Redefining CyberSecurity

Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year’s coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year’s event. Getting Ready for Black Hat 2024 The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat. Introducing Jeswin Mathai and SquareX Jeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product’s efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat. The Birth of SquareX Sean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security. Addressing Security Gaps Jeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity. Innovative Security Solutions SquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience. A Scalable and Privacy-Safe Solution Marco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws. Real-World Use Cases To illustrate SquareX’s capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats. Looking Ahead to Black Hat and DEF CON The discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today’s cybersecurity challenges and solutions. Conclusion In conclusion, the conversation...

Guest: Jason Healey, Senior Research Scholar, Cyber Conflict Studies, SIPA at Columbia University [@Columbia] On LinkedIn | https://www.linkedin.com/in/jasonhealey/ At BlackHat: https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jason-healey-31682 ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Opening Remarks: Sean Martin and Marco Ciappelli set the stage with their signature banter, creating an inviting atmosphere for a deep dive into cybersecurity. Marco introduces a philosophical question about measuring success and improvement in the field, leading seamlessly into their conversation with Jason Healey. Meet the Expert: Sean introduces Jason Healey, a senior research scholar at Columbia University and a former military cybersecurity leader with extensive experience, including roles at the Pentagon and the White House. Jason shares his excitement for Black Hat 2024 and the anniversary celebrations of ITSPmagazine, expressing anticipation for the discussions ahead. The Role of Defense in Cybersecurity: Jason previews his journey from military service to academia, posing the critical question, “Is defense winning?” He provides a historical perspective, noting that cybersecurity challenges have been present for decades. Despite significant investments and efforts, attackers often seem to maintain an edge. This preview sets the stage for a deeper exploration of how to measure success in defense, which he plans to address in detail at the conference. Shifting the Balance: Jason highlights the need for a comprehensive framework to evaluate the effectiveness of defense mechanisms. He introduces the concept of metrics like “mean time to detect,” suggesting that these can help gauge progress over time. Jason plans to discuss the importance of understanding system-wide dynamics at Black Hat, emphasizing that cybersecurity is about continual improvement rather than quick fixes. Economic Costs and Broader Impacts: Sean shifts the discussion to the economic aspects of cybersecurity, a topic Jason is set to explore further at the event. Jason notes that while financial implications are substantial, other indicators, such as the frequency of states declaring emergencies due to cyber incidents, provide a broader view of the impact. He underscores the need to address disparities in cybersecurity protection, pointing out that not everyone has access to the same level of defense capabilities. Community and Collaboration: Marco and Jason discuss the importance of community involvement in improving cybersecurity. Jason stresses the value of shared metrics and continuous data analysis, calling for collective efforts to build a robust defense against evolving threats. This theme of collaboration will be a key focus in his upcoming session. Looking Forward: As they wrap up, Sean and Marco express their anticipation for Jason’s session at Black Hat 2024. They encourage the audience to join in, engage with the topics discussed, and contribute to the ongoing conversation on cybersecurity. Conclusion: Sean concludes by thanking Jason for his insights and highlighting the importance of the upcoming Black Hat sessions. He invites listeners to follow ITSPmagazine's coverage for more expert discussions and insights into the field of cybersecurity. For more insightful sessions and expert talks on cybersecurity, make sure to follow ITSPmagazine's Black Hat coverage. Stay safe and stay informed! Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ This Episode’s...

In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP). The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification. The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats. Key Points Discussed: Behavioral Detection vs. Signature-Based Methods:Enhanced Capabilities for Real-Time Response:Recognition and Impact:Supply Chain Security:Future of Cloud Security:RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection. For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation. Learn more about RAD Security: https://itspm.ag/radsec-l33tz Note: This story contains promotional content. Learn more. Guest: Brooke Motta, CEO & Co-Founder, RAD Security [@RADSecurity_] On LinkedIn | https://www.linkedin.com/in/brookemotta/ On Twitter | https://x.com/brookelynz1 Resources A Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4bi Open Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kro Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-security View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

