The ITSPmagazine Podcast

⬥EPISODE NOTES⬥ Sean Martin had barely finished his coffee when two separate conversations with CISOs at RSAC 2026 landed the same way: security is not how the business grows, it is how the business stays out of trouble. Compliance drives the tooling. The security team does its job. The business does its job. And the two rarely meet in the middle. That observation kicked off a quick but pointed exchange with Marco Ciappelli on the floor at RSAC, one that quickly moved from the conference center to the broader question of culture. Not just inside organizations -- but out in the world, where most people installing iPhone updates are skipping the security patch and tapping the music app feature instead. Sean has been making this argument for years -- his original show was called The Business of Security for a reason -- and Marco brings the branding and societal lens to the same problem. What happens when businesses treat security as a cost center rather than a brand asset? Apple made privacy a selling point. Most of the industry has not. And if the companies building and deploying security do not close that gap, the consumers and executives who should care never will. The conversation ends with Sean hinting at a second idea brewing -- something sparked by a photograph of a bow and arrow on the streets of San Francisco. That one comes later. ⬥HOSTS⬥ Sean Martin, CISSP -- Co-Founder, ITSPmagazine & Studio C60 | Host, Redefining CyberSecurity Podcast & Music Evolves Podcast | https://www.seanmartin.com/ Marco Ciappelli -- Co-Founder, ITSPmagazine & Studio C60 | Host, An Analog Brain In A Digital Age Podcast | https://www.marcociappelli.com/ ⬥RESOURCES⬥ RSAC 2026 | April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ An Analog Brain In A Digital Age Newsletter | https://www.linkedin.com/newsletters/7079849705156870144/ On Location | https://www.itspmagazine.com/on-location ⬥KEYWORDS⬥ sean martin, marco ciappelli, rsac 2026, rsa conference, cybersecurity business value, security culture, ciso priorities, compliance-driven security, security roi, brand and security, consumer security behavior, ai and security, security as business enabler, itspmagazine, on location Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The security industry has spent years debating which tools to buy. Impetum is asking a different question: are the tools you already have actually working? Founded by incident responders who saw the same failures across hundreds of breaches, Impetum built the Persistent Purple Team platform to simulate advanced threat actors inside customer environments on a continuous monthly basis -- not as a one-time engagement, but as an ongoing relationship built around real data, custom TTPs, and a measurable Threat Resilience Score. Matt Stewart and Alex Grohmann spoke with Sean Martin and Marco Ciappelli at RSAC Conference 2026 about what they are hearing on the show floor: agentic AI is accelerating the speed of compromise and exposing vulnerabilities in legacy systems that have been dormant for decades. Against that backdrop, the value of knowing -- not assuming -- that your detection and response capabilities hold up becomes critical. The platform builds that knowledge through live-fire exercises using an organization's own data, validating patch management, XDR, SIEM tuning, and post-compromise detection in a way no annual pen test can. The conversation also touched on the structural talent problem agentic AI is creating inside SOCs. As AI fills the level one analyst role, the pipeline for developing level two analysts and incident responders is narrowing. Impetum sees persistent purple teaming as the training ground that closes that gap -- giving existing teams the repeated, realistic practice they need to respond with confidence when an actual breach begins. Impetum targets mid-size organizations that have the right security tools but lack the budget, bandwidth, and access to industry events to keep those tools continuously validated against evolving attack paths. For those teams, the platform delivers something an annual report cannot: a documented, ongoing record of what works, what does not, and where the program is heading. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Matt Stewart, Co-Founder, Impetum Alex Grohmann, Co-Founder, Impetum LinkedIn: https://www.linkedin.com/in/alexandergrohmann/ RESOURCES Impetum / Persistent Purple Team: https://www.persistentpurpleteam.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Matt Stewart, Alex Grohmann, Impetum, Persistent Purple Team, Remedium Security, Sean Martin, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast, purple teaming, continuous security validation, threat resilience, CISO, security operations, SOC, red team, blue team, incident response, agentic AI, MITRE ATT&CK, penetration testing, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.