Brilliance Security Magazine Podcast

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with John Sobczak, founder and CEO of NXT1, to explore how software development teams can accelerate time to market without compromising on security or compliance. John shares how his career shaped the vision behind NXT1 and discusses the structural pitfalls that often delay or derail promising SaaS startups. This engaging conversation is packed with actionable insights for developers, founders, and investors navigating the complex intersection of speed, scale, and security.SummaryJohn Sobczak brings decades of experience in enterprise technology and government cybersecurity to this discussion, offering a compelling argument for embedding security from the very first line of code. He outlines how modern SaaS development is hampered by excessive cognitive load on developers, who are often forced to juggle core product development with complex compliance frameworks. This leads to delays, technical debt, and avoidable risk.NXT1’s solution is LaunchIT, a turnkey platform designed to provide secure, compliant infrastructure out of the box. Sobczak explains how inheritance—not just guardrails—makes the difference. By giving developers access to hardened, policy-aligned environments that meet standards like SOC 2, HIPAA, and FedRAMP, NXT1 dramatically shortens the path from idea to revenue. This also reduces founder and investor risk while increasing the cost for adversaries targeting early-stage SaaS companies.Throughout the episode, Sobczak emphasizes the importance of building with scale and regulation in mind—even if those market demands aren’t immediate. He notes that most early-stage teams wait too long to consider security, mistakenly treating compliance as a checklist to be addressed after product development. Instead, NXT1 aims to "meet customers where they are," helping both startups and more mature companies seamlessly scale into new verticals like healthcare and public sector without rebuilding from scratch.He also touches on the cultural shifts required in development organizations: making security everyone’s responsibility, automating infrastructure to reduce human error, and resisting the temptation to reinvent the wheel when platforms already exist that can shoulder much of the compliance burden.Whether you're an entrepreneur launching a new SaaS product or a development leader in a growth-stage company, this episode is a must-listen for those looking to secure their software—and their future—from the ground up.

What if the world’s most trusted cryptographic systems could be broken in just minutes instead of centuries? In this thought-provoking episode of the Brilliance Security Magazine Podcast, David Close, Chief Solutions Architect at Futurex, joins host Steven Bowcut to discuss the very real—and rapidly accelerating—threat that quantum computing poses to modern encryption. With quantum advancements progressing faster than many expected, Close explains why organizations need to act now to safeguard long-term data, and how hybrid and agile cryptographic systems are the key to staying ahead.SummaryDavid Close opens the conversation by tracing his own journey from embedded firmware engineering to his current role leading cryptographic innovation at Futurex. He shares how his work with Hardware Security Modules (HSMs)—specialized devices that securely manage encryption keys—laid the groundwork for Futurex’s leadership in enterprise-grade encryption.The core of the episode centers on the quantum computing threat to current encryption standards like RSA and elliptic curve cryptography. David breaks down the technical implications in accessible terms: quantum computers can solve problems exponentially faster than classical computers, meaning encryption methods that would take millennia to break with today’s machines might be cracked in minutes by quantum processors.A key highlight is the concept of “Harvest Now, Decrypt Later”—a tactic where attackers steal encrypted data today, intending to decrypt it once quantum technology matures. David emphasizes that this threat is not futuristic; it’s already underway, with critical long-life data like medical records, financial information, and government secrets at risk.David outlines how Futurex and other leading organizations are proactively adapting. For example, Google and Cloudflare have already implemented hybrid cryptography using both classical and quantum-safe algorithms. Futurex is doing the same across its suite of HSMs and key management solutions, supporting new standards ratified by NIST (including Kyber and Dilithium) and enabling “crypto agility”—the ability to quickly adopt new encryption standards without overhauling infrastructure.He also shares how Futurex is helping clients through cryptographic discovery, which allows organizations to identify where and how cryptography is being used across their environments. This step is essential for prioritizing risk areas and laying a foundation for a secure, phased migration to post-quantum cryptography.Finally, David stresses that while the quantum threat is real and imminent, organizations shouldn’t panic—but they must act now. The transition to post-quantum cryptography is already underway, and those who prepare today will be far more secure and resilient tomorrow.

In this episode of the Brilliance Security Magazine Podcast, we sit down with Matt Stern, Chief Security Officer at Hypori, to discuss how organizations can move beyond outdated mobile device management strategies and adopt a zero-trust approach to the future. Stern shares compelling insights from his extensive experience in both military and federal cybersecurity, highlighting why traditional BYOD approaches—like MDM and MAM—are no longer adequate. If you're a CISO, IT leader, or just curious about secure mobile innovation, this is a conversation you don’t want to miss.SummaryThe episode begins with Matt Stern’s journey from Army Ranger to cybersecurity executive. He discusses how his experience leading large-scale cyber operations, including the U.S. Army CERT and the EINSTEIN national cybersecurity system, shaped his threat-centric approach to enterprise security.The conversation then turns to the evolving BYOD (Bring Your Own Device) landscape. Stern highlights the risks posed by traditional mobile device management (MDM) and mobile application management (MAM) solutions—such as increased attack surface, privacy concerns, and inadequate control over unmanaged personal devices. He also touches on regulatory challenges like the “No TikTok Law,” which bans certain apps on government-affiliated devices due to data exposure risks.Stern explains how Hypori addresses these issues with its Virtual Mobile Infrastructure (VMI), which keeps all data and compute operations off the user’s device. Hypori streams pixels only—meaning no data is stored or processed locally—eliminating risks associated with compromised devices. He walks listeners through Hypori’s layered authentication system and robust security architecture, which enables secure operation from any personal device without compromising user privacy.The show concludes with a discussion on cost savings and operational efficiency. Stern notes that the Department of Defense already uses over 70,000 Hypori licenses and highlights how organizations can achieve significant savings—up to 42%—by eliminating the need to purchase and manage government-furnished equipment (GFE). His advice to IT leaders: assess your current BYOD risks, examine the real-world behaviors of your workforce, and consider whether legacy models are hindering your security posture.

