Steve Bowcut's guest for episode S4E20 is Matt Polak. Matt is the CEO and Founder of Picnic Corporation. Picnic is a cybersecurity firm providing enterprise-wide protection from social engineering. The topic for this episode is The Role of OSINT in Social Engineering and How to Manage Your Human Attack Surface. Matt explains the role of social engineering in today's cyber attacks and talks about why it is so successful. Drawing on his vast experience, he shares what information hackers look for as they plan for an attack and how organizations can use OSINT to protect their people and systems. About our Guest Matt Polak is a subject matter expert in intelligence collection, having spent his career applying these skills to intractable growth and competitive strategy challenges for Fortune 500 customers. Matt's extensive experience and expertise in human intelligence inspired Picnic's creation to protect people from open-source intelligence gathering by hackers. Be sure to listen and learn how to manage and reduce your human attack surface.

Our guest for Episode S4E19 is Dr. Carmit Yadin, the Founder & CEO at DeviceTotal—the industry’s first universal repository platform providing security data for devices enabling companies to assess current risks that deployed devices post and potential future risks arising from adding new devices to their networks. The topic for this fun and informative conversation is how you can automatically identify the security posture of your devices. Dr. Yadin explains how the ever-increasing number of connected devices creates a challenge for organizations trying to assess their security posture. She delves into the need for context to understand risk and identifies how organizations can “automatically” identify risks associated with their devices. About our Guest Dr. Carmit Yadin is a renowned leader, researcher, author, and speaker with extensive business and technical skills in cybersecurity and intelligence. As a cyber expert and business development specialist in this highly demanding sector, her intellectual knowledge and understanding of the cyber world enable her to stand out in a globally competitive market. After serving in an elite Israel Defense Forces unit for cyber intelligence, she spent the last decade working with leading high-tech companies in the cyber industry. Tune in to learn how you can prioritize response using contextual risk and take proactive steps with sound security recommendations

In Episode S4E18, Thomas Pore, the Senior Director of Product for LiveAction—a leader in network security and performance visibility—talks with Steven Bowcut about some of the benefits of AI-driven anomaly detection and predictive threat intelligence. In this podcast, you'll learn how LiveAction's AI-driven anomaly detection and predictive threat intelligence can help you detect and prevent security incidents before they happen. Tom discusses the primary advantages these two technologies bring to the SOC; then, the conversation turns to how LiveActions' ThreatEye integrates with SIEM, SOAR, and threat intelligence tools. About our Guest As the Senior Director of Product for LiveAction, Thomas Pore leads strategic product marketing, partnering with product management and customers to better protect organizations from events impacting network and application performance and security. He is a technical evangelist in network security and performance. For almost 20 years, Thomas has held several positions at LiveAction, including network monitoring and security advisor. He also led strategic sales engineering and post-sale technical teams over his career. Listen to learn more about the benefits of using AI-driven anomaly detection and predictive threat intelligence in your cybersecurity strategy.

In Episode S4E17, Frederick Hirsch, an independent consultant and a co-author of the IoT Security Maturity Model (SMM) Practitioner’s Guide, speaks with the host, Steve Bowcut, about the SMM profile for Digital Twins.  Frederick explains digital twins and gives some practical examples of how they are used. Steve and Frederick explore some of the security issues related to digital twins, including how they can help solve complex security challenges. Frederick provides an excellent overview of the purpose of the IoT Security Maturity Model (SMM) Practitioner's Guide, the SMM Digital Twin Profile, and SMM mappings.  Resources Mentioned A page with links to the various SMM documents and other resources: https://www.iiconsortium.org/smm/ A brochure summarizing OMG organization and its consortia: https://www.omg.org/memberservices/OMG-brochure.pdf About our Guest Frederick Hirsch is an independent consultant. He is a co-author of the IoT Security Maturity Model (SMM) Practitioner’s Guide, the SMM Digital Twin Profile, the Retail Profile, and the SMM 62443 Mappings. He is co-chair of the joint ISA IIC Contributing group as well as the SMM Mining Profile team. In addition to his SMM work, Frederick is also a co-chair of the IIC Trustworthiness Task Group. He co-authored the IIC Trustworthiness Framework Foundations document and has written papers on Trustworthiness for the IIC Journal of Innovation. He is also a co-author of the IIC Industrial Internet of Things Security Framework. Don't miss this informative overview of the IoT Security Maturity Model Practitioner’s Guide and the SMM Digital Twin Profile.

In Episode S4E16, our guest is Abhay Bhargav, the Founder of we45 — a focused Application Security Company, and the Chief Research Officer of AppSecEngineer — an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security, and DevSecOps. The topic Steve Bowcut and Abhay discuss is The Application Security Skills Gap. Abhay gives an informative view of the scope of the skills gap for application security and explains why he thinks the shortage of skilled security professionals is occurring. Steve and Abhay discuss the skills gap's impact on organizations and what they can do to solve this issue.  About our Guest Abhay started his career as a breaker of apps in pen testing and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps. He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. Abhay is active in the research of new technologies and their impact on Application Security, specifically Cloud-Native Security. He is the architect of a leading Vulnerability Management and Correlation Product, Orchestron, from we45. He is a speaker and trainer at major industry events and has authored two international publications on Java Security and PCI Compliance. Don't miss this insightful look into the application security skills gap.

