The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Player FM - Internet Radio Done Right
18 subscribers
Checked 14h ago
Added four years ago
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to ITSPmagazine Podcasts
A podcast about web design and development.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Catalyst, a Launch by NTT DATA podcast, puts humans at the front and center of digital transformation. Each week, we feature thought leaders who share their insights on reinventing digital experiences, enhancing customer journeys, and driving innovation in the enterprise. From platform transformation to the latest advancements in AI, our guests delve into the challenges and triumphs of digital transformation, emphasizing the critical role of human ingenuity and leadership. Learn more about L ...
…
continue reading
"web3 with a16z" is a show about the next generation of the internet, and about how builders and users -- whether artists, coders, creators, developers, companies, organizations, or communities -- now have the ability to not just "read" (web1) + "write" (web2) but "own" (web3) pieces of the internet, unlocking a new wave of creativity and entrepreneurship. Brought to you by a16z crypto, this show is the definitive resource for understanding and going deeper on all things crypto and web3. Fro ...
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
The a16z Podcast discusses tech and culture trends, news, and the future – especially as ‘software eats the world’. It features industry experts, business leaders, and other interesting thinkers and voices from around the world. This podcast is produced by Andreessen Horowitz (aka “a16z”), a Silicon Valley-based venture capital firm. Multiple episodes are released every week; visit a16z.com for more details and to sign up for our newsletters and other content as well!
…
continue reading
For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a software developer and how the art and practice of programming is changing our world. From Rails to React, from Java to Node.js, join the Stack home team for conversations with fascinating guests to help you understand how technology is made and where it’s headed.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
From Reactive to Proactive: Building Guardrails That Actually Protect | A Brand Story with Rob Allen from ThreatLocker | An On Location RSAC Conference 2025 Brand Story
Manage episode 480760918 series 2972571
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.
Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can’t control what you can’t see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.
The Zero Trust Mindset: Assume Breach, Limit Access
Rob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It’s not about waiting to detect bad behavior—it’s about blocking the behavior before it starts.
The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker’s automation is designed to lower that barrier and get organizations to meaningful control faster.
Modern Threats, Simplified Defenses
As AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don’t require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it’s created. Whether it’s PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.
This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you’re ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.
Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974
Note: This story contains promotional content. Learn more.
Guest:
Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/
Resources
Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25
______________________
Keywords:
sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
620 episodes
ShareManage episode 480760918 series 2972571
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.
Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can’t control what you can’t see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.
The Zero Trust Mindset: Assume Breach, Limit Access
Rob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It’s not about waiting to detect bad behavior—it’s about blocking the behavior before it starts.
The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker’s automation is designed to lower that barrier and get organizations to meaningful control faster.
Modern Threats, Simplified Defenses
As AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don’t require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it’s created. Whether it’s PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.
This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you’re ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.
Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974
Note: This story contains promotional content. Learn more.
Guest:
Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/
Resources
Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25
______________________
Keywords:
sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
620 episodes
All episodes
×
I
ITSPmagazine Podcasts
1 Stay Calm, But Be Ready: What Trust Looks Like in the Middle of a Breach | An Infosecurity Europe 2025 Conversation with Steve Wright | On Location Coverage with Sean Martin and Marco Ciappelli 28:57
28:57 
Play Later 
Play Later 
Lists 
Like 
Liked28:57
