ITSPmagazine

Small and medium-sized enterprises (SMEs) continue to be at a disadvantage when it comes to cybersecurity—not because the risks are unclear, but because the means to address them remain out of reach for many. In this episode, Professor Steven Furnell of the University of Nottingham highlights the real barriers SMEs face and shares the thinking behind a new approach: creating cybersecurity communities of support.The research behind this project, supported by the University and its partners, explores how different types of SMEs—micro, small, and medium-sized—struggle with limited time, budget, and expertise. Many rely on third-party service providers, but often don’t have enough cybersecurity knowledge to evaluate what “good” looks like. It’s not just a resource problem—it’s a visibility and literacy problem.Furnell emphasizes the potential of automation to lift some of the burden, from automated updates to scheduled malware scans. But he also makes it clear that automated tools can’t fully replace the need for human judgment, especially in scenarios like phishing or social engineering attacks. People still need cybersecurity literacy to recognize and resist threats.That’s where the idea of communities of support comes in. Rather than each SME navigating cybersecurity alone, the goal is to create local or sector-based communities where businesses and cybersecurity practitioners can engage in open, non-commercial conversations. These communities would offer SMEs a space to ask questions, share challenges, and exchange practical advice—without pressure, cost, or fear of judgment.The initiative isn’t about replacing regulation or mandating compliance. It’s about raising the baseline first. Communities of support can serve as a step toward greater awareness and capability—something that’s especially critical in a world where supply chains are interconnected, and security failures in one small link can ripple outward.The message is clear: cybersecurity isn’t just a technical issue—it’s a social one. And it starts by creating room for dialogue, connection, and shared responsibility. Want to know what this model could look like in your community? Tune in to find out.__________________________________Guest: Steven Furnell | Professor of Cyber Security at University of Nottinghamhttps://www.linkedin.com/in/stevenfurnell/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Future Is a Place We Visit, But Never StayMay 9, 2025A Post-RSAC 2025 Reflection on the Kinda Funny and Pretty Weird Ways Society, Technology, and Cybersecurity Intersect, Interact, and Often Simply Ignore Each Other.By Marco Ciappelli | Musing on Society and TechnologyHere we are — once again, back from RSAC. Back from the future. Or at least the version of the future that fits inside a conference badge, a branded tote bag, and a hotel bill that makes you wonder if your wallet just got hacked.San Francisco is still buzzing with innovation — or at least that’s what the hundreds of self-driving cars swarming the city would have you believe. It’s hard to feel like you’re floating into a Jetsons-style future when your shuttle ride is bouncing through potholes that feel more 1984 than 2049.I have to admit, there’s something oddly poetic about hosting a massive cybersecurity event in a city where most attendees would probably rather not be — and yet, here we are. Not for the scenery. Not for the affordability. But because, somehow, for a few intense days, this becomes the place where the future lives.And yes, it sometimes looks like a carnival. There are goats. There are puppies. There are LED-lit booths that could double as rave stages. Is this how cybersecurity sells the feeling of safety now? Warm fuzzies and swag you’ll never use? I’m not sure.But again: here we are.There’s a certain beauty in it. Even the ridiculous bits. Especially the ridiculous bits.Personally, I’m grateful for my press badge — it’s not just a backstage pass; it’s a magical talisman that wards off the pitch-slingers. The power of not having a budget is strong with this one.But let’s set aside the Frankensteins in the expo hall for a moment.Because underneath the spectacle — behind the snacks, the popcorns, the scanners and the sales demos — there is something deeply valuable happening. Something that matters to me. Something that has kept me coming back, year after year, not for the products but for the people. Not for the tech, but for the stories.What RSAC Conference gives us — what all good conferences give us — is a window. A quick glimpse through the curtain at what might be.And sometimes, if you’re lucky and paying attention, that glimpse stays with you long after the lights go down.We have quantum startups talking about cryptographic agility while schools are still banning phones. We have generative AI writing software — code that writes code — while lawmakers print bills that read like they were faxed in from 1992. We have cybersecurity vendors pitching zero trust to rooms full of people still clinging to the fantasy of perimeter defense — not just in networks, but in their thinking.We’re trying to build the future on