Guest: Kim Jones, Director, Intuit [@Intuit] On LinkedIn | https://www.linkedin.com/in/kimjones-cism/ ____________________________ Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin explores the importance of achieving velocity in cybersecurity operations with Kim Jones, a seasoned leader with nearly four decades of experience in intelligence, security, and risk. Jones, who has served in various roles such as Army Intel Officer, CISO, and most recently, in Performance Acceleration at Intuit, brings a wealth of knowledge to the table. Jones stresses that cultural alignment is crucial for cybersecurity teams to move faster without compromising security. He highlights the importance of leaders setting clear priorities and fostering an environment where team members feel comfortable raising conflicts and collaborating to find solutions. “A good leader is going to push the organization 5 percent beyond what it thinks it can do,” says Jones, emphasizing the necessity of pushing teams beyond their perceived limits while ensuring they work cohesively. One of the key takeaways from the discussion is Jones' analogy of velocity: “Velocity implies taking that motion in a given appropriate direction,” he explains. For Jones, mere motion is insufficient if it lacks direction. He believes that enterprises must align their resources toward a common goal to achieve true velocity, minimizing internal friction and inefficiencies along the way. Effective leadership, according to Jones, plays a pivotal role in this alignment. He argues that leaders need to create a culture where collaboration and conflict resolution are normalized practices. “Not every leader has to be charismatic, but every leader has to lead and set the tone,” Jones notes, adding that consistent and principled leadership is more impactful than charisma alone. Jones also touches on the real-world repercussions of failing to balance velocity with cultural alignment. Drawing from his extensive career, he shares that misalignment often leads to burnout and inefficiencies. He underscores the importance of leaders making time for their peers and team members, noting, “Inaction is as reckless as acting without thought.” Jones advises that prioritizing responses and maintaining open communication channels can significantly enhance team effectiveness. For organizations aiming to boost their cybersecurity operations, Jones' insights offer a valuable roadmap. By focusing on cultural alignment, setting clear priorities, and encouraging effective leadership, businesses can achieve the velocity needed to thrive. Jones' approach underscores that achieving velocity isn't about making things move faster in disarray but rather about coordinated and purposeful acceleration toward shared goals. Top Questions Addressed ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Inspiring Resource: https://www.linkedin.com/posts/kimjones-cism_velocity-simplified-activity-7201763704848175104-sprZ/ Velocity, Simplified (Blog Post): https://www.security2cents.com/post/velocity-simplified ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc

Guest: Fred Heiding, Research Fellow, Harvard On LinkedIn | https://www.linkedin.com/in/fheiding/ On Twitter | https://twitter.com/fredheiding On Mastodon | https://mastodon.social/@fredheiding On Instagram | https://www.instagram.com/fheiding/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this Chats on the Road episode as part of the On Location with Sean and Marco series, hosts Sean Martin and Marco Ciappelli invite listeners into an engaging dialogue with Fred Heiding, a research fellow in computer science at Harvard. The episode dives into the intricacies of national cybersecurity strategies, exploring the intersection of technology, policy, and economics in safeguarding nations against cyber threats. Fred opens up about his journey from a technical background to a more policy-focused role at Harvard’s Kennedy School, driving home the importance of a multidisciplinary approach to cybersecurity. This sets the stage for a captivating discussion on the collaborative research project he's leading, which aims to evaluate and enhance national cybersecurity strategies worldwide. Listeners are treated to an insightful narrative on how the project originated from an insightful question Fred posed at a Harvard conference, leading to a fruitful partnership with national security researcher Alex O'Neill and Lachlan Price, a pivotal figure in crafting Australia's renowned cybersecurity strategy. Together, they've been investigating the effectiveness of various national strategies, emphasizing the need for context-specific evaluations. A major highlight of the episode is the discussion on the inclusion of emerging technologies, particularly AI, in these cybersecurity policies. Fred provides an optimistic update on how even slightly older documents are proactively addressing future-proof strategies against new technological threats. This is paired with a deep dive into the concepts of resilience and the importance of creating detailed, actionable policy documents that can be evaluated for effectiveness over time. Sean and Marco steer the conversation towards the practical implications of these strategies, questioning how economic factors influence cybersecurity policy and the trade-offs between system security and usability. Fred’s insights into the economic dimensions of cybersecurity, including the balance between investment in protection and the potential costs of cyber attacks, add a valuable perspective to the discussion. The episode promises to inspire listeners with Fred’s forward-thinking approach and the practical applications of his research. As Fred previews his upcoming presentation at Black Hat, excitement builds for those interested in the detailed findings and innovative strategies he will share. Tune in to this episode for a thought-provoking exploration of national cybersecurity strategies, enriched by Fred Heiding’s expert insights and the dynamic interaction between the hosts and their guest. Whether you're a policymaker, technologist, or cybersecurity enthusiast, this conversation offers valuable takeaways and a fresh perspective on the ever-evolving cyber landscape. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Contributors to A Multilateral Framework for Evaluating National Cybersecurity Strategies (BlackHat Session): Fred Heiding | Research Fellow, Harvard Alex O'Neill | Independet Lachlan Price | Research Assistant, Harvard Eric Rosenbach | Senior Lecturer in Public Policy, Harvard ____________________________ This Episode’s...