Play Later Play Later Lists Like LikedWhat does it really mean to be crisis-ready? In this conversation from InfoSecurity Europe 2025, Steve Wright—a data privacy and cybersecurity leader with three decades of experience spanning Siemens, Unilever, John Lewis, and the Bank of England—joins Sean Martin and Marco Ciappelli to unpack the heart of effective crisis management. With a career that’s evolved from risk, through cybersecurity, and now into privacy, Wright offers a refreshingly grounded perspective: crisis management starts with staying calm—but only if you’ve done the work beforehand. Preparation Over Panic Crisis management isn’t just a technical checklist—it’s a cultural discipline. Wright emphasizes that calm only comes from consistent practice. From live simulations to cross-functional coordination, he warns that too many organizations are underprepared, relying on ad hoc responses when a breach or outage occurs. Drawing on a real-life ransomware scenario from his time at John Lewis, Wright illustrates the importance of verification, collaboration with law enforcement, and informed decision-making over knee-jerk reactions. Containment, Communication, and Culture Preparation leads naturally to containment—an organization’s ability to limit the damage. Whether it’s pulling cables or isolating systems, quick thinking can prevent weeks of downtime. But just as important is how you communicate. Wright points to the contrast between companies that respond with transparency and empathy versus those that go silent, risking public trust. Modern crisis management requires the ability to shift the narrative and speak directly to affected stakeholders—before speculation takes over. Trust and Accountability in a Global Ecosystem Digital trust has become a board-level concern, not just a technical one. Wright notes that conversations with executives have moved beyond compliance to include broader questions of data ownership, consumer expectations, and supply chain accountability. As global systems grow more complex, clarity about who owns what—and who’s responsible when things go wrong—becomes harder to establish, but more important than ever. Looking Ahead Wright ends with a look to the future, imagining a world where individuals control their data through biometric locks and personal data brokers. Whether this utopia (or dystopia) arrives remains to be seen—but the path forward demands organizations prioritize practice, transparency, and trust today. ___________ Guest: Steve Wright , Data Protection Officer, Financial Services Compensation Scheme | https://www.linkedin.com/in/stevewright1970/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS steve wright, sean martin, marco ciappelli, infosecurity, crisis, privacy, cybersecurity, resilience, communication, trust, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 The Digital Dark Alley: Teaching Cybersecurity Like Fire Safety by Building Cyber Habits That Stick | An Infosecurity Europe 2025 Conversation with Jemma Davis | On Location Coverage with Sean… 21:06
21:06 Play Later Play Later Lists Like Liked21:06
Play Later Play Later Lists Like LikedAs Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community. The Power of the Crowd: Community, Policy, and Lifelong Learning This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem. Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions. Maximizing the Experience: Prep, Participate, and Party From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades. The message is clear: cybersecurity is no longer just a technical field—it’s a societal one. ___________ Guest: Saima Poorghobad , Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS sean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 From Code to Culture: Why Technical Tools Alone Won’t Save Cybersecurity | An Infosecurity Europe 2025 Conversation with Rob Black | On Location Coverage with Sean Martin and Marco Ciappelli 22:33
22:33 Play Later Play Later Lists Like Liked22:33
Play Later Play Later Lists Like LikedWhat if the key to cybersecurity isn’t more tech—but more humanity? In this On Location episode of ITSPmagazine, Rob Black—UK Cyber Citizen of the Year and founder of the Global Institute of Cyber Deception—joins hosts Marco Ciappelli and Sean Martin to challenge conventional thinking around cyber defense. With a background spanning military operations and human sciences, Rob brings a fresh perspective that prioritizes multidisciplinary thinking, behavioral insight, and creative disruption over brute-force technology. Rob highlights the importance of soft skills and critical thinking through initiatives like the UK Cyber Leaders Challenge, where students take on crisis simulation roles to sharpen leadership and communication in real-world scenarios. These experiences underscore the need to cultivate professionals who can think dynamically, not just code efficiently. A key focus of the conversation is the strategic use of deception in cybersecurity. Rob points out that while organizations obsess over vulnerabilities and zero-days, they often overlook attacker intent. Instead of just locking down infrastructure, defenders should disrupt decision-making—using tools, tactics, and even perception itself to sow doubt and hesitation. From publicizing the use of deception technologies to crafting networks that appear already compromised by rival threat actors, Rob argues for a smarter, more psychological approach to defense. He also pushes back against the industry’s obsession with tools for every symptom—drawing a parallel to big pharma’s model of selling treatments without tackling root causes. If cybersecurity is to become more resilient, he argues, it needs to embrace a systems mindset that includes governance, behavioral science, and even cultural analysis. This episode is a must-listen for anyone tired of buzzwords and ready to rethink cybersecurity as a socio-technical system—not just a digital one. From geopolitics to psychology, deception to diplomacy, Rob Black connects the dots between how we live with technology and how we must protect it—not just through code, but through creativity, context, and compassion. Listen now to explore how cybersecurity can grow up—and get smarter—by getting more human. ___________ Guest: Rob Black , Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS rob black, marco ciappelli, sean martin, deception, cybersecurity, behavior, intent, resilience, infosec 2025, leadership, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 Beyond the Hoodie: Redefining Who Belongs in Cybersecurity with Community as the Missing Link in Cyber Resilience | An Infosecurity Europe 2025 Conversation with Amanda Finch | On Location Coverage… 27:03
