduckpublishing.com/books.html?title=icsd____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Sue Bergamo, Executive Advisor/CISO/CIO at BTE Partners, LLCOn Linkedin | https://www.linkedin.com/in/suebergamo/On Twitter | https://www.twitter.com/@suebergamoOn YouTube | https://www.youtube.com@suebergamo____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin engages in a conversation with guest Sue Bergamo about the dynamics and responsibilities of cybersecurity leadership. They discuss, compare, and contrast the roles of the CISO, CIO, and CTO in an organization and the handoff of tasks and responsibilities between them.Sue emphasizes the need for a holistic approach to security, with the CISO responsible for protecting the inner workings of the company and its data. They explore the challenges of hiring in the cybersecurity field and the impact of the current economic climate. Sue cautions against a siloed approach to security and advocates for a well-rounded security program. They discuss the importance of consistency and structure in change control and release management processes to prevent issues and vulnerabilities. They also emphasize the role of the CISO as a trusted advisor, communicator, and educator within the organization. They touch on the maturity level of cybersecurity programs and the need for organizations to embrace business-level conversations to reduce risk and exposure. Sue addresses the current state of the industry, highlighting the challenges faced by CISOs and security teams. She suggests that a calm and collected approach is a sign of a well-functioning security program. This, however, could leave the rest of the organization questioning their investment in cybersecurity. To this end, they discuss the importance of implementing controls and processes to create structure, improve security posture, and demonstrate this to the business leaders and key stakeholders.Overall, the episode provides valuable insights into the evolving role of the CISO and the importance of a holistic approach to cybersecurity. The conversation is informative, thoughtful, and thought-provoking, without sensationalizing the content or adopting a journalistic tone.Listeners can expect to gain insights into the complex dynamics of cybersecurity leadership and the challenges faced by organizations in the current landscape. Have a listen!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesShort-Takes (podcast): https://www.youtube.com/ @suebergamo ____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Trond Arne Undheim, Founder of Yegii [@Yegii_Insight] and Research Scholar in Global Systemic Risk, Innovation, and Policy at Stanford University [@Stanford].On Linkedin | https://www.linkedin.com/in/undheim/On Twitter | https://twitter.com/trondauWebsite | https://trondundheim.com/On Facebook| https://www.facebook.com/trond.undheim/On Instagram | https://www.instagram.com/trondundheim/?hl=enOn YouTube | https://www.youtube.com/channel/UCI4EpjuQzb58EiawzElwvYQ____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this thought-provoking episode of the Redefining CyberSecurity podcast, host Sean Martin is joined by futurist, Trond Arne Undheim, as they engage in a deep conversation about the intersection of technology, innovation, and risk management. Trond offers deep insights into the world of risk and the need for new paradigms to address emerging challenges.The conversation starts with a discussion on the importance of systematic feedback and validation-driven strategies in fostering innovation. Sean and Trond highlight the positive aspects of risk information, emphasizing that it can help save resources by redirecting efforts towards more viable avenues.Sean and Trond explore the notion of systems thinking and the challenges it presents. They explain that when we describe something as a "system," it implies that it is something we cannot fully control, but rather something we are amidst. They also touch on the concept of cascading risks, highlighting the potential dangers of multiple risks working together.The conversation shifts to the role of organizations in managing risk. Sean and Trond acknowledge the complexity and short-term focus of many risk management approaches and express the need for new institutions (non-profit, government, etc.) and companies (commercial product/service providers, for example) to address this gap. They mention the rise of industries focused on specific risk areas, such as cybersecurity and ESG risk, and predict that more industries will emerge to provide risk management services. Sean and Trond also explore the idea that a higher level of risk can spur innovation, but caution against irresponsible risk-taking. They stress the importance of finding a balance between risk and innovation.Join Sean and Trond for an engaging conversation rooted in philosophical discussion about the future of technology, the potential risks posed by emerging technologies like AI and bio-risks, and the impact of risk management on society. This episode of Redefining CyberSecurity Podcast helps to navigate the challenging landscape of technology and risk. We hope you enjoy it!