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents] On LinkedIn | https://www.linkedin.com/in/swylie650/ On Twitter | https://twitter.com/swylie650 ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Vroom Vroom! The Black Hat Tradition with Sean and Marco It's that time of year again, and Sean Martin and Marco Ciappelli are kicking things off with their customary banter on the road to Black Hat USA 2024. This time, there's no need to "vroom vroom" their way to Las Vegas as they'll be flying there instead. But no matter how they get there, it's all about reaching the grand event that is Black Hat. A Decade of ITSP Magazine and Black Hat Marco highlights a significant milestone for their publication: ITSP Magazine is celebrating its 10th anniversary, a journey that began alongside the Black Hat conference. Steve Wylie, who has also been with Black Hat since 2014, shares this sentiment of growth and reflection. What to Expect at Black Hat USA 2024 Steve Wylie provides a comprehensive overview of what attendees can expect this year. As always, the event will bring the heat—literally, with Las Vegas temperatures scaling up to 108 degrees Fahrenheit. But beyond the weather, the Black Hat event itself will feature a multitude of new expansions. Key Highlights Expanded Content Program:More Networking Opportunities:Day Zero Program:Innovative Summits:Deep Dives and Panel Discussions Steve reveals a notable deviation from tradition: this year's keynote will be a panel discussion focused on defending democracy in an election year, featuring top cybersecurity leaders from the U.S., the EU, and the UK. This will be an essential kickoff, reflecting on the year’s heavy election schedule and the growing influence of AI. Fireside Chat with Moxie Marlinspike Another unique addition is a fireside chat with Moxie Marlinspike, founder of Signal, moderated by Jeff Moss. This discussion will delve into privacy concerns and the ever-important balance between privacy and security in today's technological landscape. Arsenal and the NOC: Fan Favorites Return Sean and Steve both tip their hats to recurring features such as Arsenal, which showcases cutting-edge tools developed by the cybersecurity community, and the NOC, where attendees can witness real-time network management and protection. Wrapping Up As Sean and Marco prepare to experience another electrifying Black Hat, they remind readers and listeners alike to subscribe to ITSP Magazine for exclusive coverage and insights. Whether you're able to attend in person or follow along remotely, Black Hat USA 2024 promises to be a crucial event for anyone in the cybersecurity field. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ Be sure to share and subscribe! ____________________________ This Episode’s Sponsors LevelBlue: https://itspm.ag/levelblue266f6c Coro: https://itspm.ag/coronet-30de SquareX: https://itspm.ag/sqrx-l91 ____________________________ Resources Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/ The list of keynotes can be found on this page: https://www.blackhat.com/us-24/keynotes.html Direct links to...

Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco’s exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco’s asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't. Why does this matter: The systems that typically track and report CVEs, don’t report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform’s exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it’s observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what’s working and what’s not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place. How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization’s security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams. Learn more about Sevco: https://itspm.ag/sevco250d8e Note: This story contains promotional content. Learn more. Guest: J.J. Guy, CEO and Co-Founder, Sevco On LinkedIn | https://www.linkedin.com/in/jjguy/ On Twitter | https://x.com/jjguy?lang=en Resources State of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9bl Learn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevco View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive:...

