Join Sean Martin, host of Redefining Cyber Security Podcast, and Siân John, Chief Technology Officer at NCC Group, in an engaging discussion on the evolving cybersecurity landscape. Explore key insights on citizen-driven regulation, bridging business-cybersecurity gaps, and emerging trends reshaping security strategies.
In the fast-paced world of cybersecurity, staying ahead of threats and protecting sensitive data is a top priority for organizations of all sizes. However, small businesses and mid-market companies often face unique challenges when it comes to implementing comprehensive cybersecurity solutions.
Data is dynamic. Data is unique. It's critical for businesses to maintain data security and integrity by treating it differently based on what it is, what it's for, who is accessing it, how it's being used, and the overall context surrounding these things.
Join us for a conversation with Terry Ray, SVP Data Security GTM, Field CTO, and Imperva Fellow, as we demystify data protection.
Over 100+ countries and counting (along with a growing number is U.S. states) have enacted data privacy legislation, creating a super-complex global data privacy landscape. Unless, of course, you approach the situation with a different mindset.
Join us to explore the relationship between privacy, security, compliance, and ethics as organizations try to find the perfect balance in data creation, collection, storage, usage, and collaboration.
Don’t worry, we’ll set the record straight for the differences between the “DPO” and the “DPO” … as well as the participation and responsibilities of security, privacy, engineering, legal, compliance, and more.
A Their Story conversation with Sean Martin, Marco Ciappelli, and Imperva
The “waves” of ransom-driven DDoS — Distributed Denial of Service — attacks continue to come as the attack vectors, techniques, and targets continue to evolve. Where does this leave us? Let's look to the DDoS Threat Landscape Report from Imperva to glean some answers.
As we connect with David Elmaleh, during this episode, we quickly realize there is a lot to catch up on — past, present and future — for what appears to be a never-ending problem in DDoS. Attacks seems to be be repeatedly targeting the same victims and are coming more quickly and running for shorter periods. Don't be fooled, however, the financial impact due to the unplanned and seemingly-uncontrolled downtime is wreaking havoc on industries and organizations all around the globe.
In addition to leveraging new techniques, bad actors are also using advanced technologies — artificial intelligence, the Internet of Things (IoT), and 5G to name but a few — to do their dirty deeds. They are investing in these technologies to help them scale their operations to reach more targets with fewer resources. On the other side of this coin, the bad actors' deep understanding of these technologies and the new, modern architectures and infrastructures that companies are building with them, makes them prime targets as well. The expanded business capabilities using these advanced technologies equate to expanded attack surface for the DDoS slingers to target.
We cover a lot from the first 2 quarters of this quarterly report while also getting to hear what some real-world cases from Imperva customers sound and look like.
It's time we found a way to handle these distributed attacks. Have a listen to hear what your business can do to mitigate this risk.
A Their Story conversation with Sean Martin, Marco Ciappelli, and Pentera’s CMO, Aviv Cohen
This is a story that begins with the journey of Arik Liberzon, the founder and CTO and head of the R&D and product teams at Pentera. Arik was the head of the red team for the Israeli Defense Forces, chartered with pentesting — or red teaming — all of the strategic assets against nation state levels of threats. He did so with a great number of people, just like you would expect to do with an enterprise level red teaming program, tapping into a wealth of ethical hackers and red teamers. But he also had another part of his brain, which was all about software.
This story, and the broader capabilities, mission, and vision for the future at Pentera, was told to us by Aviv Cohen, Pentera's Chief Marketing Officer. Connecting the human element to software and operations, the team at Pentera believe it's important to have a human view for the challenges organizations face when managing their security programs. This is why Pentera created a series of cyber cartoons that are specialized to represent cybersecurity life. The cartoons connect the life of cybersecurity personnel and their role in society. This is a way for us to laugh, adding some humor to reality, connecting the technology products and services that we provide to this reality.
The software-enabled red team army is here and ready to join your team. Have a listen and connect with the team at Pentera to begin and continue your own red team journey.
A Their Story conversation with Sean Martin, Marco Ciappelli, and Bugcrowd
Join us for a conversation with Justin Kestelyn as take a unique journey into the past, present, and future of penetration testing. We get the opportunity to explore the how the role of a pentest has evolved as part of a larger security program, how the tools have involved, how the technique and skills has transformed, and how the human element is still key when outcomes matter more than just showing the results of a scan.
It's time to re-imagine penetration testing. Let's do that together now.
Have a listen.
A Their Story conversation with Anthony Bendas, COO at Level Effect, Will Nissler, Infrastructure Lead & Cybersecurity Instructor at Level Effect, and Sidney Crout, CDCP Certified Graduate of Level Effect, Threat Hunter at Confidential.
There are so many questions that come with pursuing a cybersecurity career and education. Listen as we answer many of these questions and discuss how Level Effect sets its students up for success.
We go into detail about who might be a good fit to work in cybersecurity (hint: almost anyone!), what types of information students will need to know and what skills lend themselves to catching on to the learning materials quickly, when it might be a good time to start taking the next step in your education or career process, where you can go now to find resources, and why Level Effect strives to help its students every step of the way if they are willing to put in the work!
