Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Player FM - Internet Radio Done Right
Checked 2d ago
Added four years ago
Content provided by Chris Hughes. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chris Hughes or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Resilient Cyber
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We help founders make something people want.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/species-unite">Species Unite</a></span>
Stories that change the way the world treats animals.
S6E18: Stephen Carter - VulnMgt Modernization & FedRAMP
Manage episode 421964845 series 2947250
Content provided by Chris Hughes. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chris Hughes or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
- For those don't know your background or Nucleus Security, can you start by telling us a bit about both?
- You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process?
- When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help?
- Going broader, we have seen a recent uptick in the interest around VulnMgt, and looking to modernize the way we do things. What do you think is driving this recent focus on VulnMgt and what major innovations or disruptions in the space do you see underway?
- What do you feel helps differentiate Nucleus Security from some of the other competitors we see in this space focusing on this problem?
- We're seeing a big push for Secure-by-Design software, which of course deals with driving down vulnerabilities, and repeated classes of vulnerabilities. What's your take on this push and do you see it being effective?
171 episodes
Share
Manage episode 421964845 series 2947250
Content provided by Chris Hughes. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chris Hughes or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
- For those don't know your background or Nucleus Security, can you start by telling us a bit about both?
- You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process?
- When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help?
- Going broader, we have seen a recent uptick in the interest around VulnMgt, and looking to modernize the way we do things. What do you think is driving this recent focus on VulnMgt and what major innovations or disruptions in the space do you see underway?
- What do you feel helps differentiate Nucleus Security from some of the other competitors we see in this space focusing on this problem?
- We're seeing a big push for Secure-by-Design software, which of course deals with driving down vulnerabilities, and repeated classes of vulnerabilities. What's your take on this push and do you see it being effective?
171 episodes
All episodes
×
R
Resilient Cyber
1 Resilient Cyber w/ Jim Manico - Enhancing Software Security in the Era of AI 20:06
20:06 
Play Later 
Play Later 
Lists 
Like 
Liked20:06
Play Later Play Later Lists Like LikedIn this episode, we sit down with Jim Manico, a longtime industry AppSec Leader, Educator, and Innovator, to discuss enhancing software security in the era of AI. This includes covering recent talks Jim has given about using AI as a force multiplier for software development, the importance of security-centric prompting, and the overall impact of AI on the field of AppSec. We discussed: A recent talk Jim gave where he discussed transforming secure software creation with AI, doing the work of teams of people on his own, and what used to take tens of thousands of hours through the use of agents and various frontier models and offerings. The importance of security-centric prompting and guidance for models to produce secure code and the impact on vulnerability velocity by doing so. The risks of the broader developer community leaning into these tools without adding security-centric prompts and guidance, but the opportunity for prompt libraries and enterprise controls to lead to systemic secure software development within the enterprise. The workforce implications of AI-driven development and the need to upskill to stay relevant (and employable). Where Jim sees opportunity beyond just AppSec when it comes to AI and Cybersecurity, in other areas such as GRC and SecOps as well.…
R
Resilient Cyber
1 Resilient Cyber w/ AJ Yawn - Transforming Compliance Through GRC Engineering 35:53
35:53 Play Later Play Later Lists Like Liked35:53
Play Later Play Later Lists Like LikedIn this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance. We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era. We dove into: What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and Compliance What some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API’s, Automation and now AI Specific examples of GRC Engineering, including the use of automation, API’s and cloud-native services to streamline security control implementation, assessment and reporting The promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplier AJ’s new book “ GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering ”…
R
Resilient Cyber
1 Resilient Cyber w/ Patrick Duffy: Securing the Modern Workspace 19:32
19:32 Play Later Play Later Lists Like Liked19:32
Play Later Play Later Lists Like LikedIn this episode of Resilient Cyber, we chat with Patrick Duffy, Product Manager at Material Security, on Securing the Modern Workspace. The conversation will include discussions about the increased adoption of cloud office suites, limitations of traditional security approaches, and a deep dive into how Material Security is tackling issues such as securing email and data, identity threat detection, and posture management. Stepping back a bit before we get too specific, we've seen major fundamental shifts in the way organizations work and operate today, including widespread adoption of Cloud Office Suites (e.g., Google Workspaces, Microsoft 365, etc.). How have these shifts changed the threat landscape, and what sort of issues are we seeing with traditional security practices when it comes to securing these environments? We know phishing and email attacks are common and critical to protect against, but what about challenges around visibility of accounts/activity, sensitive data, and secure configurations and posture? Getting more specific to Material, can you help us understand how you all approach this problem space from a platform and offering perspective? What are some key features and abilities Material Security customers utilize to secure their cloud office suite