top of a mindset that refuses to update.That’s the real threat. Not AI and quantum. Not ransomware. Not the next zero-day.It’s the human operating system. It hasn’t been patched in a while.And so I ask myself — what are these conferences for, really?Because yes, of course, they matter.Of course I believe in them — otherwise I wouldn’t be there, recording stories, chasing conversations, sharing a couch and a mic with whoever is bold enough to speak not just about how we fix things, but why we should care at all.But I’m also starting to believe that unless we do something more — unless we act on what we learn, build on what we imagine, challenge what we assume — these gatherings will become time capsules. Beautiful, well-produced, highly caffeinated, blinking, noisy time capsules.We don’t need more predictions. We need more decisions.One of the most compelling conversations I had wasn’t about tech at all. It was about behavior. Human behavior.Dr. Jason Nurse reminded us that most people are not just confused by cybersecurity — they’re afraid of it.They’re tired.They’re overwhelmed.And in their confusion, they become unpredictable. Vulnerable.Not because they don’t care — but because we haven’t built a system that makes it easy to care.That’s a design flaw.Elsewhere, I heard the term “AI security debt.” That one stayed with me.Because it’s not just technical debt anymore. It’s existential.We are creating systems that evolve faster than our ability to understand them — and we’re doing it with the same blind trust we used to install browser toolbars in the ‘90s.“Sure, it seems useful. Click accept.”We’ve never needed collective wisdom more than we do right now.And yet, most of what we build is designed for speed, not wisdom.So what do we do?We pause. We reflect. We resist the urge to just “move on” to the next conference, the next buzzword, the next promised fix.Because the real value of RSAC isn’t in the badge or the swag or the keynotes.It’s in the aftershock.It’s in what we carry forward, what we refuse to forget, what we dare to question even when the conference is over, the blinking booths vanish, the future packs up early, and the lanyards go into the drawer of forgotten epiphanies — right next to the stress balls, the branded socks and the beautiful prize that you didn't win.We’ll be in Barcelona soon. Then London. Then Vegas.We’ll gather again. We’ll talk again. But maybe — just maybe — we can start to shift the story.From visiting the future… To staying a while.Let’s build something we don’t want to walk away from. And now, ladies and gentlemen… the show is over.The lights dim, the music fades, and the future exits stage left...Until we meet again.—Marco ResourcesRead first newsletter about RSAC 2025 I wrote last week " Securing Our Future Without Leaving Half Our Minds in the Past" https://www.linkedin.com/pulse/securing-our-future-without-leaving-half-minds-past-marco-ciappelli-cry1c/🎙️ Explore Our Full RSAC 2025 Coverage on ITSPmagazine We would like to thank our full event coverage sponsors and look forward to our On Location conversationsMinimize imageEdit imageDelete imageThreatLocker: https://itspm.ag/threatlocker-r974Akamai Technologies: https://itspm.ag/akamailbwcBLACKCLOAK: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher Integrated Risk Management: https://itspm.ag/rsaarchwebISACA: https://itspm.ag/isaca-96808Object First: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868 ... and thank you to our event briefing partners, with whom we will also record On Location briefingsInfinidat: https://itspm.ag/infini3o5dCoalfire: https://itspm.ag/coalfire-yj4wManageEngine: https://itspm.ag/manageen-631623Detecteam: https://itspm.ag/detecteam-21686Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Qualys: https://itspm.ag/qualys-908446Corelight: https://itspm.ag/coreligh-954270Anomali: https://itspm.ag/anomali-bdz393 And ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:➤ Infosecurity Europe in London in June: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverage➤ OWASP® Foundation AppSec Global in Barcelona in May: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegas FOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGEhttps://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage Share this newsletter and invite anyone you think would enjoy it!As always, let's keep thinking!