ISMS.online has released its ‘State of Information Security’ report which surveyed 502 people in the UK (over 1500 globally) who work in information security across 10 sectors including technology, manufacturing, education, energy and utilities and healthcare. The main findings that it exposed are: 79% of businesses have been impacted due to an information security incident caused by a third-party vendor or supply chain partner. Over 99% of UK businesses received hefty fines for data breaches or violation of data protection rules over the last year Deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organisations. What does all of this mean? As data breaches continue to surge, government entities and trade bodies are in turn, trying to meet these challenges with updates and implementation of regulations and compliance mandates. Listen in as Luke speaks to IT managers about the need to build robust and effective information security foundations, invest in securing their supply chains and increasing employee awareness and training. Learn more about ISMS.online: https://itspm.ag/ismsonline08ab81 Note: This story contains promotional content. Learn more. Guest: Luke Dash, CEO, ISMS.online On LinkedIn | https://www.linkedin.com/in/luke-dash-33867b25/ Resources The State of Information Security Report 2024: https://itspm.ag/ismsonlinef56b77 Learn more and catch more stories from ISMS.online: https://www.itspmagazine.com/directory/isms-online View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

In the latest Brand Story episode, host Sean Martin chats with Brian Reed, Mobile Security Evangelist, and Chris Roeckl, Chief Product Officer at AppDome, during the OWASP Global AppSec event in Lisbon. The episode dives into pivotal aspects of mobile app security and consumer expectations. Brian Reed articulates how AppDome collaborates with OWASP to tackle mobile app security challenges. He underscores the significant role consumers play in these endeavors. According to AppDome's annual survey, consumer feedback is indispensable, revealing that a staggering 97% of consumers would abandon a brand after an insecure app experience, while 95% would advocate for a brand offering a secure experience. This highlights the stark consequences of neglecting mobile security. Chris Roeckl elaborates on how AppDome’s annual survey, spanning four years, has amassed data from over 120,000 consumers across 12 countries. This wealth of information provides a clear trend: consumers increasingly prioritize security, particularly in banking, e-wallet, healthcare, and retail apps. Interestingly, while social media is not at the forefront of security concerns, it is rapidly becoming a focus area as users grow more conscious of account security and privacy. The discussion brings to light how brands can effectively communicate their security protocols to consumers. Reed and Roeckl suggest transparency through dedicated web pages, direct email outreach, and in-app notifications. This communication helps build trust and reassures consumers that their security concerns are being addressed. The conversation also touches on the integration of security into the development lifecycle. Developers often face the challenge of ensuring robust security without compromising the user experience. Reed mentions the importance of making security processes seamless and non-invasive for developers. By leveraging machine learning and AI, AppDome aims to automate many security tasks, allowing developers to focus on creating innovative, user-friendly applications. Moreover, Roeckl points out that a holistic approach is essential. This means incorporating input from various teams within an organization - from product leaders focusing on user engagement to engineers ensuring crash-free applications and cybersecurity teams safeguarding data integrity. This collaborative effort ensures that the final product not only meets but exceeds consumer expectations. The insights shared in the episode are a call to action for businesses to prioritize mobile security. With six billion humans using mobile apps globally, the stakes are higher than ever. Brands must recognize the direct correlation between secure mobile experiences and customer loyalty. By investing in robust security measures and effectively communicating these efforts, businesses can foster a secure and trustworthy environment for their users. Listeners are encouraged to download the full AppDome report for a deeper understanding of consumer attitudes towards mobile app security. This empathetic report offers valuable insights that can help developers, product managers, and cybersecurity teams align their strategies with consumer expectations, ultimately leading to safer and more secure mobile applications. Learn more about Appdome: https://itspm.ag/appdome-neuv Note: This story contains promotional content. Learn more. Guests: Brian Reed, SVP AppSec & Mobile Defense, Appdome [@appdome] On LinkedIn | https://www.linkedin.com/in/briancreed/ Chris Roeckl, Chief Product Officer, Appdome [@appdome] On LinkedIn | https://www.linkedin.com/in/croeckl/ Resources Learn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdome View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario) On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/ ____________________________ Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode — Part 1 of 3 Parts — of the Redefining CyberSecurity Podcast on ITSPmagazine, host Sean Martin dives into a comprehensive discussion with Kush Sharma, a distinguished leader with vast experience across Accenture, Deloitte, the City of Toronto, and CP Rail. The conversation explores the intricacies of building a Chief Information Security Officer (CISO) office from the ground up, offering invaluable insights for current and aspiring CISOs. Kush Sharma emphasizes the multifaceted role of a CISO, particularly the distinct challenges faced when establishing a cybersecurity program in various organizational contexts—government, private sector, and consulting firms. He points out that in governmental environments, the focus is typically on how to benefit citizens or internal staff while operating under tight scrutiny and budget constraints. In contrast, consulting and private sectors prioritize efficiency, quick deployment, and direct benefits to the organization. A significant part of the discussion centers on enterprise risk management. Sharma highlights the importance of aligning cybersecurity initiatives with organizational objectives. From mergers and acquisitions (M&A) to digital transformations, CISOs must ensure that their strategies mitigate risk while supporting the broader business goals. Kush Sharma advises that during such major projects, security measures need to be integrated from the ground up, focusing on things like role-based access and the segmentation of business processes. Additionally, the challenges of engaging with governmental bodies are explored in depth. Sharma explains the extensive bureaucratic processes and the need for consensus-building, which often lead to significant delays. Understanding these processes allows for better navigation and more efficient outcomes. Sharma also brings out the importance of understanding and acting upon business processes when integrating cybersecurity measures. For instance, in large-scale ERP implementations, it is crucial to map out detailed roles and ensure that security provisions are applied consistently across all integrated systems. By focusing on the distinct roles within these processes, such as AP clerks or accounting managers, CISOs can develop more granular and effective security measures. The episode underscores that success in building a CISO office lies in strategic alignment, efficient resource allocation, and thorough understanding of both technical and business processes. For cybersecurity leaders, this conversation with Kush Sharma offers crucial guidance and real-world examples to help navigate their complex roles effectively. Be sure to listen to the episode for a deeper dive into these topics and more. And, stay tuned for Parts 2 and 3 for even more goodness from Sean and Kush. Top Questions Addressed ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉...