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesYegii | https://yegii.org/blog/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story episode, hosts Marco and Sean discuss data security and insider threats with their guest Terry Ray, field CTO and senior vice president for data security strategy at Imperva. The conversation covers a range of topics related to data security and the challenges organizations face.Terry highlights the need for clear policies and strategies to detect and prevent insider threats. He points out that while organizations may trust their employees and contractors, people are not always security-minded, which can lead to trouble. He also mentions the presence of malicious individuals, although they are fewer in number.Terry shares statistics that reveal a gap between organizations' perception of their data security and the reality of lacking comprehensive strategies as the trio explores the potential of AI in data security, with a focus on the limitations of AI in making complex decisions.Terry emphasizes the importance of human intelligence and oversight, arguing that AI is not yet capable of determining the best course of action in certain scenarios. He gives an example of using AI to compare web application firewalls and points out that AI may not have the context or intelligence to identify what is missing if it hasn't been done before.The group also discusses the balance between security and convenience, particularly in areas such as the medical field. They consider the advantages and risks of feeding AI with medical data and the potential for AI to find solutions that humans may not have considered.The conversation sheds light on some important strategies and best practices as well. To dive deeper into this topic and gain valuable insights from industry experts, we encourage you to listen to the full episode.Note: This story contains promotional content. Learn more.Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [@Imperva]On Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Press Release: Shadow AI set to drive new wave of insider threatsBlog: 7 Facts About Insider Threats That Should Make you Rethink Data SecurityResearch: Forrester Insider Threats Drive Data Protection ImprovementsAre you interested in telling your Brand Story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story podcast episode, host Sean Martin is joined by guest Marc Manzano from SandboxAQ. They explore the importance of future-proofing cryptography and the emerging field of quantum-resistant cryptography.The conversation revolves around the challenges of migrating to new cryptographic algorithms and the unknowns surrounding this process. They discuss how NIST is leading the way in defining new standards and the need for organizations to prepare for the upcoming changes. Marc introduces Sandwich, a meta library developed by SandboxAQ, which provides cryptographic agility and an easy-to-use API for secure application development with cryptography capabilities built-in. Marc explains how developers can download and build Sandwich, customize it with specific ingredients or features, and integrate it into their application development environment.In addition to Sandwich, the Security Suite by SandboxAQ is highlighted as a tool to help organizations modernize cryptography management. It provides visibility into where and how cryptography is used, along with modules for observability, compliance, and remediation. The Security Suite also offers optimization of cryptographic operations to reduce resource consumption and improve performance.Sean and Marc also touch on the challenges organizations face in understanding and implementing encryption and the collaboration between developers and security teams in managing encryption within the broader engineering and security operating environment. They discuss how Sandwich can help overcome hurdles and elevate security posture, allowing developers to focus on application development while the framework takes care of security.Overall, this episode provides insights into the evolving field of quantum-resistant cryptography, the importance of secure application development with cryptography at its core, and the role of tools like Sandwich and the Security Suite in enhancing cybersecurity practices, all aiming to educate listeners on the challenges and solutions in cryptography management.