ITSPmagazine

In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn’t just about skills—it’s about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you’re protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity’s biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSamanda finch, sean martin, marco ciappelli, cybersecurity, diversity, leadership, career, smallbusiness, community, education, infosecurity europe, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dr. Jason Nurse, academic and cybersecurity behavior researcher, joins Marco Ciappelli at Infosecurity Europe to unpack the shift in cybersecurity thinking—away from purely technical measures and toward a deeper understanding of human behavior and psychology. Nurse focuses his work on why people act the way they do when it comes to security decisions, and how culture, community, and workplace influences shape those actions.Behavior is increasingly taking center stage in security conversations, and for good reason. Nurse points to recent attacks that succeed not because of flaws in technology but due to the manipulation of individuals—such as social engineering tactics that target help desk personnel. These incidents highlight how behavioral cues and psychological triggers are weaponized, making it critical for organizations to address not just systems, but the people using them.The conversation then shifts to artificial intelligence, particularly the growing issue of “shadow AI” in corporate settings. Nurse cites research from the National Cybersecurity Alliance’s Behavior Report, revealing that approximately 40% of employees who use AI admit to sharing sensitive corporate information with these tools—often without their employer’s awareness. Even more concerning, over half of those organizations offer no training on safe or responsible AI use.Rather than banning AI outright, Nurse advocates for responsible use grounded in training and transparency. He acknowledges that some companies attempt to enforce boundaries by deploying internal AI systems, but these are often limited in capability. Others are exploring solutions to filter or sanitize inputs, though achieving a practical balance remains elusive.The conversation also touches on the emotional and psychological bonds forming between individuals and AI. Nurse notes that users increasingly treat AI like a companion, trusting it with personal information and seeking advice, even in sensitive contexts such as mental health. That trust, while understandable, opens new avenues for misuse and misjudgment—especially when users forget AI lacks genuine understanding.This episode prompts an important question: as AI becomes part of our daily routines, how do we maintain control, context, and caution in our interactions with it—and what does that mean for the future of security?___________Guest: Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSmarco ciappelli, jason nurse, infosecurity europe, behavior, psychology, cybersecurity, ai, social engineering, workplace, trust, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don’t always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don’t-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what’s relevant to their specific networks and business-critical systems.The conversation also explores SSVC’s ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.That’s where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they’re buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.Whether you’re tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today’s and Tomorrow’s Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.___________Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSsean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today’s and Tomorrow’s Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.___________Guest: Geoff White, Author, Speaker, Investigative Journalist, Podcast Creator | https://www.linkedin.com/in/geoffwhitetech/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSmarco ciappelli, sean martin, geoff white, cybersecurity, ransomware, laundering, crypto, hacking, journalism, infosec europe, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cybersecurity isn’t just about code, controls, or compliance—it’s about people. That’s the core message from Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems, and Rob Black, founder of the UK Cyber Leaders Challenge, as they share how genuine collaboration is reshaping security success in high-stakes environments.In this InfoSecurity Europe conversation, Purvi emphasizes that cybersecurity is still too often seen as an IT issue, when in reality it cuts across every aspect of business. Her role spans cybersecurity strategy, leadership development, and advocacy—serving also as Chair of BAE’s Women in Cyber program and as a neurodiversity champion. For her, inclusion is more than a policy—it’s essential to mission success, especially when coordinating across trilateral government and industry teams on programs as complex as next-gen fighter aircraft.Rob reinforces this point with his focus on developing soft skills in future cybersecurity leaders. His work brings non-traditional talent into cyber, prioritizing communication, empathy, and multidisciplinary collaboration. These human-centric capabilities are crucial when bridging divides between security, legal, HR, and operations.Both guests highlight how assumptions, language, and siloed thinking obstruct progress. Purvi shares how cybersecurity has often been seen as a barrier—brought in too late, misunderstood, or left out of key decisions. She now champions “secure by design” practices through early involvement of cross-functional teams. Rob brings a memorable example: using marriage counseling techniques to help auditors and developers understand each other better—not to resolve personal conflict, but to decode cultural and professional misalignments.Their conversation also touches on practical methods for building shared understanding, from sketching “river journeys” to map project dynamics, to fostering stakeholder buy-in through intentional communication. Whether aligning three governments or managing internal procurement, they show that collaboration isn’t just a buzzword—it’s a structured, repeatable approach to managing complexity.This episode offers a thoughtful and grounded look at how meaningful human connection—across functions, cultures, and roles—forms the foundation of effective cybersecurity. It’s a timely reminder that the path to resilience begins with listening, empathy, and a clear sense of shared purpose.