Guest: Jess Nall, Partner, Defense Against Government Investigations, Baker McKenzie, LLP [@bakermckenzie] On LinkedIn | https://www.linkedin.com/in/jess-nall/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes As the countdown to Black Hat 2024 begins, ITSP Magazine’s “Chats On the Road” series kicks off with a compelling pre-event discussion featuring Jess Nall, a partner at Baker McKenzie with over two decades of experience in federal investigations and defending Chief Information Security Officers (CISOs). Hosted by Sean Martin and Marco Ciappelli, the episode blends humor and serious insights to tackle the evolving challenges faced by CISOs today. The Dodgeball Analogy: Setting the Stage The conversation starts on a light-hearted note with a playful dodgeball analogy, a clever metaphor used to illustrate the growing complexities in the cybersecurity landscape. This sets the tone for a deeper exploration of the pressures and responsibilities that modern CISOs face, bridging the gap between legacy technology and contemporary cybersecurity challenges. Legacy Technology vs. Modern Cybersecurity Drawing from the dodgeball metaphor, Sean and Marco highlight the burden of legacy technology and its impact on current cybersecurity practices. Jess Nall shares her perspective on how past business operations influence today’s cybersecurity strategies, emphasizing the need for CISOs to adapt and innovate continually. ITSP Magazine’s Milestone and Black Hat Connections This episode also marks a celebratory milestone for ITSP Magazine. Sean and Marco reflect on their journey from Los Angeles to Las Vegas, the birthplace of ITSP Magazine, and how their experiences have shaped the publication’s mission and growth. As they gear up for Black Hat 2024, they express their excitement about reconnecting with the cybersecurity community and exploring new opportunities for collaboration. Introducing Jess Nall: Expertise and Experience Jess Nall, a seasoned expert in federal investigations, brings invaluable insights to the discussion. She underscores the severe implications of government scrutiny on CISOs, drawing from high-profile cases like SEC v. SolarWinds and Tim Brown. Jess provides practical advice for CISOs to avoid regulatory pitfalls and highlights the importance of staying vigilant and proactive in their roles. The Internet’s Troubled History and Its Impact Marco steers the conversation towards the Internet’s troubled history and its initial lack of security foresight. Jess reflects on how these historical challenges have shaped modern cybersecurity practices, emphasizing the difficulties of keeping up with evolving threats and expanding attack surfaces. She also discusses the controversial strategy of targeting CISOs to influence corporate cybersecurity measures, a practice she staunchly opposes. The Perfect Storm: AI and Cybersecurity The discussion turns to the increasing complexity of cybersecurity in the age of AI. Sean and Jess delve into the pressures CISOs face as they balance the incorporation of AI technologies with maintaining robust cybersecurity measures. Jess describes this scenario as a “perfect storm,” making the role of a CISO more challenging than ever. Regulation and Legislation: A Critical Examination Marco raises critical concerns about the reactive nature of current cybersecurity legislation and regulation. Jess discusses how federal agencies often target individuals closest to a cybersecurity breach and outlines the topics she will cover in her upcoming Black Hat presentation. She aims to...