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Marc Manzano, Senior Director - Quantum Security, SandboxAQ [@SandboxAQ]On Linkedin | https://www.linkedin.com/in/marcmanzano/On Twitter | https://twitter.com/marcmanzanoResourcesLearn more about SandboxAQ and their offering: https://itspm.ag/sandboxaq-j2enRead the Sandwich Press Release: https://itspm.ag/sandbonpdaSandwich on Github: https://itspm.ag/sandbo3zq1Learn more about Sandwich: https://itspm.ag/sandboqao6Try SandboxAQ Security Suite: https://itspm.ag/sandbob3gyRead the Security Suite Press Release: https://itspm.ag/sandboxb3e744For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of the Redefining CyberSecurity podcast, host Sean Martin along with guests Kirsten Renner and Marco Ciappelli, share their experiences and insights from DEF CON, the annual hacking conference taking place in Las Vegas, Nevada.Kirsten reflects on her nerves and excitement about speaking on the welcome panel at DEF CON, which was interrupted multiple times by alarms. Despite the interruptions, Kirsten highlights the positive reception from the audience and the approachability of well-known figures like Dark Tangent (DT) - (aka Jeff Moss). The conversation emphasizes the importance of engaging with others at conferences like DEF CON and offers tips on how to approach and interact with people. Kirsten also talks about the car hacking village, including the unique experiences like a Tesla being pummeled and hacked for a capture the flag (CTF) prize. The hosts and guest discuss the culture of badges at DEF CON, with the car hacking badges being functional and allowing participants to plug them into their cars.They mention the inclusiveness and welcoming nature of the DEF CON community and the impact of the research and content being presented. Throughout the episode, there is a comical element as Kirsten shares her experiences of speaking on stage during the alarm interruptions and the humorous interactions with the audience. The conversation also touches on Kirsten's son's involvement at DEF CON and the excitement of collecting badges, which are powered and customizable, adding to the overall sense of community and engagement at the conference. This episode offers a glimpse into the excitement, challenges, and camaraderie of attending and speaking at DEF CON, while emphasizing the importance of inclusiveness and the impact of the research being presented. Listen now to get a sense of this year's event - and be sure to follow Kirsten and the rest of the car hacking village crew to learn more about creating a safe and secure connected car ecosystem.About The Car Hacking VillageThe primary goal of the Car Hacking Village is to build a community around discovering weaknesses and exposing vulnerabilities that could significantly impact the safety and security of all drivers and passengers on the road today. Educating security researchers on the functionality of vehicle systems coupled with providing them with the opportunity to gain hands-on experience working side by side with experts in this field is a plus for the attendees. Leveraging the vast amount of experience the security research community brings to the Village may increase the safety and security of vehicles on the road today and for generations to come. Breaches of automotive systems have been in the forefront of the global media for more than a year. Wired and wireless exploitation of vehicle systems has become a critical safety concern for the automotive industry, the National Highway Traffic Safety Administration, Congress, the Department of Homeland Security, and consumers. Car Hacking Village plays an important role for researchers interested in the safety and security of the more than one billion vehicles on the road worldwide. In 2015, over 16.5 million vehicles were sold in the United States. On average, motor vehicles are driven over 15,000 miles annually and consumers spend upwards of 730 hours per year in their cars.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22Guest: Kirsten Renner, Community Volunteer at DEF CON 101On Linkedin | https://www.linkedin.com/in/krenner/On Twitter | https://twitter.com/KrennerOn YouTube | https://www.youtube.com/playlist?list=PLxjvVVSu5Q3-ttIUdxxyCvJiN-TXuJ7j0This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67aResourcesDEF CON 101 - Welcome to DEF CON Panel: https://forum.defcon.org/node/246130More info about the DEFCON31 Car Hacking Village Badge: https://www.youtube.com/watch?v=yvvOl6LfodQLive from the Car Hacking Village Interview (hack a Tesla Y): https://www.youtube.com/watch?v=2YyyTkMdWikITSP Black Hat 25 & DEF CON 30 Live Streaming Coverage with ITSPmagazine with Car Hacking Village: https://www.youtube.com/watch?v=1jMXUIW9FRESean and Kristen with their Car Hacking Village badge: https://twitter.com/Krenner/status/1028385017037115392?s=20Kristen on DC101 Panel (photo): https://twitter.com/bigrinnyo/status/1689807935096930304?s=20Car Hacking Village website: https://www.carhackingvillage.com/Car Hacking Village Talks | https://www.carhackingvillage.com/talksAt DEF CON: https://forum.defcon.org/node/240928For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining Cyb