environments, and what threats do they help against? What are some key differentiators for Material compared to some of the other vendors working on this problem, or even how do you all differ from some of the native security capabilities of environments such as M365 or Google Workspace? This space continues to evolve, both in terms of the cloud workspace environments and their usage by organizations and the relevant threats. How is Material preparing for these changes, whether it's the widespread adoption of AI, increased complexity, and so on It's always great to hear some first-hand use cases and applications. Can you share some examples where Material Security has found success with specific customers and users of the solution? We've covered everything from the pitfalls and shortcomings of traditional security approaches to cloud office suites to where the market is headed. Where can folks learn more about Material, and what should we keep an eye out for next?…
R
Resilient Cyber
1 Resilient Cyber w/ Bob Ritchie - Securing Federal & Defense Digital Modernization 40:58
40:58 Play Later Play Later Lists Like Liked40:58
Play Later Play Later Lists Like LikedIn this episode, I sit down with SAIC Chief Technology Officer (CTO) and longtime Federal/Defense leader Bob Ritchie to discuss his experience securing public sector digital modernization, including everything from large multi-cloud environments to zero trust, identity, and where things are headed with AI. Bob starts discussing SAIC and his background there. He went from intern to CTO over 20 years with this public sector industry leader, including a brief stint with Capital One on the commercial side. We covered the current state of the federal cloud community across multiple clouds (e.g., Azure, AWS, and GCP) and some of the challenges and opportunities on the security front. We often hear phrases such as “identity is the new perimeter,” but the perimeter is porous and problematic, especially in large, disparate environments such as the Federal/Defense ecosystem. Bob touched on the current state of identity security in this ecosystem, where progress is being made and what challenges still need to be tackled. The government is doing a big push towards Zero Trust, with the Cyber EO 14028, Federal/Defense ZT strategies, and more. But how much progress is being made on ZT, and where can we look for examples of innovation and success? We dove into the rise of excitement and adoption of AI, GenAI, Agentic AI, and protocols such as MCP, A2A, and where the public sector community can lean into Agentic AI for use cases ranging from SecOps, AppSec, GRC, and more. Bob explains how he balances a good business focus while staying deep in the weeds and proficient in relevant emerging technologies and nuances required as a CTO. I’ve known Bob for several years, and you would be hard pressed to find a more competent technology leader. This is not one to miss!…
R
Resilient Cyber
1 Resilient Cyber w/ Wade Baker - Data Driven Incident Impact Analysis 45:55
45:55 Play Later Play Later Lists Like Liked45:55
Play Later Play Later Lists Like LikedIn this episode, I sit down with longtime industry researcher Wade Baker to dive into Cyentia's latest IRIS report . The report provides a data-driven look at incident trends, impacts, costs, and more. Are cyber incidents becoming more or less frequent? Are specific industries doing better than others? What does the average incident impact actually look like? Tune in to learn the answers, along with many other interesting insights! The report found that the number of security incidents continue to climb YoY, which isn’t a surprise, although there has been peaks and valleys throughout various periods, note the huge uptick in 2021~ Similar to recent reports such as DBIR and M-Trends, application exploitation (e.g., system intrusion) is climbing. In contrast, methods such as physical threat and others have declined due to increased cloud adoption, virtual infrastructure, and so on. One finding that may surprise some is that the proportion of incidents is going down for some organizations, particularly the largest enterprises, while it is going up for SMBs and smaller organizations. This ties to concepts such as the cybersecurity poverty line, which I have discussed in other articles, such as with Ross Haleliuk in our article “ Lifting the world out of cybersecurity poverty .” This is likely due to factors such as large enterprise organizations having robust security teams, larger budgets, being able to afford the latest security tooling and more, while SMB’s often fail to have many of these and deal with resource constraints in both dollars and expertise. We also see sectors which had historically low incidents now climbing, likely due to factors such as increased adoption of software and being digitally connected, as well as being a previously untapped sector for attackers…
R
Resilient Cyber
1 Resilient Cyber w Phil Venables Security Leadership: Vulnerabilities to VC 30:37
30:37 Play Later Play Later Lists Like Liked30:37
Play Later Play Later Lists Like LikedIn this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspective The double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community. Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow…
R
Resilient Cyber
1 Resilient Cyber w/ Vineeth Sai Narajala: Model Context Protocol (MCP) - Potential & Pitfalls 18:32
18:32 Play Later Play Later Lists Like Liked18:32
Play Later Play Later Lists Like LikedIn this episode, I discuss the Model Context Protocol (MCP) with the OWASP GenAI Co-Lead for Agentic Application Security, Vineeth Sai Narajala. We will discuss MCP's potential and pitfalls, its role in the emerging Agentic AI ecosystem, and how security practitioners should consider secure MCP enablement. We discussed: MCP 101, what it is and why it matters The role of MCP as a double-edged sword, offering opportunities but additional risks and considerations from a security perspective Vineeth's work on the "Vulnerable MCP" project is a repository of MCP risks, vulnerabilities, and corresponding mitigations. How MCP is also offering tremendous opportunities on the security-enabling side, extending security capabilities into AI-native platforms such as Claude and Cursor, and security vendors releasing their own MCP servers Where we see MCP heading from a research and implementation perspective Additional Resources: Anthropic - Introducing the Model Context Protocol (MCP) Enhanced Tool Definition Interface (ETDI): A Security Fortification for the Model Context Protocol Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies Vulnerable MCP Project…