This episode also sheds light on the four professionals speaking, and many others, who have taken a similar "non-traditional path" to make their way into successful cybersecurity careers.
A Their Story conversation with Sean Martin, Marco Ciappelli, and Checkmarx’s Renny Shen and Bryan Schuck.
Application development has become an extremely complex endeavor, with multiple components involved ranging from open source libraries to share cloud services accessed through APIs. The only thing more difficult than building an advanced application is securing it. But it doesn't need to be that way.
This is where Checkmarx comes in. With a focus on application and API security assessments, scanning, and training, DevOps and AppSec teams can work together to reduce the complexity in application development and delivery, ensuring that time-to-market requirements are met alongside functional requirements and security requirements.
Listen in as we get to hear from Renny and Bryant about the origin and journey of Checkmark - past, present, and future.
A Their Story conversation with Sean Martin and AppViewX Chief Solutions Officer, Muralidharan Palanisamy
Helping developers be effective and agile in today's chaotic DevOps' on-premises, containerized, and cloud-enabled world is critical. Doing so in a way that doesn't overload them with too many security tickets, unnecessary tasks, or other operational challenges is also paramount to their success as they work to meet the organization's requirements to build a great product that reaches to market as quickly as possible.
Still, while the notion that application security is not necessary is beginning to fade away, the relationship between the AppSec and the DevOps teams needs to be supported by tools, information, and processes that provide assurance to the security team that the right steps are being taken by the engineering team while also enabling the app development team to do what they need to do as they innovate and build the next best thing for the business.
A Their Story conversation with Sean Martin, Marco Ciappelli, and BlackCloak CEO and founder, Chris Pierson
It's usually the sum of the parts that paint the best picture and tell the best story. So what does the net sum game of the most recent report from BlackCloak tell us about the so-called gap between the work and personal lives of the executive?
Sometimes, it's necessary to connect the dots to answer the questions we have. Sometimes we need to connect the dots to create the questions we need to be asking. In this episode, our guest, Dr. Chris Pierson, takes us through the results of their most recent report, Quantifying The Business Need For Digital Executive Protection, helping to make the connection between how threats and vulnerabilities originating in the personal digital lives of the corporate executive, Board Member, and high-profile employee add new risks to your organization that can lead to lost revenue, decreased productivity, disruption of business continuity and more.
Get ready for some number sharing. Prepare yourself for some storytelling. Brace yourself for the findings you may or may not have expected.
A Their Story conversation with Sean Martin, Marco Ciappelli, and Imperva
Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.
Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.
This is a 2-part podcast series with Imperva. In this series, we get to speak with Ryan Windham VP of Application Security at Imperva, to look at the findings in the report from two angles. Be sure to catch both episodes to get both perspectives.
A Their Story conversation with Sean Martin, Marco Ciappelli, and Philippe Humeau, CEO at CrowdSec
The venture market in cybersecurity continues to shift as the economy ebbs and flows throughout the world. However, when you have a good idea, it still gets the attention of the users and the investors, even if that means starting at the bottom and working your way up.
Join us for a live stream conversation with CrowdSec CEO, Philippe Humeau, as we take a quick look back at what we experienced during RSA Conference and spend some time talking through what is coming up for the 10-person contingent from CrowdSec that is making the journey to Las Vegas, arriving from multiple countries, to bring their insights, expertise, and conversations to the Arsenal, vendor halls, speaking stages, and meeting rooms during Black Hat and DEF CON.
This is a quick chat packed with a lot of energy, vision, and enthusiasm — tempered with a dose of reality and humility. It's about embracing "precious" without being "precious" — have a listen.
A Their Story conversation with Sean Martin, Marco Ciappelli, and Michael Bunyard from Asgardeo
The founder's journey can directly impact what a company focuses on and why. In this Asgardeo by WSO2 story, you'll get to hear how their work is making the world a better place through software.
It was the initial desire to do good that continues to thrive in everything that WSO2 does - including the launch of their app authentication as a service division, Asgardeo, a customer identity, and access management (CIAM) offering which helps developers implement secure authentication flows to apps or websites in a few simple steps.
The use cases are many - both directly a part of a single application and as part of other services where identity is built in. Please tune in to hear WSO2's origin story, the creation of Asgardeo and the value it brings to the developer community, and the multiple case studies that our guest from Asgardeo, Michael Bunyard, brings to life during this conversation.
A Their Story conversation with John Houston, VP, Information Security and Privacy; Associate Counsel at UPMC and Michael Parisi, VP of adoption at HITRUST
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?
Maybe a smart question: Is there an opportunity to be smarter?
Listen in to learn more about the RFI and the role you can have in shaping its outcome.
Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.
A Their Story conversation with Sean Martin, Marco Ciappelli, and BlackCloak CEO and founder, Chris Pierson
Dr Chris Pierson has held many roles and has been a regular speaker at RSA Conference over the years. What's he up to this year as the event goes back to in-person engagements?
As the CEO of BlackCloak, Chris Pierson is looking forward to connecting with peers, partners, customers, and prospects as the world of executive cybersecurity heats up. In addition to seeing friends old and new, Dr Pierson has two sessions in which he will be participating. He shares some insights into both of these sessions.