Guests: Rob Black, Director at UK Cyber 9/12 Strategy Challenge [@Cyber912_UK]On LinkedIn | https://www.linkedin.com/in/rob-black-30440819/Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this thought-provoking episode of the Redefining CyberSecurity podcast, host Sean Martin engages in a deep conversation with guests Rob Black and Marco Ciappelli about the challenges and complexities of cybersecurity. The discussion revolves around the need to define the ultimate goal of cybersecurity and the potential impact on society, privacy, and human connection. They raise important questions about what it means to be a responsible cyber actor, exploring the clash between freedom of speech and content control.The trio discuss the difficulty of finding a balance between preventing harm and protecting fundamental rights.Deception emerges as a fascinating topic, with the conversation digging into the potential of using deceptive tactics to deter and disrupt cyber attackers. They ponder the ways in which attackers' decision-making can be influenced and their experiences manipulated to make it more challenging for them to succeed.The conversation also takes a philosophical turn, contemplating the existential threat posed by AI and the metaverse. They explore the potential loss of authentic human connection in a virtual world and the implications for society.Throughout the episode, they emphasize the importance of taking a comprehensive and strategic approach to cybersecurity, going beyond technology and considering psychological, social, and ethical factors. This conversation challenges conventional notions of cybersecurity and urges listeners to consider the broader implications and ethical dilemmas inherent in the digital realm.Get ready for some thought-provoking insights that will surely encourage you to further explore the complexities of cybersecurity and its impact on society.____Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____ResourcesUK Cyber 9/12 Strategy Challenge (Website): ukcyber912.co.ukThe Tularosa study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception (2019) Ferguson-Walter et al, Proceedings of the 52nd Hawaii International Conference on System Sciences 2019: https://hdl.handle.net/10125/60164Friend or Faux: Deception for Cyber Defence, (2017) Ferguson-Walter K, LaFon D, Shade T in Journal of Information Warfare (2017) 16.2 28-42: https://www.jinfowar.com/journal/volume-16-issue-2/friend-or-faux-deception-cyber-defenseDesign Thinking for Cyber Deception (2021) - Ashenden D, Black R, Reid I and Henderson S, Proceedings of the 54th Hawaii International Conference on System Sciences 2021: https://hdl.handle.net/10125/70853Cyber Security: Using Cyber Deception to Fight Off Our Attackers — Who is Our End of Level Boss? (Article): https://medium.com/@rob_black/cyber-security-using-cyber-deception-to-fight-off-our-attackers-who-is-our-end-of-level-boss-c6d2697eada____To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Allison Miller, Faculty at IANS [@IANS_Security] and CISO (Chief Information Security Officer) and VP of Trust at Reddit [@Reddit]On LinkedIn | https://www.linkedin.com/in/allisonmillerOn Twitter | https://twitter.com/selenakyle____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, as part of our Chats on the Road series to Black Hat USA 2023 in Las Vegas hosts Sean Martin and Marco Ciappelli chat with Allison Miller to discuss the parallels and differences between the fraud and cybersecurity teams, focusing particularly on how each measures success and handles challenges. Sean highlights the fraud team's clear metric of money, starting and ending their processes with it, and contrasts it to the security team's reliance on metrics like MTTx (Mean Time to Detect, Respond, etc.). He's curious about how the fraud team optimizes their processes and wonders if there are lessons that security teams can glean from them.Allison appreciates the methodologies of fraud teams, especially their use of sampling to understand the magnitude of problems. She explains how fraud teams utilize backend data, machine learning, AI, and statistics to discern risk factors. Then, they test these models on forward-looking data, a methodology akin to red teaming in cybersecurity. She emphasizes the importance of continuous testing to ensure confidence in their detection capabilities. A point of difference she highlights is that fraud models have a high degree of confidence due to rigorous testing, while in cybersecurity, a lot of trust is placed on tool outputs without similar rigorous testing.Marco emphasized the importance of building trust among teams. He stated that without trust, metrics could be misleading, and the overall effectiveness of processes might decline. He urged teams to ensure that they not only trust the data but also their colleagues, suggesting that this trust fosters better communication, understanding, and ultimately, results.Sean expresses his wish for the cybersecurity world to be more integrated into applications, like the fraud teams are. Allison notes that fraud teams naturally fit into transaction processes because that's where money moves. For cybersecurity, the most natural integration point would be during authentication, but it's a risky move since blocking legitimate users would significantly impair their experience. Despite the challenges, Allison sees potential in fusion between fraud and security, especially in areas like API abuse. Both teams could benefit immensely from mutual collaboration in such areas.Allison concludes that while direct involvement of security teams within applications may be a stretch, collaboration with fraud teams can still provide valuable insights. For example, in the realm of retail and payment, insights into API abuse can be a significant area for cooperative efforts between the two teams.