In Episode S4E15, Steve Bowcut talks about encrypted collaboration with István Lám, the co-founder and CEO at Tresorit—a global leader in cloud encryption. István explains why staying in control of your data is important when collaborating with others and shares how Tresorit’s end-to-end encryption technology protects email and documents. He discusses Tresorit's idea of Zero Knowledge and why it's important.  About our Guest István Lám is a cryptographer, computer scientist, entrepreneur, and Tresorit’s co-founder and CEO. István earned his MSc degree with top honors at the Budapest University of Technology and Economics. As a researcher, he worked on cryptographic key sharing and distributed systems. While still at university, István co-founded Tresorit. Today, Tresorit provides end-to-end encrypted collaboration and file-syncing tools for more than 10,000 businesses globally. Be sure to listen to learn more about how to collaborate safely and protect your privacy.

In Episode S4E14, Steve Bowcut talks about Zero Trust Network Access with two well-informed guests. On the show are two executives from the cybersecurity firm Syxsense, Mark Reed, CTO, and Dave Taylor, CMO. The term Zero Trust is sometimes misapplied or misunderstood in the security industry, so our guests thoroughly describe what the term means and how they use it in their business. Mark and Dave explain the role of a zero trust strategy in today’s endpoint protection and what it takes to be successful at zero trust, then talk about some of the challenges organizations face when implementing a Zero Trust strategy. Steve gets them to elaborate on how the new module recently announced by Syxsense enables endpoint compliance with Zero Trust Network Access policies. About Our Guests Mark Reed is a highly energized Software Developer and the CTO of Syxsense. He began his career as a Technical Support Manager at Intel before moving into a role as a Deployment Engineer, traveling to companies all over the world to help with new software infrastructure and implementation. Eventually, he worked his way up to a leadership role and now manages a team of software engineers while helping to push forward new innovations and being involved in all aspects of product development - from backend database design, web services, user interfaces, and client/server/cloud communications. Mark loves to travel, extreme sports and fitness, and spending time with his wife and four sons. He lives in Salt Lake City, Utah. Dave Taylor is a successful tech entrepreneur with five exits under his belt. Having started his career as a Product Manager at Intel Corporation, Dave has now run marketing as CMO at seven successive companies. He has always focused on demand generation - working closely with sales teams to hit revenue growth targets. Dave counts the recruitment and retention of amazingly high-performing marketing teams as his top skill. Born and raised in Boston, Dave has lived in the UK, South Africa, the Middle East, and all over the US, and he now resides in Utah and Montana. Be sure to listen in to learn more about the current state of zero trust network access.

In Episode S4E13, our guest is Tom Reilly, the President of Commend Americas. This discussion focuses on Unified Communications Solutions. We talk about what they are, how organizations use them, and what providers of these solutions should be doing to protect the networks they reside on and the data they have a stewardship to protect. The host, Steve Bowcut, asks Tom to explain the cybersecurity protocols solution providers should use to protect infrastructure and data. Tom elaborates on Commend America's "privacy and security by design" process and the international compliance standards companies should adhere to. About our Guest As the President of Commend Americas, Tom leads a team focused on reinventing the use of unified communications solutions for safety, security, and operational efficiencies. Tom is a seasoned executive leader with more than 14 years of business development, operational strategy, and sales expertise. Prior to Commend, Tom spent ten years at Ernst & Young in increasingly senior strategy and management positions, providing insights and direction on modern technology and business transformations to help global organizations achieve sustained business results and ongoing innovation. He holds a Bachelor of Science in Management from Binghamton University. Listen to this week’s episode to learn more about Unified Communications Solutions.

In Episode S4E12, our guest is Jim Nitterauer, Director of Information Security at Graylog. In a fun and informative conversation, BSM's Steve Bowcut and Jim discuss how organizations can move cybersecurity from a cost center to a revenue enabler.  Steve asks Jim to: Discuss some of the costs organizations face trying to protect their systems, infrastructure, and data. Explain why security isn't typically viewed as a revenue enabler like other software costs often are. Tell us why and how security can increase revenue. Talk specifically about the costs that log management can reduce or eliminate. About our Guest Jim Nitterauer and his teams are responsible for IT Services, Security, and Compliance across the Graylog organization. He holds CISSP and CISM certifications in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology from the University of Alabama. He is well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 25 years. Listen to this week's episode to learn more about how security can enable revenue.

In Episode S4E11, our guest is Ray Steen, Chief Strategy Officer of the IT managed services firm, MainSpring. In a fascinating and informative discussion, BSM's Steve Bowcut and Ray talk about: The common vulnerabilities threat actors exploit to launch a ransomware attack. The relationship between the size of a business and the likelihood it will be a victim of Ransomware. What small businesses and SMBs can do to protect against a ransomware attack, and what should they do if they are victimized. How MSSPs can assist their clients before and after an attack. About our Guest Ray Steen is the CSO of DC-Metro-based IT managed security services firm, MainSpring. Ray has more than 20 years of experience in strategy, consulting, and communications. At MainSpring, he oversees high-level consulting with new and existing clients, professional services engagements, and strategic partnerships. Don't miss this informative discussion about Ransomware.