27:03 Play Later Play Later Lists Like Liked27:03
Play Later Play Later Lists Like LikedIn this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective. Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn’t just about skills—it’s about building confidence and community. A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization. Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources. In closing, Amanda urges us not to forget the enduring principles of security—know what you’re protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity’s biggest challenges. ___________ Guest: Amanda Finch , CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS amanda finch, sean martin, marco ciappelli, cybersecurity, diversity, leadership, career, smallbusiness, community, education, infosecurity europe, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 Understanding Cybersecurity Behavior: From Social Engineering to Shadow AI | An Infosecurity Europe 2025 Conversation with Jason Nurse | On Location Coverage with Sean Martin and Marco Ciappelli 15:21
15:21 Play Later Play Later Lists Like Liked15:21
Play Later Play Later Lists Like LikedDr. Jason Nurse, academic and cybersecurity behavior researcher, joins Marco Ciappelli at Infosecurity Europe to unpack the shift in cybersecurity thinking—away from purely technical measures and toward a deeper understanding of human behavior and psychology. Nurse focuses his work on why people act the way they do when it comes to security decisions, and how culture, community, and workplace influences shape those actions. Behavior is increasingly taking center stage in security conversations, and for good reason. Nurse points to recent attacks that succeed not because of flaws in technology but due to the manipulation of individuals—such as social engineering tactics that target help desk personnel. These incidents highlight how behavioral cues and psychological triggers are weaponized, making it critical for organizations to address not just systems, but the people using them. The conversation then shifts to artificial intelligence, particularly the growing issue of “shadow AI” in corporate settings. Nurse cites research from the National Cybersecurity Alliance’s Behavior Report, revealing that approximately 40% of employees who use AI admit to sharing sensitive corporate information with these tools—often without their employer’s awareness. Even more concerning, over half of those organizations offer no training on safe or responsible AI use. Rather than banning AI outright, Nurse advocates for responsible use grounded in training and transparency. He acknowledges that some companies attempt to enforce boundaries by deploying internal AI systems, but these are often limited in capability. Others are exploring solutions to filter or sanitize inputs, though achieving a practical balance remains elusive. The conversation also touches on the emotional and psychological bonds forming between individuals and AI. Nurse notes that users increasingly treat AI like a companion, trusting it with personal information and seeking advice, even in sensitive contexts such as mental health. That trust, while understandable, opens new avenues for misuse and misjudgment—especially when users forget AI lacks genuine understanding. This episode prompts an important question: as AI becomes part of our daily routines, how do we maintain control, context, and caution in our interactions with it—and what does that mean for the future of security? ___________ Guest: Dr. Jason R.C. Nurse , Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS marco ciappelli, jason nurse, infosecurity europe, behavior, psychology, cybersecurity, ai, social engineering, workplace, trust, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 From Vulnerability to Visibility: Rethinking Exposure Management | A Brand Story with Tod Beardsley from runZero | An infosecurity Europe 2025 Conference On Location Brand Story 27:20
27:20 Play Later Play Later Lists Like Liked27:20
Play Later Play Later Lists Like LikedSecurity teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don’t always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management. Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don’t-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what’s relevant to their specific networks and business-critical systems. The conversation also explores SSVC’s ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support. That’s where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure. The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they’re buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks. Whether you’re tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk. Learn more about runZero: https://itspm.ag/runzero-5733 Note: This story contains promotional content. Learn more . Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ Resources Learn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzero Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story Keywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast…
I