R
Resilient Cyber
1 Resilient Cyber w/ Jay Jacobs & Michael Roytman - VulnMgt Modernization & Localized Modeling 33:53
33:53 Play Later Play Later Lists Like Liked33:53
Play Later Play Later Lists Like LikedIn this episode, I sit with long-time vulnerability management and data science experts Jay Jacobs and Michael Roytman , who recently co-founded Empirical Security . We dive into the state of vulnerability management, including: How it is difficult to quantify and evaluate the effectiveness of vulnerability prioritization and scoring schemes, such as CVSS, EPSS, KEV, and proprietary vendor prioritization frameworks, and what can be done better Systemic challenges include setbacks in the NIST National Vulnerability Database (NVD) program, the MITRE CVE funding fiasco, and the need for a more resilient vulnerability database and reporting ecosystem. Domain-specific considerations when it comes to vulnerability identifiers and vulnerability management, in areas such as AppSec, Cloud, and Configuration Management, and using data to make more effective decisions The overuse of the term “single pane of glass” and some alternatives Empirical’s innovative approach to “localized” models when it comes to vulnerability management, which takes unique organizational and environmental considerations into play, such as mitigating controls, threats, tooling, and more, and how they are experimenting with this new approach for the industry…
R
Resilient Cyber
1 Resilient Cyber: Ravid Circus - Tackling the Prioritization Crisis in Cyber 23:02
23:02 Play Later Play Later Lists Like Liked23:02
Play Later Play Later Lists Like LikedIn this episode, we sit down with the Co-Founder and CPO of Seemplicity , Ravid Circus , to discuss tackling the prioritization crisis in cybersecurity and how AI is changing vulnerability management. We dove into a lot of great topics, including: The massive challenge of not just finding and managing vulnerabilities but also remediation, with Seemplicity’s Year in Review report finding organizations face 48.6 million vulnerabilities annually and only 1.7 % of them are critical. That still means hundreds of thousands to millions of vulnerabilities need to be remedied - and organizations struggle with this, even with the context of what to prioritize. There’s a lot of excitement around AI in Cyber, including in GRC, SecOps, and, of course, AppSec and vulnerability management. How do you discern between what is hype and what can provide real outcomes? What practical steps can teams take to bridge the gap between AI’s ability to find problems and security teams’ ability to fix them? One of the major issues is determining who is responsible for fixing findings in the space of Remediation Operations, where Seemplicity specializes. Ravid talks about how, both technically and culturally, Seemplicity addresses this challenge of finding the fixer. What lies ahead for Seemplicity this year with RSA and beyond…
R
Resilient Cyber
1 Resilient Cyber w/ Varun Badhwar - AI for AppSec - Beyond the Buzzwords 26:44
26:44 Play Later Play Later Lists Like Liked26:44
Play Later Play Later Lists Like LikedIn this episode, we sit down with Varun Badhwar , Founder and CEO of Endor Labs , to discuss the state of AI for AppSec and move beyond the buzzwords. We discussed the rapid adoption of AI-driven development, its implications for AppSec, and how AppSec can leverage AI to address longstanding challenges and mitigate organizational risks at scale. Varun and I dove into a lot of great topics, such as: The rise of GenAI and LLMs and their broad implications on Cybersecurity The dominant use case of AI-driven development with Copilots and LLM written code, leading to a Developer productivity boost. AppSec has struggled to keep up historically, with vulnerability backlogs getting out of control. What will the future look like now? Studies show that AI-driven development and Copilots don’t inherently produce secure code, and frontier models are primarily trained on open source software, which has vulnerabilities and other risks. What are the implications of this for AppSec? How can AppSec and Cyber leverage AI and agentic workflows to address systemic security challenges? Developers and attackers are both early adopters of this technology. Navigating vulnerability prioritization, dealing with insecure design decisions and addressing factors such as transitive dependencies. The importance of integrating with developer workflows, reducing cognitive disruption and avoiding imposing a “Developer Tax” with legacy processes and tooling from security.…
R
Resilient Cyber
1 Resilient Cyber w/ Jit - Agentic AI for AppSec is Here 28:03
28:03 Play Later Play Later Lists Like Liked28:03
Play Later Play Later Lists Like LikedIn this episode, we sit down with David Melamed and Shai Horovitz of the Jit team. We discussed Agentic AI for AppSec and how security teams use it to get real work done. We covered a lot of key topics, including: What some of the systemic problems facing AppSec are, even before the widespread adoption of AI, such as vulnerability prioritization, security technical debt and being outnumbered exponentially by Developers. The surge of interest and investment in AI and agentic workflows for AppSec, and why AppSec is an appealing space for this sort of investment and excitement. How the prior wave of AppSec tooling was focused on findings problems, riding the wave of shift left but how this has led to alert fatigue and overload, and how the next-era of AppSec tools will need to focus on not just finding but actually fixing problems. Some of the unique capabilities and features the Jit team has been working on, such as purpose-built agents in areas such as SecOps, AppSec and Compliance, as well as context-graphs with organizational insights to drive effective remediation. The role of Agentic AI and how it will help tackle some of the systemic challenges in the AppSec industry. Addressing concerns around privacy and security when using AI, by leveraging offerings from CSPs and integrating guardrails and controls to mitigate risks.…
R
Resilient Cyber
1 Resilient Cyber w/ Piyush Sharrma - AI-Powered Defense & Security Mesh 29:10
29:10 Play Later Play Later Lists Like Liked29:10