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Rogier Fischer, co-founder and CEO of Hadrian, to delve into the evolving landscape of cybersecurity. The discussion navigates through the intricacies of modern cybersecurity challenges and how Hadrian is providing innovative solutions to tackle these issues. Sean Martin sets the stage by emphasizing the importance of operationalizing cybersecurity strategies to manage risk and protect revenue. Rogier Fischer shares his journey from an ethical hacker working with Dutch banks and tech companies to co-founding Hadrian, a company that leverages advanced AI to automate penetration testing. Fischer highlights the limitations of traditional cybersecurity tools, noting they are often too passive and fail to provide adequate visibility. Hadrian, on the other hand, offers a proactive approach by simulating hacker behavior to identify vulnerabilities and exposures. The platform provides a more comprehensive view by combining various aspects of offensive security, enabling organizations to prioritize their most critical vulnerabilities. One of the key points Fischer discusses is Hadrian's event-driven architecture, which allows the system to detect changes in real-time and reassess vulnerabilities accordingly. This ensures continuous monitoring and timely responses to new threats, adapting to the ever-changing IT environments. Another significant aspect covered is Hadrian's use of AI and machine learning to enhance the context and flexibility of security testing. Fischer explains that AI is selectively applied to maximize efficiency and minimize false positives, thus allowing for smarter, more effective security assessments. Fischer also shares insights on how Hadrian assists in automated risk remediation. The platform not only identifies vulnerabilities but also provides clear guidance and tools to address them. This is particularly beneficial for smaller security teams that may lack the resources to handle vast amounts of raw data generated by traditional vulnerability scanners. Additionally, Hadrian's ability to integrate with existing security controls and workflows is highlighted. Fischer notes the company's focus on user experience and the need for features that facilitate easy interaction with different stakeholders, such as IT teams and security engineers, for efficient risk management and remediation. In conclusion, Rogier Fischer articulates that the true strength of Hadrian lies in its ability to offer a hacker’s perspective through advanced AI-driven tools, ensuring that organizations not only identify but also effectively mitigate risks. By doing so, Hadrian empowers businesses to stay ahead in the ever-evolving cybersecurity landscape. Top Questions Addressed Learn more about Hadrian: https://itspm.ag/hadrian-5ei Note: This story contains promotional content. Learn more. Guest: Rogier Fischer, Co-Founder and CEO, Hadrian [@hadriansecurity] On LinkedIn | https://www.linkedin.com/in/rogierfischer/ Resources View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

Guests: Tyler Wall, CEO, Cyber NOW Education On LinkedIn | https://www.linkedin.com/in/tylerewall On YouTube | https://www.youtube.com/@cybernoweducation Jarrett Rodrick, Sr. Manager, Threat Management at Omnissa [@WeAreOmnissa] On LinkedIn | https://www.linkedin.com/in/jarrett-rodrick/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin View This Show's Sponsors ___________________________ Episode Notes In the latest episode of Redefining CyberSecurity, host Sean Martin converses with Tyler Wall and Jarrett Rodrick, co-authors of "Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success." The discussion dives into the essential aspects of starting and advancing a career as a Security Operations Center (SOC) analyst, shedding light on the realities and opportunities within the cybersecurity landscape. Tyler Wall, a full-time cybersecurity professional and founder of CyberNow Education, highlights that entering the SOC analyst role doesn't necessarily require a college degree. Wall emphasizes the importance of certifications like Security+ and Network+, combined with real-world IT experience. The discussion points out that many successful SOC analysts have transitioned from desktop support roles or other IT positions, using these pathways to gain relevant experience and knowledge. Jarrett Rodrick, formerly a SOC lead at VMware and now overseeing multiple security teams at Omnissa, underscores that this field values practical skills and continuous learning. Rodrick's own journey from combat soldier to SOC manager exemplifies the diverse backgrounds from which professionals can emerge. He points out that, during the COVID-19 pandemic, the cybersecurity job market was robust, but now there is fiercer competition with many qualified candidates vying for roles. Wall and Rodrick discuss the structure of their book, which includes five real-world stories from various SOC analysts. These stories serve to inspire and provide practical insights into the everyday challenges and rewards of the role. The book also covers the technical and non-technical skills necessary for SOC analysts, such as curiosity, the ability to delve into rabbit holes of information, and a thorough understanding of cloud security. Networking and community involvement are vital for career growth, as highlighted by Wall. He advises aspiring SOC analysts to join groups like DEF CON, 2600, and online communities such as Black Hills Information Security to build connections and gain industry insights. Blogging about one's learning journey and challenges can also attract attention and establish a professional network. The conversation also touches upon the future of the SOC analyst role, particularly in light of advancements in automation. Rodrick notes that while automation will handle some of the more mundane tasks, it will never completely replace human analysts. These tools are designed to enhance efficiency and allow analysts to focus on more complex and strategic issues. Wall adds that having a background or education in cloud security is increasingly important as more companies migrate to cloud environments. In summary, the episode provides a comprehensive overview of the SOC analyst career path, highlighting the need for practical skills, continuous learning, and community engagement. Wall and Rodrick's insights and recommendations serve as a valuable guide for anyone looking to enter or advance in this critical cybersecurity role. Their book, "Jump-start Your SOC Analyst Career," is a testament to their commitment to supporting the next generation of SOC analysts and promoting a secure digital world. Key Questions Addressed About the Book The frontlines of cybersecurity operations include many unfilled jobs and exciting career...