Chris has some other things up his sleeve as well. Can you say MySpace? 🤔
A Their Story conversation with Sean Martin, Marco Ciappelli, Philippe Humeau, CEO at CrowdSec, and Phillip Wylie, The Hacker Maker
In this second chapter of our conversation with CrowdSec CEO, Philippe Humeau, we invite The Hacker Maker, Phillip Wylie, to bring his penetration testing experience and insights. Together we explore the value of investing in the cybersecurity community information sharing platform as a way to do way more than protect your organization. By doing so, we can help secure other businesses and whole communities in the neighbors around you, such as a local hospital that could experience an attack that you've already seen on your network.
The value of investing in the security knowledge sharing economy directly impacts IT operations, security operations, businesses, society, and, therefore, humanity.
Join us for a philosophical yet fun, thought-provoking conversation that will likely prompt you to not only share this podcast with your friends, colleagues, and peers but also start sharing your cybersecurity insights with your digital neighbors through the power of the CrowdSec platform.
A Their Story conversation with Imperva fellow, Terry Ray.
Consumers worry about sharing data online, yet most feel they have “no choice” but to share their data if they want to use online services. It's a catch 22 — and it is not a bus.
Trust is waning. A majority of consumers, globally, say that trust in the many digital service providers’ ability to keep their personal data secure has decreased over the past five years.
Still, despite serious concerns, most consumers share their darkest secrets online via cloud messaging services even though they recognize there would be repercussions for them if the information they shared was leaked.
No question, it's a catch 22. But what do we do? That's the catch. Again.
Have a listen to learn more about the connections and responsibilities between consumers and the businesses they rely upon to live their digital lives.
A Their Story conversation with Greg Ake, CEO, and Rob Noeth, CTO, at Level Effect.
This isn't just a story about a company and what they do. This is a story about using your previous experiences and pursuing your passion to help others, which is exactly what Greg Ake and Rob Noeth have done.
Greg and Rob have a goal of helping to reduce security risk for everyone, not just themselves or their employers, but for other organizations and our country. Level Effect is accomplishing this by teaching truly realistic training and making it applicable to an actual role in cybersecurity.
With a practical vs. knowledge-based approach to removing unnecessary noise in their curriculum, it's obvious Level Effect is different.
Join us and listen to this inspiring conversation about the origins of Level Effect — even the name — and how they've built a better cybersecurity bootcamp.
A Their Story conversation with Lee Barrett, Executive Director at Electronic Healthcare Network Accreditation Commission, and Michael Parisi (VP of adoption at HITRUST)
Patients, and their providers, deserve to have immediate, accurate access to their personal health information so they can get the best healthcare possible. How and where does the concept of interoperability come into play for a number of societal issues and patient care delivery challenges we are trying to solve for? Let's look at TEFCA to find out.
in today's story, we are joined by two organizations—HITRUST and EHNAC—dedicated to making the healthcare ecosystem thrive by reducing friction in risk management and in supply chain interoperability. This spirit couldn't be applied at a better time with the recent release of TEFCA—the Trusted Exchange Framework and Common Agreement.
A Their Story conversation with Imperva fellow, Terry Ray.
Data Security is often seen as the “scary” or “intimidating” domain of security. And, yet, it’s needed more than ever before.
Historically, it’s a domain of security that is typically found in highly regulated industries. However, data is the currency of the modern economy and the fuel behind nearly every organization. Business large and small collect, create, store, manipulate, and share data that is sensitive in nature and valuable to cybercriminals.
2022 must be the year where data security becomes attainable for all. The solution to the problem can't be bigger than the problem itself. And, the problem can't be defined as dealing with it in real-time. It's important we use data to protect the data, getting ahead of the threat.
A Their Story conversation with John Overbaugh (ASG), Michael Tiemeyer (Teladoc Health), and Michael Parisi (VP of adoption at HITRUST)
Taking responsibility for what we build and how we secure it matters. Especially in the ways we talked about during today’s Their Story episode? It matters to the business partners. It matters to the customers. And, as pointed out by Mike Parisi during this conversation, it matters to society.
There are many reasons why organizations large and small choose HITRUST to help them through their security, risk, and compliance journey.
Why do you choose HITRUST?
Musing On: Technology | Cybersecurity | Society & Culture | Business | Space | Science | Leadership | Environment | Healthcare & Wellness | Storytelling & Storytellers | Artificial Intelligence & Generative AI | Ethics & Philosophy | Policy & Regulations | Hacking | Software Development | Sociology & Psychology | Founders & Start-Ups | Conferences & Events | Mentoring | Creativity | Writing | Space Exploration and Security | Arts | …
Subscribe to ITSPmagazine’s Podcast Main Channel and listen to all our conversations directly on your favorite podcast player.
Note: These are links to the General ITSPmagazine Podcast where MOST episode from our Podcast Channels are published.
To subscribe to your favorite shows, please visit the Podcast’s Host Profile.
If you do not see your favorite player above, open it and search for ITSPmagazine Podcast.