Play Later Play Later Lists Like LikedIn this episode, we sit down with Piyush Sharrma, CEO and co-founder of the Tuskira team. They're an AI-powered defense optimization platform innovating around leveraging an Agentic Security Mesh. We will dive into topics such as Platform vs. Point Solutions, Security Tool Sprawl, Alert Fatigue, and how AI can create "intelligent" layers to unify and enhance security tooling ROI. We discussed: What drove Piyush to jump back into the startup space after successfully exiting from a previous startup he helped found The industry debate around Platform vs. Point Solutions or Best-of-Breed and the perspectives between industry industry leaders and innovative startups Dealing with the challenge of alert fatigue security and development teams and the role of AI in reducing cognitive overload and providing insight into organizational risks across tools, tech stacks, and architectures The role of AI in providing intelligence layers or an Agentic Security Mesh across existing security tools and defenses and mitigating organizational risks beyond isolated vulnerability scans by looking at compensating controls, configurations, and more. Shifting security from a reactionary model around incident response and exploitation to a preemptive risk defense model that minimizes attack surface and optimizes existing security investments and architectures…
R
Resilient Cyber
1 Resilient Cyber w/ Elad Schulman - Secure Enterprise LLM/GenAI Adoption 32:33
32:33 Play Later Play Later Lists Like Liked32:33
Play Later Play Later Lists Like LikedWe sit with Lasso Security CEO and Co-Founder Elad Schulman in this episode. Lasso focuses on secure enterprise LLM/GenAI adoption, from LLM Applications, GenAI Chatbots, Code Protection, Model Red Teaming, and more. Check them out at https://lasso.security We dove into a lot of great topics, such as: Dealing with challenges around visibility and governance of AI, much like previous technological waves such as mobile, Cloud, and SaaS Unique security considerations for different paths of using and building with AI, such as self-hosted models and consuming models as-a-service from SaaS LLM providers Potential vulnerabilities and threats associated with AI-driven development products such as Copilots and Coding assistants Software Supply Chain Security (SSCS) risks such as package hallucinations, and both safeguarding the data that goes out to external coding tools, as well as secure consumption of the data coming into the organization Securing AI itself and dealing with risks and threats such as model poisoning and implementing model red teaming Lasso discovered several critical concerns in their AI security research, such as Microsoft’s Copilot exposing thousands of private GitHub repos…
R
Resilient Cyber
1 Resilient Cyber w/ Sergej Epp - Cloud-native Runtime Security & Usage 32:13
32:13 Play Later Play Later Lists Like Liked32:13
Play Later Play Later Lists Like LikedIn this episode, we sit with security leader and venture investor Sergej Epp to discuss the Cloud-native Security Landscape. Sergej currently serves as the Global CISO and Executive at Cloud Security leader Sysdig and is a Venture Partner at Picus Capital. We will dive into some insights from Sysdig's recent " 2025 Cloud-native Security and Usage Report ." Big shout out to our episode sponsor, Yubico ! Passwords aren’t enough. Cyber threats are evolving, and attackers bypass weak authentication every day. YubiKeys provides phishing-resistant security for individuals and businesses—fast, frictionless, and passwordless. Upgrade your security: https://yubico.com Sergj and I dove into a lot of great topics related to Cloud-native Security, including: Some of the key trends in the latest Sysdig 2025 Cloud-native Security Report and trends that have stayed consistent YoY. Sergj points out that while attackers have stayed consistent, organizations have and continue to make improvements to their security Sergj elaborated on his current role as Sysdig’s internal CISO and his prior role as a field CISO and the differences between the two roles in terms of how you interact with your organization, customers, and the community. We unpacked the need for automated Incident Response, touching on how modern cloud-native attacks can happen in as little as 10 minutes and how organizations can and do struggle without sufficient visibility and the ability to automate their incident response. The report points out that machine identities, or Non-Human Identities (NHI), are 7.5 times riskier than human identities and that there are 40,000 times more of them to manage. This is a massive problem and gap for the industry, and Sergj and I walked through why this is a challenge and its potential risks. Vulnerability prioritization continues to be crucial, with the latest Sysdig report showing that just 6% of vulnerabilities are “in-use”, or reachable. Still, container bloat has ballooned, quintupling in the last year alone. This presents real problems as organizations continue to expand their attack surface with expanded open-source usage but struggle to determine what vulnerabilities truly present risks and need to be addressed. We covered the challenges with compliance, as organizations wrestle with multiple disparate compliance frameworks, and how compliance can drive better security but also can have inverse impacts when written poorly or not keeping pace with technologies and threats. We rounded out the conversation with discussing AI/ML packages and the fact they have grown by 500% when it comes to usage, but organizations have decreased public exposure of AI/ML workloads by 38% since the year prior, showing some improvements are being made to safeguarding AI workloads from risks as well.…
R
Resilient Cyber
1 Resilient Cyber w/ Lior Div & Nate Burke - Agentic AI & the Future of Cyber 36:25
36:25 Play Later Play Later Lists Like Liked36:25