Guest: Oleg Shanyuk, Platform Security, Delivery Hero [@deliveryherocom] On LinkedIn | https://www.linkedin.com/in/oleg-shanyuk/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this On Location episode, Sean Martin discusses the complexities of application security (AppSec) and the challenges surrounding the integration of artificial intelligence (AI) with Oleg Shanyuk at the OWASP Global AppSec Global conference in Lisbon. The conversation delves into various aspects of AppSec, DevSecOps, and the broader scope of securing both web and mobile applications, as well as the cloud and container environments that underpin them. One of the core topics Martin and Shanyuk explore is the pervasive influence of AI across different sectors. AI's application in coding, for instance, can significantly expedite the development process. However, as Sean Martin highlights, AI-generated code may lack the human intuition and contextual understanding crucial for error mitigation. This necessitates deeper and more intricate code reviews by human developers, reinforcing the symbiotic relationship between human expertise and AI efficiency. Shanyuk shares insightful anecdotes about the history and evolution of programming languages and how AI's rise is reminiscent of past technological shifts. He references the advancement from physical punch cards to assembly languages and human-readable code, drawing parallels to the current AI boom. Shanyuk stresses the importance of learning from past technological evolutions to better understand and leverage AI's full potential in modern development environments. The conversation also explores the practical applications of AI in fields beyond straightforward coding. Shanyuk discusses the evolution of automotive batteries from 12 volts to 48 volts, paralleling this shift with how AI can optimize various processes in different industries. This evolution demonstrates the potential of technology to drive efficiencies and reduce costs, emphasizing the need for ongoing innovation and adaptation. Martin further navigates the discussion towards platform engineering, contrasting its benefits of consistency and control with the precision and customization needed for specific tasks. The ongoing debate encapsulates the broader dialogue within the tech community about finding the right balance between standardization and flexibility. Shanyuk's perspective offers valuable insights into how industries can leverage AI and platform engineering principles to achieve both operational efficiency and specialized functionality. The episode concludes with forward-looking reflections on the future of AI-driven models and their potential to transcend the limitations of human language and traditional coding paradigms. The thoughtful dialogue between Martin and Shanyuk leaves listeners with a deeper appreciation of the challenges and opportunities within the realm of AI and AppSec, encouraging continued exploration and discourse in these rapidly evolving fields. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV Be sure to share and subscribe! ____________________________ Resources Bret Victor: https://worrydream.com/ Learn more about OWASP AppSec Global Lisbon 2024:...

In the hilarious yet insightful tale, join the eccentric Dr. Frankenstream and his quirky assistant Igor, as they bring an AI system to life, only to face unexpected challenges and hilarious missteps. Discover how they, along with cybersecurity expert Inga, navigate the perils of modern technology, reminding us of the crucial balance between innovation and responsibility. ________ This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn. Sincerely, Sean Martin and TAPE3 ________ Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website. TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity] On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps. Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones. A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested. Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities. Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers. For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV Be sure to share and subscribe! ____________________________ Resources LeaveHomeSafe Pentest Report: https://7asecurity.com/reports/pentest-report-leavehomesafe.pdf CoverDrop Pentest Report:...