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____ResourcesFor more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:👉 https://itspm.ag/bhusa23tspWant to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:👉 https://itspm.ag/bhusa23bndlTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Alex Babar. Alex introduces listeners to Brinqa, a platform that centralizes vulnerability and security findings across various domains, such as infrastructure and cloud security, emphasizing the relevance of application security.The conversation includes Sean's insights about the challenges of differentiating application systems from the past and the complexities of the modern cloud and API-driven environments. Sean emphasizes the importance of understanding the dynamics of application risk management, bringing up the distinction between security posture and application security posture management (ASPM).As the discussion progresses, Alex highlights the increasing visibility of the term 'ASPM' within the security domain. Drawing from his experience at Black Hat, he underscores the saturation of detection tools and the challenge of streamlining vast amounts of data from different sources. Alex notes the prominence of terms like 'application security posture', suggesting a clear industry trend. He elucidates the role of ASPM, which not only centralizes data but also correlates it with business contexts, thereby aiding in risk prioritization.The podcast takes a deeper dive as Sean probes the challenges that security professionals might face in integrating this new space into their existing frameworks and programs. Alex offers valuable advice, urging organizations to self-reflect on their risk reduction strategies and to maintain a healthy balance between detecting and fixing vulnerabilities.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Alex Babar, VP, Solutions at Brinqa [@brinqa]On LinkedIn | https://www.linkedin.com/in/alexbabar/On Twitter | https://x.com/alxbbrResourcesLearn more about Brinqa and their offering: https://itspm.ag/brinqa-pmdpHear more stories from Brinqa: www.itspmagazine.com/directory/brinqaFor more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Willy Leichter as he sheds light on his extensive experience spanning over 24 years in the security realm. With a keen focus on cyclical patterns of security, he underscores the unique position of Cyware, a brand that has worked assiduously to bridge silos across industries. While discussing the broader vision of threat intelligence, he underscores its potential in predicting and mitigating attacks proactively.Join Wily and Sean and they dig into the complexities of threat intelligence, highlighting the importance of clear notifications and the stories behind them. Sean recalls his experiences as a product manager building an enterprise SIEM solution, shedding light on the challenges of orchestrating bidirectional data exchanges due to the diversity of data formats. This reflection underscores the need for a more streamlined and scalable approach.Willy discusses Cyware's role in addressing these challenges. He explains how Cyware assists teams and systems in understanding and acting upon various threats. The conversation also touches on the role of Artificial Intelligence (AI) in improving integrations and managing threats. A significant portion of the discussion focuses on the potential of bidirectional threat intelligence sharing, emphasizing its advantage over the typical one-way sharing that's more common.As the episode progresses, the concept of threat intelligence as a service is introduced. In a digital age where cyber threats are continually evolving, Sean and Willy stress the need for a united front in defense. They advocate for a collaborative approach, emphasizing the benefits of collective defense in an industry where real-time sharing and coordination are paramount.