Play Later Play Later Lists Like LikedIn this episode, we sit down with Lior Div and Nate Burke of 7AI to discuss Agentic AI, Service-as-Software, and the future of Cybersecurity. Lior is the CEO/Co-Founder of 7AI and a former CEO/Co-Founder of Cybereason, while Nate brings a background as a CMO with firms such as Axonius, Nagomi, and now 7AI . Lior and Nate bring a wealth of experience and expertise from various startups and industry-leading firms, which made for an excellent conversation. We discussed: The rise of AI and Agentic AI and its implications for cybersecurity. Why the 7AI team chose to focus on SecOps in particular and the importance of tackling toil work to reduce cognitive overload, address workforce challenges, and improve security outcomes. The importance of distinguishing between Human and Non-Human work, and why the idea of eliminating analysts is the wrong approach. Being reactive and leveraging Agentic AI for threat hunting and proactive security activities. The unique culture that comes from having the 7AI team in-person on-site together, allowing them to go from idea to production in a single day while responding quickly to design partners and customer requests. Challenges of building with Agentic AI and how the space is quickly evolving and growing. Key perspectives from Nate as a CMO regarding messaging around AI and getting security to be an early adopter rather than a laggard when it comes to this emerging technology. Insights from Lior on building 7AI compared to his previous role, founding Cybereason, which went on to become an industry giant and leader in the EDR space.…
R
Resilient Cyber
1 Resilient Cyber w/ Chenxi Wang - The Intersection of AI & Cybersecurity 36:25
36:25 Play Later Play Later Lists Like Liked36:25
Play Later Play Later Lists Like LikedIn this episode, we sit down with Investor, Advisor, Board Member, and Cybersecurity Leader Chenxi Wang to discuss the interaction of AI and Cybersecurity, what Agentic AI means for Services-as-a-Software, as well as security in the boardroom Chenxi and I covered a lot of ground, including: When we discuss AI for Cybersecurity, it is usually divided into two categories: AI for Cybersecurity and Securing AI. Chenxi and I walk through the potential for each and which one she finds more interesting at the moment. Chenxi believes LLMs are fundamentally changing the nature of software development, and the industry's current state seems to support that. We discussed what this means for Developers and the cybersecurity implications when LLMs and Copilots create the majority of code and applications. LLMs and GenAI are currently being applied to various cybersecurity areas, such as SecOps, GRC, and AppSec. Chenxi and I unpack which areas AI may have the greatest impact on and the areas we see the most investment and innovation in currently. As mentioned above, there is also the need to secure AI itself, which introduces new attack vectors, such as supply chain attacks, model poisoning, prompt injection, and more. We cover how organizations are currently dealing with these new attack vectors and the potential risks. The biggest buzz of 2025 (and beyond) is Agentic AI or AI Agents, and their potential to disrupt traditional services work represents an outsized portion of cybersecurity spending and revenue. Chenxi envisions a future where Agentic AI and Services-as-a-Software may change what cyber services look like and how cyber activities are conducted within an organization. If you aren’t already following Chenxi Wang on LinkedIn, I strongly recommend you do. I have a lot of connections, but she is someone when I see a post, I am sure to stop and read because she shares a TON of great insights from the boardroom, investment, cyber, startups, AI, and more. I’m thankful to have her on the show to come chat!…
R
Resilient Cyber
1 Resilient Cyber w/ Rob Shavell - Personal Data & Online Privacy 28:49
28:49 Play Later Play Later Lists Like Liked28:49
Play Later Play Later Lists Like LikedIn this episode, we sit down with Rob Shavell, CEO and Co-Founder of DeleteMe , an organization focused on safeguarding exposed personal data on the public web and addressing user privacy challenges. We dove into a lot of great topics, such as: The rapidly growing problem of personal data ending up on the public web and some of the major risks many may not think about or realize Trends contributing to personal data exposure, from the Internet itself to social media, mobile phones/apps, IoT devices, COVID, and now AI Where to get started when it comes to taking control of your personal data and privacy Potential abuses and malicious uses for personal data and how threat actors are leveraging it How DeleteMe can help, as well as free resources and DIY guides that individuals can use to mitigate risk associated with their personal data being exposed…
R
Resilient Cyber
1 Resilient Cyber w/ Steve Martano - CISO's, Security Budgets & Careers 25:06
25:06 Play Later Play Later Lists Like Liked25:06
Play Later Play Later Lists Like LikedIn this episode of Resilient Cyber, we sit down with Steve Martano, Partner in the cyber Security Practice at Artico Search, to discuss the recent IANS & Artico Search Publications on the 2025 State of the CISO, security budgets, and broader security career dynamics. Steve and I touched on some great topics, including: The 2025 State of the CISO report and key findings Board reporting cadences for CISO’s and the importance of Boardroom involvement in Cybersecurity The three archetypes of CISO’s: Tactical, Functional and Strategic How security leaders can advance their career to becoming strategic CISO’s as well as key considerations for organziation’s looking to attract and retain their security talent The growing scope of responsibility for CISO roles from not just Infosec but to broader IT, business risk, and digital strategy and implications for CISO’s Security budget trends, spending, macroeconomic factors and allocations Here are a list of some of the great resources from IANS and Artico below on various areas of interest for CISO’s and Security leaders alike! https://www.iansresearch.com/resources/ians-security-budget-benchmark-report https://www.iansresearch.com/resources/ians-ciso-compensation-benchmark-report https://www.iansresearch.com/resources/ians-state-of-the-ciso-report https://www.iansresearch.com/resources/ians-leadership-organization-benchmark-report…
R
Resilient Cyber
1 Resilient Cyber w/ Katie Norton - AppSec Industry Analysis & Trends 47:19
47:19 Play Later Play Later Lists Like Liked47:19