Guest: Jim Dempsey, Senior Policy Advisor, Stanford Program on Geopolitics, Technology and Governance [@FSIStanford]; Lecturer, UC Berkeley Law School [@BerkeleyLaw] On LinkedIn | https://www.linkedin.com/in/james-dempsey-8a10a623/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli View This Show's Sponsors ___________________________ Episode Notes Join Sean Martin and Marco Ciappelli for a dynamic discussion with Jim Dempsey as they unearth critical insights into the rapidly evolving field of cybersecurity law. Jim Dempsey, who teaches cybersecurity law at UC California Berkeley Law School and serves as Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance, shares his extensive knowledge and experience on the subject, providing a wealth of information on the intricacies and developments within this legal domain. Cybersecurity law is a relatively new but increasingly important area of the legal landscape. As Dempsey pointed out, the field is continually evolving, with significant strides made over the past few years in response to the growing complexity and frequency of cyber threats. One key aspect highlighted was the concept of 'reasonable cybersecurity'—a standard that demands organizations implement adequate security measures, not necessarily perfect ones, to protect against breaches and other cyber incidents. This concept parallels other industries where safety standards are continually refined and enforced. The conversation also delved into the historical context of cybersecurity law, referencing the Computer Fraud and Abuse Act of 1986, which initially aimed to combat unauthorized access and exploitation of computer systems. Dempsey provided an enlightening historical perspective on how traditional laws have been adapted to the digital age, emphasizing the role of common law and the evolution of legal principles to meet the challenges posed by technology. One of the pivotal points of discussion was the shift in liability for cybersecurity failures. The Biden administration's National Cybersecurity Strategy of 2023 marks a significant departure from previous policies by advocating for holding software developers accountable for the security of their products, rather than placing the entire burden on end-users. This approach aims to incentivize higher standards of software development and greater accountability within the industry. The discussion also touched on the importance of corporate governance in cybersecurity. With new regulations from bodies like the Securities and Exchange Commission (SEC), companies are now required to disclose material cybersecurity incidents, thus emphasizing the need for collaboration between cybersecurity teams and legal departments to navigate these requirements effectively. Overall, the episode underscored the multifaceted nature of cybersecurity law, implicating not just legal frameworks but also technological standards, corporate policies, and international relations. Dempsey's insights elucidated how cybersecurity law is becoming ever more integral to various aspects of society and governance, marking its transition from a peripheral concern to a central pillar in protecting digital infrastructure and information integrity. This ongoing evolution makes it clear that cybersecurity law will continue to be a critical area of focus for legal professionals, policymakers, and businesses alike. Top Questions Addressed About the Book First published in 2021, Cybersecurity Law Fundamentals has been completely revised and...

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today. The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues. The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations. A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance. Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically. The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively. Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8v Note: This story contains promotional content. Learn more. Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix] On LinkedIn | https://www.linkedin.com/in/fracipo/ On Twitter | https://twitter.com/FrankSEC42 Resources Learn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-security View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

We are in the era of dynamic computing – and while that gives way to innovation, it also escalates the risks every business faces. Computing no longer occurs solely within the perimeter, and cybersecurity threats are increasingly more sophisticated. In fact, organizations today operate in a climate where entire systems can be taken offline in just a few short hours – and leaders need to be prepared for recovery from an interruption to the networks, systems, or data that underpin their business. With the advent and proliferation of new technologies, there is more pressure than ever to secure organizations’ computing. Ultimately, the evolution of computing has forced businesses into a paradox of innovation and risk. They must balance technology with security and business resilience, which requires a new way of thinking. Learn more about LevelBlue: https://itspm.ag/levelblue266f6c Note: This story contains promotional content. Learn more. Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber] On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ Resources Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

Guest: Ida Hameete, Application Security Consultant, Zenrosi On LinkedIn | https://www.linkedin.com/in/idahameete/ ____________________________ Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin ____________________________ Episode Notes Join Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses. Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices. Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge. The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization. Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences. Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success. Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV Be sure to share and subscribe! ____________________________ Resources Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/ Ida's Session: https://owaspglobalappseclisbon2024.sched.com/event/1VdB4/winning-buy-in-mastering-the-art-of-communicating-security-to-management ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine,...