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Willy Leichter, VP of Marketing at Cyware [@CywareCo]On LinkedIn | https://www.linkedin.com/in/willyleichter/ResourcesLearn more about Cyware and their offering: https://itspm.ag/cywaremja9For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]On Linkedin | https://www.linkedin.com/in/ericparizo/On Twitter | https://twitter.com/EricParizo____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, as part of our Chats on the Road series to Black Hat USA 2023 in Las Vegas host Sean Martin and guest Eric Parizo discuss the upcoming Omdia Analyst Summit at Black Hat USA.Eric, the Managing Principal Analyst for the Omdia Cybersecurity Research Team, shares insights into the summit's agenda and the exciting research they have been working on. The summit covers a range of topics, including economic challenges in cybersecurity, proactive security, SASE, IoT and OT security, data security, managed security services, and AI in cybersecurity.They also touch on budget allocation and how organizations are shifting their resources and investing in external security capabilities. While security budgets are generally holding steady or increasing, the economic uncertainty may impact the second half of the year. The conversation highlights the importance of demonstrating ROI and value in existing security spend.The concept of proactive security takes center stage, as Eric explains that it involves finding and addressing threats before they impact an organization.They discuss the three broad categories of security solutions: preventative, reactive, and proactive. Proactive security is seen as the missing piece in the cybersecurity puzzle, allowing organizations to get ahead of security problems and reduce overall risk. Eric teases the attendees of the summit with the promise of exploring specific proactive solutions and the potential for proactive security platforms that bring together various proactive capabilities.Throughout the conversation, Sean and Eric provide a sneak peek into the summit's agenda, emphasizing the importance of the topics being discussed and the cutting-edge research being presented. The episode showcases the expertise and knowledge of Eric as a leading analyst in the cybersecurity field and offers valuable insights for security leaders and professionals.Hosted by Sean Martin, the Redefining CyberSecurity Podcast provides listeners with thought-provoking discussions on cybersecurity topics.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____ResourcesOmdia Analyst Summit: https://www.blackhat.com/us-23/omdia-analyst-summit.htmlFor more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:👉 https://itspm.ag/bhusa23tspWant to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:👉 https://itspm.ag/bhusa23bndlTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Cat Self, Principal Adversary Emulation Engineer, MITRE [@MITREcorp]On Linkedin | https://www.linkedin.com/in/coolestcatiknow/On Twitter | https://twitter.com/coolestcatiknowKate Esprit, Senior Cyber Threat Intelligence Analyst at MITRE [@MITREcorp]On Linkedin | https://www.linkedin.com/in/kate-e-2b262695/____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesIn this new Chats on the Road to Black Hat USA 2023 on the ITSPmagazine Podcast Network, hosts Sean and Marco are joined by Cat and Kate from MITRE to discuss the world of adversary emulation and its importance in improving cybersecurity. The conversation covers MITRE's role as an industry thought leader and their focus on making the cyber world a safer place. They explain how MITRE ATT&CK, a framework based on observations from blue and red engagements, led to the development of ATT&CK evaluations, which aim to raise the standard of the industry and provide transparency. The hosts and guests emphasize the need for transparency in adversary emulation and how MITRE releases their methodology, results, and code to make the practice more accessible.The group also discusses the challenges faced in aligning emulation plans with the diverse and unique solutions deployed by different vendors and the importance of maintaining the integrity of what the adversaries would actually do. The conversation also touches on the differences between adversary emulation and simulation. While emulation replicates the actions and techniques of specific adversaries, simulation allows for more flexibility and blends different components of multiple adversaries.The hosts and guests also explore the power and responsibility that comes with conducting adversary emulation, drawing parallels to superheroes like Batman and Spider-Man.About the session — Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK EvaluationsBatman once said, "you either die a hero or live long enough to see yourself become the villain." What if there was a way to become a cyber villain for the greater good? For the last 5 years, the MITRE ATT&CK Evaluations team has been improving the industry by "becoming the villain." We study some of the world's most advanced threat actors, develop a scenario, build malware and tools, then execute the operations against major EDR vendors. And the best part? Not only do we get the business justification of becoming a villain to advance defenders, but our code is also open-sourced.Using