Play Later Play Later Lists Like LikedIn this episode of Resilient Cyber, we catch up with Katie Norton , an Industry Analyst at IDC who focuses on DevSecOps and Software Supply Chain Security. We will dive into all things AppSec, including 2024 trends and analysis and 2025 predictions. Katie and I discussed: Her role with IDC and transition from Research and Data Analytics into being a Cyber and AppSec Industry Analyst and how that background has served her during her new endeavor. Key themes and reflections in AppSec through 2024, including disruption among Software Composition Analysis (SCA) and broader AppSec testing vendors. The age-old Platform vs. Point product debate concerns the iterative and constant cycle of new entrants and innovations that grow, add capabilities, and become platforms or are acquired by larger platform vendors. The cycle continues infinitely. Katie's key research areas for 2025 include Application Security Posture Management (ASPM), Platform Engineering, SBOM Management, and Securing AI Applications. The concept of a “Developer Tax” and the financial and productivity impact legacy security tools and practices are having on organizations while also building silos between us and our Development peers. The role of AI in corrective code fixes and the ability of AI-assisted automated remediation tooling to drive down remediation timelines and vulnerability backlogs. The importance of storytelling, both as an Industry Analyst and in the broader career field of Cybersecurity.…
R
Resilient Cyber
1 Resilient Cyber w/ Ed Merrett - AI Vendor Transparency: Understanding Models, Data and Customer Impact 23:55
23:55 Play Later Play Later Lists Like Liked23:55
Play Later Play Later Lists Like LikedIn this episode of Resilient Cyber, Ed Merrett, Director of Security & TechOps at Harmonic Security, will dive into AI Vendor Transparency. We discussed the nuances of understanding models and data and the potential for customer impact related to AI security risks. Ed and I dove into a lot of interesting GenAI Security topics, including: Harmonic’s recent report on GenAI data leakage shows that nearly 10% of all organizational user prompts include sensitive data such as customer information, intellectual property, source code, and access keys. Guardrails and measures to prevent data leakage to external GenAI services and platforms The intersection of SaaS Governance and Security and GenAI and how GenAI is exacerbating longstanding SaaS security challenges Supply chain risk management considerations with GenAI vendors and services, and key questions and risks organizations should be considering Some of the nuances between self-hosted GenAI/LLM’s and external GenAI SaaS providers The role of compliance around GenAI and the different approaches we see between examples such as the EU with the EU AI Act, NIS2, DORA, and more, versus the U.S.-based approach…
R
Resilient Cyber
1 Resilient Cyber w/ Sounil Yu - The Intersection of AI and Need-to-Know 26:41
26:41 Play Later Play Later Lists Like Liked26:41
Play Later Play Later Lists Like LikedIn this episode, we sit down with Sounil Yu , Co-Founder and CTO at Knostic , a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI. Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix. Sounil and I dug into a lot of interesting topics, such as: The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S. The different approaches to AI security and safety we’re seeing unfold between the U.S. and EU, with the former being more best-practice and guidance-driven and the latter being more rigorous and including hard requirements. The age-old concept of need-to-know access control, the role it plays, and potentially new challenges implementing it when it comes to LLM’s Organizations rolling out and adopting LLMs and how they can go about implementing least-permissive access control and need-to-know Some of the different security considerations between Some of the work Knostic is doing around LLM enterprise readiness assessments, focusing on visibility, policy enforcement, and remediation of data exposure risks ---------------- Interested in sponsoring an issue of Resilient Cyber? This includes reaching over 16,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives Reach out below! -> Contact Us! ----------------…
R
Resilient Cyber
1 Resilient Cyber w/ Grant Oviatt - Transforming SecOps with AI SOC Analysts 19:25
19:25 Play Later Play Later Lists Like Liked19:25
Play Later Play Later Lists Like LikedSecOps continues to be one of the most challenging areas of cybersecurity. It involves addressing alert fatigue, minimizing dwell time and meantime-to-respond (MTTR), automating repetitive tasks, integrating with existing tools, and leading to ROI. In this episode, we sit with Grant Oviatt, Head of SecOps at Prophet Security and an experienced SecOps leader, to discuss how AI SOC Analysts are reshaping SecOps by addressing systemic security operations challenges and driving down organizational risks. Grant and I dug into a lot of great topics, such as: Systemic issues impacting the SecOps space include alert fatigue, triage, burnout, staffing shortages, and inability to keep up with threats. What makes SecOps such a compelling niche for Agentic AI, and what key ways can AI help with these systemic challenges? How Agentic AI and platforms such as Prophet Security can aid with key metrics such as SLOs or meantime-to-remediation (MTTR) to drive down organizational risks. Addressing the skepticism around AI, including its use in production operational environments and how the human-in-the-loop still plays a critical role for many organizations. Many organizations are using Managed Detection and Response (MDR) providers as well, and how Agentic AI may augment or replace these existing offerings depending on the organization's maturity, complexity, and risk tolerance. How Prophet Security differs from vendor-native offerings such as Microsoft Co-Pilot and the role of cloud-agnostic offerings for Agentic AI.…
R
Resilient Cyber
1 Resilient Cyber w/ Mick Leach - 5 Email Threats to Watch For in 2025 31:30
31:30 Play Later Play Later Lists Like Liked31:30
Play Later Play Later Lists Like LikedWhile cybercriminals can (and do) infiltrate organizations by exploiting software vulnerabilities and launching brute force attacks, the most direct—and often the most effective—route is via the inbox. As the front door of an enterprise and the gateway upon which employees rely to do their jobs, the inbox represents an ideal access point for attackers. And it seems that, unfortunately, cybercriminals aren’t lacking when it comes to identifying new ways to sneak in. Abnormal Security’s Field CISO, Mick Leach, will discuss some of the sophisticated threats we anticipate escalating in the coming year—including cryptocurrency fraud, AI-generated business email compromise, and more. Mick and I dove into a lot of great topics, including: The evolution of email based attacks and why traditional tooling may fall short How attackers are leveraging GenAI and LLM’s to make more compelling email-based attacks How defenders can utilize AI to improve their defensive capabilities The role of tooling such as Secure Email Gateways and more, and how they still play a role but fail to meet the latest threat landscape How Abnormal is tacking email-based attacks and the outcomes they are helping customers achieve with streamlined integration and use…