— Marco [https://www.marcociappelli.com]_________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When artificial intelligence can generate code, write tests, and even simulate threat models, how do we still ensure security? That’s the question John Sapp Jr. and Alex Kreilein examine in this energizing conversation about trust, risk management, and the future of application security.The conversation opens with a critical concern: not just how to adopt AI securely, but how to use it responsibly. Alex underscores the importance of asking a simple question often overlooked—why do you trust this output? That mindset, he argues, is fundamental to building responsible systems, especially when models are generating code or influencing decisions at scale.Their conversation surfaces an emerging gap between automation and assurance. AI tools promise speed and performance, but that speed introduces risk if teams are too quick to assume accuracy or ignore validation. John and Alex discuss this trust gap and how the zero trust mindset—so common in network security—must now apply to AI models and agents, too.They share a key concern: technical debt is back, this time in the form of “AI security debt”—risk accumulating faster than most teams can keep up with. But it’s not all gloom. They highlight real opportunities for security and development teams to reprioritize: moving away from chasing every CVE and toward higher-value work like architecture reviews and resiliency planning.The conversation then shifts to the foundation of true resilience. For Alex, resilience isn’t about perfection—it’s about recovery and response. He pushes for embedding threat modeling into unit testing, not just as an afterthought but as part of modern development. John emphasizes traceability and governance across the organization: ensuring the top understands what’s at stake at the bottom, and vice versa.One message is clear: context matters. CVSS scores, AI outputs, scanner alerts—all of it must be interpreted through the lens of business impact. That’s the art of security today.Ready to challenge your assumptions about secure AI and modern AppSec? This episode will make you question what you trust—and how you build.___________Guests: Alex Kreilein, Vice President of Product Security, Qualys | https://www.linkedin.com/in/alexkreilein/John Sapp Jr., Vice President, Information Security & CISO, Texas Mutual Insurance Company | https://www.linkedin.com/in/johnbsappjr/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesJP Morgan Chase Open Letter: An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliersLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSsean martin, phillip miller, rsac 2025, cybersecurity, ciso, startups, risk, marketplace, leadership, technology, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of On Location at RSAC Conference 2025, Phillip Miller—Chief Information Security Officer and founder of Corporal—offers a candid and practical look at the current realities of cybersecurity leadership, innovation ecosystems, and the business-first mindset required to drive effective security outcomes.With a unique background that blends enterprise cybersecurity leadership and hands-on work on his Virginia farm, Miller brings a grounded perspective to the CISO role. Over the past 18 months, he stepped away from a traditional enterprise seat to work directly with startups through his company, advising them on how to align their offerings with the real needs of security teams. His return to a full-time CISO position follows that immersive experience, giving him a renewed sense of what enterprise security leaders are missing when they close themselves off from emerging technology vendors.Shifting the Buying ConversationOne of Miller’s strongest messages is that buying decisions should start with the security team—not just the CISO. Too often, tools are purchased at the top and handed down without enough input from those who will actually use them. Miller stresses that founders who are selling into the enterprise need to solve real problems with real people—and CISOs should invite that dialogue rather than block it.He also encourages CISOs to think beyond the big names. While legacy providers are often the default, marketplace ecosystems (like AWS or GCP) and accelerator programs (such as those run by CrowdStrike) offer curated, credible entry points to newer solutions. These platforms can streamline the validation process while introducing fresh capabilities that legacy tools may lack.Lead With the Business, Not the TechFor Miller, the CISO’s most valuable contribution is helping business leaders understand their own risks—especially the ones they don’t associate with cybersecurity. By starting with “What are your biggest non-cyber risks?” Miller helps organizations connect the dots between core operations and digital exposure.Whether working in manufacturing, retail, or financial services, his approach remains consistent: understand how the business creates value, then align security programs and tooling accordingly. The tech, he reminds us, comes second.Catch the full conversation to hear more on third-party risk, building high-functioning teams, and why peer conversations at conferences like RSAC are essential to the health of the cybersecurity community.