a Latin American APT as our real-world villain, this talk will showcase how to merge CTI and red development capabilities for adversary emulation.First, our cyber threat intelligence team (CTI) demonstrates how to evaluate reports with the sufficient technical data needed to emulate the adversary's usage of particular techniques. We will build a scenario, create CTI diagrams based on our analysis, address gaps in data, and create alternative attack methods for the red team.Next, the red team enters the scene to collaborate with the CTI team. They begin building malware, tools, and infrastructure. Translating approved open-source CTI reporting into code, we will walk through process injection, persistence, hands-on-keyboard discovery, and lateral movement for the emulation. Finally, it is time to launch the attack and see how our defenders respond, discern where to search for clues, and help them uncover our plot.To coincide with this presentation, our code, research, and emulation plans will be publicly released. We hope this empowers the community to use our "become the villain" methodology to improve defenses. Helping defenders discern where to look for our footprints is how we justify our villainous acts.Subscribe to our podcast, share it with your network, and join us in pondering the questions this conversation raises. Be part of the ongoing dialogue around this pressing issue, and we invite you to stay tuned for further discussions in the future.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____________________________ResourcesBecoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations: https://www.blackhat.com/us-23/briefings/schedule/index.html#becoming-a-dark-knight-adversary-emulation-demonstration-for-attck-evaluations-33209Post: https://medium.com/mitre-engenuity/managed-services-evaluations-round-2-2023-attribution-and-sp

In this Their Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Snehal Antani to discuss proactive security and autonomous pentesting. Snehal shares his expertise on the importance of blue teams proactively verifying their security posture and fixing exploitable vulnerabilities on their own terms and timeline. He emphasizes the need for a bias for action and highlights the value of offense informing defense.The conversation digs into how Horizon3.ai's technology helps blue teams automate specific workflows, such as account resets and incident response processes. Snehal explains how the platform can be used to tune security controls and improve overall effectiveness. He discusses the impact of Horizon3.ai on the cybersecurity skills and expertise of its users, allowing them to focus on more challenging and creative aspects of ethical hacking.Snehal also explores the role of storytelling in cybersecurity, particularly when communicating with executive teams and the board. They discuss the importance of framing cybersecurity issues in the language of business continuity and uptime, making the impact tangible and relatable to board members.The discussion provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders. Snehal emphasizes the need for organizations to be proactive and take immediate action to remediate vulnerabilities. Also highlighted is the value of understanding the art of attack in order to become better defenders.Overall, this episode offers a thought-provoking conversation on proactive security, autonomous pen testing, and the evolving role of security practitioners. It provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more about Horizon3.ai and their offering: https://itspm.ag/horizon3ai-bh23For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with David Ratner to discuss the innovative approach of the Adversary Infrastructure Platform to cybersecurity. The platform focuses on understanding and disrupting communication between attackers and their command and control infrastructure, allowing for quicker detection and response to attacks. It can even identify and shut down masked communication attempts.The conversation emphasizes the platform's ease of deployment and integration into existing security architectures, making it accessible for organizations of all sizes. David discusses HYAS's research on the future of malware, including the use of generative AI and polymorphic malware. This research aims to stay ahead of evolving threats, helping organizations build effective defenses.The conversation covers HYAS's research notes on Black Mamba and EyeSpy, which highlight their commitment to understanding attacks and building the right intelligence into the Adversary Infrastructure Platform to detect future threats.The conversation also explores how the platform provides visibility and observability for CISOs, addressing the concerns of not knowing what is happening in real time within their environments.The Adversary Infrastructure Platform allows CISOs to implement a comprehensive strategy for prevention and business resiliency, giving