ITSPmagazine Podcasts
1 When Automation Meets Ethics, Budget, Data, and Risk: The Real Factors Behind AI Deployment | An Infosecurity Europe 2025 Conversation with Andrea Isoni | On Location Coverage with Sean Martin and… 29:35
29:35 Play Later Play Later Lists Like Liked29:35
Play Later Play Later Lists Like LikedAs Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community. The Power of the Crowd: Community, Policy, and Lifelong Learning This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem. Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions. Maximizing the Experience: Prep, Participate, and Party From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades. The message is clear: cybersecurity is no longer just a technical field—it’s a societal one. ___________ Guest: Saima Poorghobad , Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS sean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 The Billion-Dollar Blueprint: Following the Digital Trail of Criminal Cash and the Human Cost of Cybercrime | An Infosecurity Europe 2025 Conversation with Geoff White | On Location Coverage with… 24:04
24:04 Play Later Play Later Lists Like Liked24:04
Play Later Play Later Lists Like LikedAs Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community. The Power of the Crowd: Community, Policy, and Lifelong Learning This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem. Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions. Maximizing the Experience: Prep, Participate, and Party From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades. The message is clear: cybersecurity is no longer just a technical field—it’s a societal one. ___________ Guest: Geoff White , Author, Speaker, Investigative Journalist, Podcast Creator | https://www.linkedin.com/in/geoffwhitetech/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS marco ciappelli, sean martin, geoff white, cybersecurity, ransomware, laundering, crypto, hacking, journalism, infosec europe, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 Collaboration Isn’t Fluffy: It’s Fundamental to Cybersecurity—Rethinking the Role of Humans in Cyber Defense | An Infosecurity Europe 2025 Conversation with Purvi Kay and Rob Black | On Location… 16:45
16:45 Play Later Play Later Lists Like Liked16:45
Play Later Play Later Lists Like LikedCybersecurity isn’t just about code, controls, or compliance—it’s about people. That’s the core message from Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems, and Rob Black, founder of the UK Cyber Leaders Challenge, as they share how genuine collaboration is reshaping security success in high-stakes environments. In this InfoSecurity Europe conversation, Purvi emphasizes that cybersecurity is still too often seen as an IT issue, when in reality it cuts across every aspect of business. Her role spans cybersecurity strategy, leadership development, and advocacy—serving also as Chair of BAE’s Women in Cyber program and as a neurodiversity champion. For her, inclusion is more than a policy—it’s essential to mission success, especially when coordinating across trilateral government and industry teams on programs as complex as next-gen fighter aircraft. Rob reinforces this point with his focus on developing soft skills in future cybersecurity leaders. His work brings non-traditional talent into cyber, prioritizing communication, empathy, and multidisciplinary collaboration. These human-centric capabilities are crucial when bridging divides between security, legal, HR, and operations. Both guests highlight how assumptions, language, and siloed thinking obstruct progress. Purvi shares how cybersecurity has often been seen as a barrier—brought in too late, misunderstood, or left out of key decisions. She now champions “secure by design” practices through early involvement of cross-functional teams. Rob brings a memorable example: using marriage counseling techniques to help auditors and developers understand each other better—not to resolve personal conflict, but to decode cultural and professional misalignments. Their conversation also touches on practical methods for building shared understanding, from sketching “river journeys” to map project dynamics, to fostering stakeholder buy-in through intentional communication. Whether aligning three governments or managing internal procurement, they show that collaboration isn’t just a buzzword—it’s a structured, repeatable approach to managing complexity. This episode offers a thoughtful and grounded look at how meaningful human connection—across functions, cultures, and roles—forms the foundation of effective cybersecurity. It’s a timely reminder that the path to resilience begins with listening, empathy, and a clear sense of shared purpose. ___________ Guests: Purvi Kay , Head of Cybersecurity for the Future Combat Air System at BAE Systems | https://www.linkedin.com/in/purvikay/ Rob Black , Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/ Hosts: Sean Martin , Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com Marco Ciappelli , Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com ___________ Episode Sponsors ThreatLocker: https://itspm.ag/threatlocker-r974 ___________ Resources Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25 Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us ___________ KEYWORDS sean martin, rob black, purvi kay, cybersecurity, collaboration, communication, leadership, diversity, empathy, infosecurity europe, event coverage, on location, conference…
I
ITSPmagazine Podcasts
1 London: Random and Unscripted – Meditation, Music, Literature and many more reasons why we love this city | Random and Unscripted with Sean Martin and Marco Ciappelli 18:15