___________Guests:Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems | https://www.linkedin.com/in/purvikay/Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSsean martin, rob black, purvi kay, cybersecurity, collaboration, communication, leadership, diversity, empathy, infosecurity europe, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Sometimes, the best conversations happen when there’s no agenda. This is one of those moments. With London as the backdrop — its history, energy, and unpredictable charm — Sean and I sat on the grass in Hyde Park and hit record. No script, no plan. Just two friends talking about music, memories, meditation, and why we still believe in experiencing things without a phone between us and reality.From yoga poses on park benches to tales of Clapton at Royal Albert Hall and an upcoming Oasis reunion in Cardiff (yes, really), this is a meandering mix of thoughts and stories — like walking down Portobello Road not knowing what you’ll find. We touch on the lost art of being present, why live music changes everything, and how the UK’s cultural influence shaped our creative paths.Sure, we dip into punk, rock, film, and a few philosophical musings about why Florence isn’t featured more in books and movies — but it’s all under one theme: reconnecting with the world around us. It’s a conversation that could only happen in a place like London — rich with culture, memories, and endless possibility.If you’re tired of content that’s too polished, too planned, or too promotional… this episode is a breath of fresh (sometimes damp) British air.⸻Hashtags:#storytelling, #london, #musiclovers, #meditation, #unscripted, #podcastlife, #travelstories, #creativelife, #liveinthemoment, #punkrockNew episodes drop when they drop. Expect the unexpected.Hosts links:📌 Marco Ciappelli: https://www.marcociappelli.com📌 Sean Martin: https://www.seanmartin.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Maria Mora, Staff Application Security Engineer and active OWASP lifetime member, shares how her experience at the OWASP AppSec Global conference in Barcelona has reaffirmed the power of community in security. While many attendees chase back-to-back talks and technical training, Maria highlights something often overlooked—connection. Whether at the member lounge ping-pong table, during late-night beach meetups, or over keynote reflections, it’s the relationships and shared purpose that make this event resonate.Maria emphasizes how her own journey into OWASP began with uncertainty but evolved into a meaningful path of participation. Through volunteering, serving on the events committee, and mentoring others, she has expanded not only her technical toolkit but also her ability to collaborate and communicate—skills she notes are essential in InfoSec but rarely prioritized. By stepping into the OWASP community, she’s learned that you don’t need decades of experience to contribute—just a willingness to start.Keynotes and sessions this year reinforced a similar message: security isn’t just about hard skills. It’s about bridging academia and industry, engaging first-time attendees, and creating welcoming spaces where no one feels like an outsider. Talks like Sarah Jané’s encouraged attendees to find their own ways to give back, whether by submitting to the call for papers, helping with logistics, or simply sparking hallway conversations.Maria also points to how OWASP structures participation to make it accessible. Through demo rooms, project hubs, and informal lounge chats, attendees find ways to contribute to global initiatives like the OWASP Top 10 or volunteer-led trainings. Whether it’s your first conference or your tenth, there’s always room to jump in.For Maria, OWASP no longer feels like a secret club—it’s a growing, open collective focused on helping people bring their best selves to security. That’s the power of community: not just lifting up software, but lifting up each other.And for those thinking of taking the next step, Maria reminds us that the call for papers for OWASP DC is open through June 24th. As she puts it, “We all have something valuable to share—sometimes you just need the nudge to start.”GUEST: Maria Mora | Staff Application Security Engineer and OWASP events committee member | https://www.linkedin.com/in/riamaria/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dustin Hillard, Chief Technology Officer at eSentire, leverages over 15 years of AI and machine learning experience to tackle cybersecurity challenges. He shares insights on using agentic AI not just for hype but to truly enhance human workflows in security operations. Hillard emphasizes the importance of early intrusion containment, automation's role in empowering analysts, and the vital need for trust and transparency when adopting AI solutions. His team's aim is clear: judge AI by its ability to prevent damage, not just by its novelty.

Wojciech Dworakowski, OWASP Poland Board Member and Managing Partner at SecuRing, dives into the vulnerabilities of mobile banking apps, highlighting their risks due to reliance on smartphones for transaction authorization. He shares insights on how attack strategies have evolved from simply stealing cards to sophisticated account takeovers. Wojciech advocates for a multi-layered security approach, emphasizing enhanced device fingerprinting and shared interbank databases as solutions to bolster security without sacrificing user experience.