R
Resilient Cyber
1 Resilient Cyber w/ Rajan Kapoor - Native Cloud Workspace Gaps and Risks 30:17
30:17 Play Later Play Later Lists Like Liked30:17
Play Later Play Later Lists Like LikedIn this episode, we sit down with Rajan Kapoor , Field CISO of Material Security , to discuss the security risks and shortcomings of native cloud workspace security offerings and the role of modern platforms for email security, data governance, and posture management. Email and Cloud Collaboration Workspace Security continues to be one of the most pervasive and challenging security environments, and Rajan provided a TON of excellent insights. We covered: Why email and cloud workspaces are some of the most highly targeted environments by cyber criminals, what they can do once they do compromise the email environment, and the broad implications. The lack of security features and capabilities of native cloud workspaces such as M365 and Google Workspaces and the technical and resource constraints that drive teams to seek out innovative products such as Material Security. The tug of war between security and productivity and how Material Security helps address challenges of the native workspaces that often make it hard for people to do their work and lead to security being sidestepped. Particularly industries that are targeted and impacted the most, such as healthcare, where there is highly sensitive data, regulatory challenges, and more. Common patterns among threats, attacks, and vulnerabilities and how organizations can work to bolster the security of their cloud workspace environments. This is a fascinating area of security. We often hear “identity is the new perimeter” and see identity play a key role in trends such as zero trust. But, so often, that identity starts with your email, and it can lead to lateral movement, capturing MFA codes, accessing sensitive data, impacting business partners, phishing others in the organization, and more, all of which can have massive consequences for the organizations impacted. Raja brought his expertise as a Field CISO and longtime security practitioner to drop a ton of gems in this one, so be sure to check it out!…
R
Resilient Cyber
1 Resilient Cyber w/ Greg Martin - Agentic AI and AppSec 27:13
27:13 Play Later Play Later Lists Like Liked27:13
Play Later Play Later Lists Like LikedWe’ve heard a ton of excitement about AI Agents, Agentic AI, and its potential for Cybersecurity. This ranges in areas such as GRC, SecOps, and Application Security (AppSec). That is why I was excited to sit down with Ghost Security Co-Founder/CEO Greg Martin. In this episode, we sit down with Ghost Security CEO and Co-Founder Greg Martin to chat about Agentic AI and AppSec. Agentic AI is one of the hottest trends going into 2025, and we will discuss what it is, its role in AppSec, and what system industry challenges it may help tackle. Greg and I chatted about a lot of great topics, including: The hype around Agentic AI and what makes AppSec, in particular, such a promising area and use case for AI to tackle longstanding AppSec challenges such as vulnerabilities, insecure code, backlogs, and workforce constraints. Greg’s experience as a multi-time founder, including going through acquisitions, but what continues to draw him back to being a builder and operational founder. The challenges of historical AppSec tooling and why the time for innovation, new ways of thinking, and leveraging AI is due. Whether we think AI will end up helping or hurting more in terms of defenders and attackers and their mutual use of this promising technology. And much more, so be sure to tune in and check it out, as well as check out his team at Ghost Security and what they’re up to!…
R
Resilient Cyber
1 Resilient Cyber w/ Filip Stojkovski & Dylan Williams - Agentic AI & SecOps 22:45
22:45 Play Later Play Later Lists Like Liked22:45
Play Later Play Later Lists Like LikedIn this episode, we will be sitting down with Filip Stojkovski and Dylan Williams to dive into AI, Agentic AI, and the intersection with cybersecurity, specifically Security Operations (SecOps). I’ve been following Filip and Dylan for a bit via LinkedIn and really impressed with their perspective on AI and its intersection with Cyber, especially SecOps. We dove into that in this episode including: What exactly Agentic AI and AI Agents are, and how they work What a Blueprint for AI Agents in Cybersecurity may look like, using their example in their blog with the same title The role of multi-agentic architectures, potential patterns, and examples such as Triage Agents, Threat Hunting Agents, and Response Agents and how they may work in unison The potential threats to AI Agents and Agentic AI architectures, including longstanding challenges such as Identity and Access Management (IAM), Least-Permissive Access Control, Exploitation, and Lateral Movement The current state of adoption across enterprises and the startup landscape and key considerations for CISO’s and security leaders looking to potentially leverage Agentic SecOps products and offerings…
R
Resilient Cyber
1 Resilient Cyber w/ Walter Haydock - Implementing AI Governance 28:31
28:31 Play Later Play Later Lists Like Liked28:31