18:15 Play Later Play Later Lists Like Liked18:15
Play Later Play Later Lists Like LikedSometimes, the best conversations happen when there’s no agenda. This is one of those moments. With London as the backdrop — its history, energy, and unpredictable charm — Sean and I sat on the grass in Hyde Park and hit record. No script, no plan. Just two friends talking about music, memories, meditation, and why we still believe in experiencing things without a phone between us and reality. From yoga poses on park benches to tales of Clapton at Royal Albert Hall and an upcoming Oasis reunion in Cardiff (yes, really), this is a meandering mix of thoughts and stories — like walking down Portobello Road not knowing what you’ll find. We touch on the lost art of being present , why live music changes everything, and how the UK’s cultural influence shaped our creative paths. Sure, we dip into punk, rock, film, and a few philosophical musings about why Florence isn’t featured more in books and movies — but it’s all under one theme: reconnecting with the world around us. It’s a conversation that could only happen in a place like London — rich with culture, memories, and endless possibility. If you’re tired of content that’s too polished, too planned, or too promotional… this episode is a breath of fresh (sometimes damp) British air. ⸻ Hashtags: #storytelling, #london, #musiclovers, #meditation, #unscripted, #podcastlife, #travelstories, #creativelife, #liveinthemoment, #punkrockNew episodes drop when they drop. Expect the unexpected. Hosts links: 📌 Marco Ciappelli : https://www.marcociappelli.com 📌 Sean Martin : https://www.seanmartin.com…
I
ITSPmagazine Podcasts
1 More Than Code: Why Human Skills Matter in AppSec | An OWASP AppSec Global 2025 Conversation with Maria Mora | On Location Coverage with Sean Martin and Marco Ciappelli 15:37
15:37 Play Later Play Later Lists Like Liked15:37
Play Later Play Later Lists Like LikedIn this On Location episode during OWASP AppSec Global 2025 in Barcelona, Maria Mora, Staff Application Security Engineer and active OWASP lifetime member, shares how her experience at the OWASP AppSec Global conference in Barcelona has reaffirmed the power of community in security. While many attendees chase back-to-back talks and technical training, Maria highlights something often overlooked—connection. Whether at the member lounge ping-pong table, during late-night beach meetups, or over keynote reflections, it’s the relationships and shared purpose that make this event resonate. Maria emphasizes how her own journey into OWASP began with uncertainty but evolved into a meaningful path of participation. Through volunteering, serving on the events committee, and mentoring others, she has expanded not only her technical toolkit but also her ability to collaborate and communicate—skills she notes are essential in InfoSec but rarely prioritized. By stepping into the OWASP community, she’s learned that you don’t need decades of experience to contribute—just a willingness to start. Keynotes and sessions this year reinforced a similar message: security isn’t just about hard skills. It’s about bridging academia and industry, engaging first-time attendees, and creating welcoming spaces where no one feels like an outsider. Talks like Sarah Jané’s encouraged attendees to find their own ways to give back, whether by submitting to the call for papers, helping with logistics, or simply sparking hallway conversations. Maria also points to how OWASP structures participation to make it accessible. Through demo rooms, project hubs, and informal lounge chats, attendees find ways to contribute to global initiatives like the OWASP Top 10 or volunteer-led trainings. Whether it’s your first conference or your tenth, there’s always room to jump in. For Maria, OWASP no longer feels like a secret club—it’s a growing, open collective focused on helping people bring their best selves to security. That’s the power of community: not just lifting up software, but lifting up each other. And for those thinking of taking the next step, Maria reminds us that the call for papers for OWASP DC is open through June 24th. As she puts it, “We all have something valuable to share—sometimes you just need the nudge to start.” GUEST: Maria Mora | Staff Application Security Engineer and OWASP events committee member | https://www.linkedin.com/in/riamaria/ HOST: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com SPONSORS Manicode Security: https://itspm.ag/manicode-security-7q8i RESOURCES Learn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
I
ITSPmagazine Podcasts
1 Reaching Human Equivalency with Agentic AI: A Real-World Look at Security Outcomes | An eSentire Brand Story With Dustin Hillard 45:24
45:24 Play Later Play Later Lists Like Liked45:24
Play Later Play Later Lists Like LikedAs Chief Technology Officer at eSentire, Dustin Hillard brings a deeply rooted background in AI and machine learning—going back over 15 years—to the practical challenges of cybersecurity. In this episode, Hillard discusses how his team is using agentic AI not for the sake of hype, but to augment real human workflows and achieve measurable, high-impact outcomes for clients. The conversation begins with a critical point: AI should be an enabler, not a shiny object. Hillard contrasts the superficial marketing claims that dominate vendor messaging with the grounded, transparent approach his team takes—an approach that fuses technology with hands-on human expertise to deliver results. eSentire’s focus is on containment and control. In over 99% of intrusion cases, their platform successfully stops threats at the first host. That is the benchmark by which Hillard wants AI judged—not by its novelty or buzz, but by whether