In Episode S7E8, Steven welcomes Arvind Parthasarathi, founder and CEO of CYGNVS, to discuss reinventing cyber incident readiness and response collaboration. Arvind shares his background in analytics and cybersecurity, explaining how CYGNVS was created to address the chaos organizations face during major cyber incidents. The conversation covers the importance of comprehensive preparation for cyber incidents, the benefits of CYGNVS’s incident response platform, and the company’s approach to preparing, practicing, responding to, and reporting on cyber crises.

In Episode S7E7, Steven welcomes Glenn Day, CEO of NVISIONx, to discuss data risk intelligence and emerging threats in the age of AI and complex data environments. Glenn shares insights on data governance, the importance of proper data organization for AI adoption, and how NVISIONx helps organizations manage and purge data responsibly. The conversation underscores the significance of intelligent data classification in cybersecurity and the need for collaborative data governance across departments to achieve enhanced protection, compliance, and a competitive edge through AI models.

In Episode S7E6 of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with Dmitri Vellikok, VP of Embedded Security at F-Secure, to discuss F-Secure’s newly launched Scam Kill Chain Framework and explore critical insights into how cybercriminals select and exploit their targets.The Inspiration Behind Scam Kill ChainDmitri shares his 20+ year journey in cybersecurity, from his early fascination with web-based hacking to his extensive experience with F-Secure, highlighting what motivates him to continue tackling cyber threats. He explains the inspiration behind the Scam Kill Chain Framework, a groundbreaking approach designed to close gaps in existing cybersecurity strategies, providing better protection for both businesses and consumers.Exploring the Scam Kill Chain FrameworkThe discussion delves deep into each stage of the Scam Kill Chain, from initial reconnaissance and infrastructure setup to lateral movement and eventual monetization. Dmitri emphasizes that timely intervention, especially during initial contact attempts by scammers, is critical for effective defense.Dispelling Misconceptions About Cyber ScamsListeners gain valuable insights into common misconceptions around scams, understanding the psychology of cybercriminals, and why attacks, although widespread, aren't typically personal but rather opportunistic and scaled. Dmitri also addresses emerging cybersecurity threats associated with connected IoT devices and AI-based systems, emphasizing the need for updated software and proactive threat detection.AI’s Role in Threat DetectionThe role of artificial intelligence and machine learning in identifying and preventing cyber threats within the Scam Kill Chain Framework is explored, providing practical guidance for security professionals interested in integrating this approach into their practices.Future Cybersecurity Challenges and PreparationFinally, Dmitri shares forward-looking perspectives on evolving threats and how F-Secure is proactively preparing to stay ahead of increasingly sophisticated cybercriminals. Don't miss this episode packed with actionable insights to enhance your cybersecurity strategies.

In Episode S7E5, host Steven Bowcut speaks with Ian Amit, CEO and Founder of Gomboc AI. The conversation covers various aspects of Gomboc AI and its approach to computer science and cybersecurity. Ian shares his practical problem-solving philosophy and insights into the evolving landscape of cybersecurity, highlighting the impact of generative AI and the inefficiencies in traditional cloud security and DevOps processes. They discuss the complexities of cloud security, including risks from misconfigurations and shadow IT, and outline Gomboc AI's deterministic approach to AI, which relies on provider documentation to deliver precise solutions while maintaining human oversight. Finally, Ian emphasizes the future direction of Gomboc AI, advocating for improved DevSecOps practices and the integration of infrastructure as code and GitOps methodologies.

In Episode S7E4,David Matalon, CEO and Founder ofVenn, joins Steven Bowcut to explore the evolving landscape of remote work security and the challenges of traditional Virtual Desktop Infrastructure (VDI). David shares insights into how financial services and other industries have struggled with data security, compliance, and usability in a BYOD-driven world, and how Venn’sSecure Enclave and Blue Border technology provide a more seamless, secure alternative. They also discuss the importance ofwork+life integration over balance, how Venn’s approach enhances remote productivity without sacrificing security, and the lessons learned from scaling a cybersecurity business. The conversation delves into thefuture of BYOD, its growing strategic importance in hybrid workforces, and how Venn is shaping the future of secure remote access by integrating with existing applications and infrastructure. David also shares his vision for thenext phase of remote work, where BYOD becomes the standard rather than the exception.

In Episode S7E3, the discussion features Marko Simenov, CEO of Plainsea, who talks about the company's innovative augmented penetration testing platform. Marko explains the origins of Plainsea, its unique features, and its benefits to both pen-testing companies and their clients, including time and cost savings, continuous testing capabilities, and improved efficiency. The conversation also covers Plainsea's integration with various industries, compliance requirements, and other cybersecurity software, as well as its potential for future development based on user feedback and market demands.

Edward Wu, Founder and CEO of Dropzone AI, shares his expertise on leveraging AI in cyber defense. He discusses how AI can enhance human security teams, illustrated through a case study of a tech startup with fewer engineers. Wu introduces 'agentic AI,' capable of autonomous complex task performance, emphasizing its adaptability to meet organizational needs. The conversation also tackles ethical concerns in AI, particularly around data usage, urging responsible practices to safeguard privacy while boosting productivity in cybersecurity.