Play Later Play Later Lists Like LikedIn this episode, we sit down with StackAware Founder and AI Governance Expert Walter Haydock. Walter specializes in helping companies navigate AI governance and security certifications, frameworks, and risks. We will dive into key frameworks, risks, lessons learned from working directly with organizations on AI Governance, and more. We discussed Walter’s pivot with his company StackAware from AppSec and Supply Chain to a focus on AI Governance and from a product-based approach to a services-oriented offering and what that entails. Walter has been actively helping organizations with AI Governance, including helping them meet emerging and newly formed standards such as ISO 42001. Walter provides field notes, lessons learned and some of the most commonly encountered pain points organizations have around AI Governance. Organizations have a ton of AI Governance and Security resources to rally around, from OWASP, Cloud Security Alliance, NIST, and more. Walter discusses how he recommends organizations get started and where. The U.S. and EU have taken drastically different approaches to AI and Cybersecurity, from the EU AI Act, U.S. Cyber EO, Product Liability, and more. We discuss some of the pros and cons of each and why the U.S.’s more relaxed approach may contribute to economic growth, while the EU’s approach to being a regulatory superpower may impede their economic growth. Walter lays our key credentials practitioners can explore to demonstrate expertise in AI security, including the IAPP AI Governance credential, which he recently took himself. You can find our more about Walter Haydock by following him on LinkedIn where he shares a lot of great AI Governance and Security insights, as well as his company website www.stackaware.com…
R
Resilient Cyber
1 Resilient Cyber w/ Jim Dempsey - Navigating the Cyber Regulatory Landscape 56:54
56:54 Play Later Play Later Lists Like Liked56:54
Play Later Play Later Lists Like LikedIn this episode, we sit with the return guest, Jim Dempsey. Jim is the Managing Director of the Cybersecurity Law Center at IAPP, Senior Policy Advisory at Stanford, and Lecturer at UC Berkeley. We will discuss the complex cyber regulatory landscape, where it stands now, and implications for the future based on the recent U.S. Presidential election outcome. We dove into a lot of topics including: The potential impact of the latest U.S. Presidential election, including the fact that while there are parallels between Trump’s first term and Joe Biden’s, there are also key differences. We’re likely to see a deregulatory approach related to commercial industry and consumer tech but much more alignment and firm stances related to cyber and national security. The future of efforts around Software Liability and Safe Harbor Contrasted differences between the EU’s tech regulatory efforts and the U.S. The U.S. has taken a much more voluntary approach. While Jim is an advocate of regulation and thinks it is needed, he simply cannot get behind the heavy-handed approach of the EU and suspects it will continue to widen the tech gap between the U.S. and the EU. What is the potential for regulatory harmonization and the challenges due to the unique aspects of each industry, vertical, data types, and more. Jim leads the recently formed IAPP Cybersecurity Law Center He is also the author of the book Cybersecurity Law Fundamentals, Second Edition .…
R
Resilient Cyber
1 Resilient Cyber w/ Tyler Shields and James Berthoty - Is "Shift Left" Losing its Shine? 25:12
25:12 Play Later Play Later Lists Like Liked25:12
Play Later Play Later Lists Like LikedIn this episode of Resilient Cyber I will be chatting with industry leaders Tyler Shields and James Berthoty on the topic of "Shift Left". This includes the origins and early days of the shift left movement, as well as some of the current challenges, complaints and if the shift left movement is losing its shine. We dive into a lot of topics such as: Tyler and Jame’s high-level thoughts on shift left and where it may have went wrong or run into challenges Tyler’s thoughts on the evolution of shift left over the last several decades from some of his early Pen Testing roles and working with early legacy applications before the age of Cloud, DevOps and Microservices James’ perspective, having started in Cyber in the age of Cloud and how his entire career has come at shift left from a bit of a different perspective The role that Vendors, VC’s and products play and why the industry only seems to come at this from the tool perspective Where we think the industry is headed with similar efforts such as Secure-by-Design/Default and its potential as well as possible challenges…
R
Resilient Cyber
1 Resilient Cyber w/ Shyam Sankar - The Primacy of Digital Dominance 34:03
34:03 Play Later Play Later Lists Like Liked34:03
Play Later Play Later Lists Like LikedIn this episode we sit down Shyam Sankar, Chief Technology Officer (CTO) of Palantir Technologies. We will dive into a wide range of topics, from cyber regulation, software liability, navigating Federal/Defense cyber compliance and the need for digital defense of the modern national security ecosystem. - First off, for those unfamiliar with you and your background, can you tell us a bit about yourself, as well as Palantir? You're a big proponent on the role that software plays now, and will play in the future when it comes the fifth domain of warfare, cybersecurity, so let's give into some of those topics. - I know you've voiced some strong opinions on the role of cyber insurance and also compliance when it comes to its static nature, compared to the dynamic activity of malicious actors and the threat landscape. Can you expand on that? - You and I also chatted about the fact that most cyber issues tie back to hygiene, and that there are no silver bullets. Do you feel like this gets lost among the marketing hype of cyber? - I know you've talked about externalizing some of Palantir's software infrastructure to enable more companies with security infrastructure and toolchains. Can you tell us about some of those capabilities? - The enablement of more companies is key, as you know the DIB has seen massive consolidation in the past decade or more, largely with the small handful of players dominating the lions share of the work in the DoD. This arguably poses systemic concentrated risks, as well as doesn't give access for the DoD to commercial innovation. You called the DoD's most powerful ally America's commerical tech sector in a recent piece. We know that times have changed, and unlike eras of the past, most digital innovation comes from the commercial space, but DoD tends to have a not built here syndrome, no doubt driven by incumbents, incentives, fiefdom building and more. What do you think the national security risks of this are? - Given you've been around DoD for some time, you've no doubt been exposed to processes like ATO's and RMF and more. What are your thoughts on the current state of compliance in the DoD and how it could potentially hinder access to commercial innovation?…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Similar to Resilient Cyber
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We help founders make something people want.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