it helps security teams stop attacks before damage spreads. Key to achieving this is the way automation is used to supercharge analysts. Instead of running just three or five high-value queries in a 15-minute response window, eSentire’s AI framework runs 30. This allows the system to comb through a customer’s historical data, generate hypotheses based on broader knowledge bases, and deliver structured, contextual findings. Analysts can then focus on judgment and decision-making, not searching logs or assembling fragments. Three pillars underpin this approach: direct telemetry gathering from tools like CrowdStrike and Microsoft, threat intelligence correlation, and contextual data from the customer environment. These layers combine to offer rich insights, fast. And importantly, the AI doesn’t operate in a black box. Hillard stresses explainability and auditability—every recommendation must be traceable back to concrete evidence, not just LLM-generated summaries. He also touches on the eight assessment areas his team uses to evaluate AI readiness and safety: from autonomy and guardrails to data privacy, effectiveness metrics, and adversarial resilience. The point isn’t to convince customers with buzzwords, but to earn trust by demonstrating measurable results and opening the door to real conversations. By encoding the investigative playbooks of seasoned analysts and executing them dynamically, agentic AI at eSentire isn’t replacing humans—it’s empowering them to respond faster and more accurately. That’s the difference between checking a marketing box and actually making a difference when every second counts. Guest: Dustin Hillard | CTO, eSentire | https://www.linkedin.com/in/dustinhillard/ RESOURCES Sorry We’re So Good: An Open Letter: https://itspm.ag/esentire-sorry4ek Visit the eSentire Website to learn more: https://itspm.ag/esentire-594149 Learn more and catch more stories from eSentire on ITSPmagazine: https://www.itspmagazine.com/directory/esentire Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story ______________________ Keywords: dustin hillard, sean martin, marco ciappelli, cybersecurity, ai, machine learning, automation, investigation, containment, transparency, brand story, brand marketing, marketing podcast, brand story podcast…
I
ITSPmagazine Podcasts
1 From Fraud to Fixes: Designing Usable Security for Financial Applications | An OWASP AppSec Global 2025 Conversation with Wojciech Dworakowski | On Location Coverage with Sean Martin and Marco… 11:29
11:29 Play Later Play Later Lists Like Liked11:29
Play Later Play Later Lists Like LikedIn this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today’s financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization. Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user’s smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim’s account, they can bypass multiple layers of security, often without needing traditional credentials. The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls. He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented. Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense. For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech’s real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that’s not just strong—but usable. GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/ HOST: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com SPONSORS Manicode Security: https://itspm.ag/manicode-security-7q8i RESOURCES Learn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
I
ITSPmagazine Podcasts
1 From Dashboards to Decisions: Why Your Security Metrics Might Be Leading You Astray | An OWASP AppSec Global 2025 Conversation with Aram Hovsepyan | On Location Coverage with Sean Martin and Marco… 16:18
16:18 Play Later Play Later Lists Like Liked16:18
Play Later Play Later Lists Like LikedIn this On Location episode during OWASP AppSec Global 2025 in Barcelona, Aram Hovsepyan, an active contributor to the OWASP SAMM project, brings a critical perspective to how the industry approaches security metrics, especially in vulnerability management. His message is clear: the way we collect and use metrics needs a serious rethink if we want to make real progress in reducing risk. Too often, organizations rely on readily available tool-generated metrics—like vulnerability counts—without pausing to ask what those numbers actually mean in context. These metrics may look impressive in a dashboard or board report, but as Aram points out, they’re often disconnected from business goals. Worse, they can drive the wrong behaviors, such as trying to reduce raw vulnerability counts without considering exploitability or actual impact. Aram emphasizes the importance of starting with organizational goals, formulating questions that reflect progress toward those goals, and only then identifying metrics that provide meaningful answers. It’s a research-backed approach that has been known for decades but is often ignored in favor of convenience. False positives, inflated dashboards, and a lack of alignment between metrics and strategy are recurring issues. Aram notes that many tools err on the side of overreporting to avoid false negatives, which leads to overwhelming—and often irrelevant—volumes of data. In some cases, up to 80% of identified vulnerabilities may be false positives, leaving security teams drowning in noise and chasing issues that may not matter. What’s missing, he argues, is a strategic lens. Vulnerability management should be one component of a broader application security program, not the centerpiece. The OWASP Software Assurance Maturity Model (SAMM) offers a framework for evaluating and improving across a range of practices—strategy, risk analysis, and threat modeling among them—that collectively support better decision-making. To move forward, organizations need to stop treating vulnerability data as a performance metric and start treating it as a signal in a larger conversation about risk, impact, and architectural choices. Aram’s call to action is simple: ask better questions, use tools more purposefully, and build security strategies that actually serve the business. GUEST: Aram Hovsepyan | OWASP SAMM Project Core Team member and CEO/Founder at CODIFIC | https://www.linkedin.com/in/aramhovsep/ HOST: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com SPONSORS Manicode Security: https://itspm.ag/manicode-security-7q8i RESOURCES Learn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