them confidence in their ability to detect and respond to anomalous activity.One of the key strengths of the platform is its flexibility across different devices and network environments. It can be deployed to guard against various operating systems and even IoT and OT devices sending beacons to command and control systems, ensuring comprehensive protection regardless of the devices or connectivity methods being used.Overall, David provides listeners with insights into the Adversary Infrastructure Platform and its role in enhancing cybersecurity. He highlights the platform's effectiveness in detecting and responding to attacks, its ability to provide real-time visibility, and its flexibility in deployment.Listen in to gain a better understanding of how the platform works, its research-driven approach, and its potential to improve an organization's security posture.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: David Ratner, CEO at HYAS [@hyasinc]On LinkedIn | https://www.linkedin.com/in/davidhratner/On Twitter | https://twitter.com/davidhratnerResourcesLearn more about HYAS and their offering: https://itspm.ag/hyasl3siEyeSpy Proof of Concept: https://www.hyas.com/blog/eyespy-proof-of-conceptFor more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Matthew Canham, CEO, Beyond Layer Seven, LLCOn Linkedin | https://www.linkedin.com/in/matthew-c-971855100/Website | https://drmatthewcanham.com/Ben Sawyer, Professor, University of Central Florida [@UCF]On Linkedin | https://www.linkedin.com/in/bendsawyer/On Twitter | https://twitter.com/bendsawyerWebsite | https://www.bendsawyer.com/____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesWelcome to a fascinating new episode where we delve deep into the confluence of cybersecurity, psychology, and philosophy in the realm of artificial intelligence. In anticipation of their insightful presentation at Black Hat Las Vegas 2023, our hosts Marco and Sean had an engaging conversation with Ben and Matthew, shedding light on the astonishingly rapid developments of AI and the accompanying cybersecurity implications.Within the last few months, the GPT-4 and ChatGPT language models have captivated the world. There is a growing perception that the line between AI and sentience is becoming increasingly blurred, nudging us into uncharted territories. However, one must question if this is genuinely the case, or merely what we want or are predisposed to perceive.Ben and Matthew's research outlines the fundamental "cognitive levers" available to manipulate human users, a threat vector that is more nuanced and insidious than we ever imagined.In their upcoming Black Hat talk, they aim to reveal how AI can exploit our cognitive biases and vulnerabilities, reshaping our perceptions and potentially causing harm. From social engineering to perceptual limitations, our digital realities are at a risk we have never seen before.Listen in as Marco and Sean explore a captivating debate around the nature of reality in the context of our interaction with AI. What we think is real, may not be real after all. How does that affect us as we continue to interact with increasingly sophisticated AI? In a world that often feels like a simulation, are we falling prey to AI's exploitation of our human cognitive operating rules?Marco and Sean also introduce us to the masterminds behind this groundbreaking research, Ben Sawyer, with his background in Applied Experimental Psychology and Industrial Engineering, and Matthew Canham, whose work spans cognitive neuroscience and human interface design. Their combined expertise results in a comprehensive exploration of the intersection between humans and machines, particularly in the current digital age where AI's ability to emulate human-like interactions has advanced dramatically.This thought-provoking episode is a must-listen for anyone interested in the philosophical, psychological, and cybersecurity implications of AI's evolution. The hosts challenge you to think about the consequences of human cognition manipulation by AI, encouraging you to contemplate this deep topic beyond the immediate conversation.Don't miss out on this thrilling journey into the unexplored depths of human-AI interaction.Subscribe to our podcast, share it with your network, and join us in pondering the questions this conversation raises. Be part of the ongoing dialogue around this pressing issue, and we invite you to stay tuned for further discussions in the future.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____ResourcesMe and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants: https://www.blackhat.com/us-23/briefings/schedule/index.html#me-and-my-evil-digital-twin-the-psychology-of-human-exploitation-by-ai-assistants-32661For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:👉 https://itspm.ag/bhusa23tspWant to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:👉 https://itspm.ag/bhusa23bndlTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.