I
ITSPmagazine Podcasts
1 Why Global Community-Led Innovation Is Driving Real Application Security Progress | An OWASP AppSec Global 2025 Conversation with Starr Brown | On Location Coverage with Sean Martin and Marco… 9:06
9:06 Play Later Play Later Lists Like Liked9:06
Play Later Play Later Lists Like LikedIn this On Location episode during OWASP AppSec Global 2025 in Barcelona, Starr Brown, Director of Open Source Projects and Programs at OWASP, unpacks the real engine behind the organization’s impact: the projects and the people driving them forward. With over 130 active projects, OWASP continues to expand its open source contributions to improve software security across the board. While the OWASP Top 10 remains its most recognized initiative, Starr points out that it’s just one among many. Other significant projects include the Application Security Verification Standard (ASVS), the Software Assurance Maturity Model (SAMM), and the increasingly popular security games like Cornucopia, which use gamification to bring security concepts into business conversations and development workflows. AI is playing an increasingly prominent role in OWASP’s work. Starr highlights the GenAI Security Project as a focal point, encompassing tools and guidance for LLM use, agentic AI, red teaming, and more. The scale of community engagement is equally impressive: around 33,000 people are active on Slack, and hundreds contribute to individual initiatives, reflecting the organization’s truly global and grassroots structure. Beyond tools and documentation, OWASP is influencing regulation and policy through initiatives like the AI Exchange and the Transparency Exchange. These projects connect with government entities and standards bodies such as the European Commission and CEN/CENELEC to help shape responsible governance frameworks around software, AI, and cybersecurity. Listeners also get a glimpse into what’s ahead. From upcoming events in Washington, D.C., to the OWASP Community Room at DEF CON in Las Vegas, the goal is to keep fostering connections and hands-on engagement. These gatherings not only showcase flagship tools and frameworks but create space for open dialogue, prototyping, and collaboration—whether you’re breaking things or building them. To get involved, Starr encourages exploring the OWASP Projects page and joining their Slack community. The conversation makes it clear: OWASP is not just a collection of tools—it’s a living, breathing network of contributors shaping the future of secure software. GUEST: Starr Brown | Director of Open Source Projects and Programs at OWASP | https://www.linkedin.com/in/starr-brown-8837547/ HOST: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com SPONSORS Manicode Security: https://itspm.ag/manicode-security-7q8i RESOURCES Learn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to ITSPmagazine Podcasts
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
A podcast about web design and development.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Catalyst, a Launch by NTT DATA podcast, puts humans at the front and center of digital transformation. Each week, we feature thought leaders who share their insights on reinventing digital experiences, enhancing customer journeys, and driving innovation in the enterprise. From platform transformation to the latest advancements in AI, our guests delve into the challenges and triumphs of digital transformation, emphasizing the critical role of human ingenuity and leadership. Learn more about L ...
…
continue reading
"web3 with a16z" is a show about the next generation of the internet, and about how builders and users -- whether artists, coders, creators, developers, companies, organizations, or communities -- now have the ability to not just "read" (web1) + "write" (web2) but "own" (web3) pieces of the internet, unlocking a new wave of creativity and entrepreneurship. Brought to you by a16z crypto, this show is the definitive resource for understanding and going deeper on all things crypto and web3. Fro ...
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
The a16z Podcast discusses tech and culture trends, news, and the future – especially as ‘software eats the world’. It features industry experts, business leaders, and other interesting thinkers and voices from around the world. This podcast is produced by Andreessen Horowitz (aka “a16z”), a Silicon Valley-based venture capital firm. Multiple episodes are released every week; visit a16z.com for more details and to sign up for our newsletters and other content as well!
…
continue reading
For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a software developer and how the art and practice of programming is changing our world. From Rails to React, from Java to Node.js, join the Stack home team for conversations with fascinating guests to help you understand how technology is made and where it’s headed.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