___________Guest: Phillip Miller, CISO and founder of Qurple | https://www.linkedin.com/in/pemiller/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSsean martin, phillip miller, rsac 2025, cybersecurity, ciso, startups, risk, marketplace, leadership, technology, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Fred Wilmot, CEO and co-founder of Detecteam, and Sebastien Tricaud, CTO and co-founder, bring a candid and critical take on cybersecurity’s detection and response problem. Drawing on their collective experience—from roles at Splunk, Devo, and time spent in defense and offensive operations—they raise a core question: does any of the content, detections, or tooling security teams deploy actually work?The Detecteam founders challenge the industry’s obsession with metrics like mean time to detect or respond, pointing out that these often measure operational efficiency—not true risk readiness. Instead, they propose a shift in thinking: stop optimizing broken processes and start creating better ones.At the heart of their work is a new approach to detection engineering—one that continuously generates and validates detections based on actual behavior, environmental context, and adversary tactics. It’s about moving away from one-size-fits-all IOCs toward purpose-built, context-aware detections that evolve as threats do.Sebastien highlights the absurdity of relying on static, signature-based detection in a world of dynamic threats. Adversaries constantly change tactics, yet detection rules often sit unchanged for months. The platform they’ve built breaks detection down into a testable, iterative process—closing the gap between intel, engineering, and operations. Teams no longer need to rely on hope or external content packs—they can build, test, and validate detections in minutes.Fred explains the benefit in terms any CISO can understand: this isn’t just detection—it’s readiness. If a team can build a working detection in under 15 minutes, they beat the average breakout time of many attackers. That’s a tangible advantage, especially when operating with limited personnel.This conversation isn’t about a silver bullet or more noise—it’s about clarity. What’s working? What’s not? And how do you know? For organizations seeking real impact in their security operations—not just activity—this episode explores a path forward that’s faster, smarter, and grounded in reality.Learn more about Detecteam: https://itspm.ag/detecteam-21686Note: This story contains promotional content. Learn more.Guests: Fred Wilmot, Co-Founder & CEO, Detecteam | https://www.linkedin.com/in/fredwilmot/Sebastien Tricaud, Co-Founder & CTO, Detecteam | https://www.linkedin.com/in/tricaud/ResourcesLearn more and catch more stories from Detecteam: https://www.itspmagazine.com/directory/detecteamWebinar: Rethink, Don’t Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with Detecteam | https://www.crowdcast.io/c/rethink-dont-just-optimize-a-new-philosophy-for-intelligent-detection-and-response-an-itspmagazine-webinar-with-detecteam-314ca046e634Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, fred wilmot, sebastien tricaud, detecteam, detection, cybersecurity, behavior, automation, red team, blue team, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Subo Guha, Senior Vice President of Product Management at Stellar Cyber, shares how the company is reshaping cybersecurity operations for managed service providers (MSPs) and their customers. Stellar Cyber’s mission is to simplify security without compromising depth—making advanced cybersecurity capabilities accessible to organizations without enterprise-level resources.Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint and network tools they already use—such as CrowdStrike or SentinelOne—without being locked into a single ecosystem. This flexibility proves especially valuable to MSSPs managing dozens or hundreds of customers with diverse toolsets, including those that have grown through acquisitions. The platform’s modular sensor technology supports IT, OT, and hybrid environments, offering deep packet inspection, network detection, and even user behavior analytics to flag potential lateral movement or anomalous activity.One of the most compelling updates from the conversation is the introduction of their autonomous SOC capability. Subo emphasizes this is not about replacing humans but amplifying their efforts. The platform groups alerts into actionable cases, reducing noise and allowing analysts to respond faster. Built-in machine learning and threat intelligence feeds enrich data as it enters the system, helping determine if something is benign or a real threat.The episode also highlights new program launches like Infinity, which enhances business development and peer collaboration for MSSP partners, and their Cybersecurity Alliance, which deepens integration across a wide variety of security tools. These efforts reflect Stellar Cyber’s strong commitment to ecosystem support and customer-centric growth.Subo closes by reinforcing the importance of scalability and affordability. Stellar Cyber offers a single platform with unified licensing to help MSSPs grow without adding complexity or cost. It’s a clear statement: powerful security doesn’t need to be out of reach for smaller teams or companies.This episode offers a practical view into what it takes to operationalize cybersecurity across diverse environments—and why automation with human collaboration is the path forward.Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, subo guha, xdr, mssp, cybersecurity, automation, soc, ai, ot, threat detection, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Organizations are demanding more from their IT management platforms—not just toolsets, but tailored systems that meet specific business and security objectives. Vivin Sathyan, Senior Technology Evangelist at ManageEngine, shares how the company is responding with an integrated approach that connects IT, security, and business outcomes.ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service management, and analytics. These components don’t just coexist—they interact contextually. Vivin outlines a real-world example from the healthcare sector, where a SIM tool detects abnormal login behavior, triggers an identity system to challenge access, and then logs the incident for IT service resolution. This integrated chain reflects a philosophy where response is not just fast, but connected and accountable.At the heart of the platform’s effectiveness is contextual intelligence—layered between artificial intelligence and business insights—to power decision-making that aligns with enterprise risk and compliance needs. Whether it’s SOC analysts triaging events, CIS admins handling system hygiene, or CISOs aligning actions with corporate goals, the tools are tailored to fit roles, not just generic functions. According to Vivin, this role-based approach is critical to eliminating silos and ensuring teams speak the same operational and risk language.AI continues to play a role in enhancing that coordination, but ManageEngine is cautious not to follow hype for its own sake. The company has invested in its own AI and ML capabilities since 2012, and recently launched an agent studio—but only after evaluating how new models can meaningfully add value. Vivin points out that enterprise use cases often benefit more from small, purpose-built language models than from massive general-purpose ones.Perhaps most compelling is ManageEngine’s global-first strategy. With operations in nearly 190 countries and 18+ of its own data centers, the company prioritizes proximity to customers—not just for technical support, but for cultural understanding and local compliance. That closeness informs both product design and customer trust, especially as regulations around data sovereignty intensify.This episode challenges listeners to consider whether their tools are merely present—or actually connected. Are you enabling collaboration through context, or just stitching systems together and calling it a platform?Learn more about ManageEngine: https://itspm.ag/manageen-631623Note: This story contains promotional content. Learn more.Guest: Vivin Sathyan, Senior Technology Evangelist, ManageEngine | https://www.linkedin.com/in/vivin-sathyan/ResourcesLearn more and catch more stories from ManageEngine: https://www.itspmagazine.com/directory/manageengineLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, vivin sathyan, cybersecurity, ai, siem, identity, analytics, integration, platform, risk, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn’t on commoditized services—it’s on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn’t hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire’s evolution reflects this shift. It’s not just about running a penetration test or red team operation in isolation. It’s about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they’re seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It’s about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson’s reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes’ original design.Emily outlines a critical flaw: Kubernetes wasn’t built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn’t real—it’s just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn’t disrupt developer workflows, integrates easily at the infrastructure layer, and doesn’t require retraining or restructuring CI/CD pipelines. It’s secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today’s ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today’s container sprawl, but tomorrow’s AI-powered compute environments.This is more than a product pitch—it’s a reframing of how we define and implement security at the container level. The full conversation reveals what’s possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Sean Martin speaks with Richard Seiersen, Chief Risk Technology Officer at Qualys, about a new way to think about cybersecurity—one that puts value and business resilience at the center, not just threats.Richard shares the thinking behind Qualys’ Risk Operations Center, a new approach that responds directly to a common pain point: organizations struggling to manage vast amounts of telemetry from dozens of security tools without clear direction on how to act. Instead of forcing companies to build and maintain massive internal platforms just to piece together asset, vulnerability, and threat data, Qualys is creating a system to operationalize risk as a real-time, measurable business function.With a background that includes serving as Chief Risk Officer at a cyber insurance firm and co-authoring foundational books like How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto, Richard frames the conversation in practical business terms. He emphasizes that success is not just about detecting threats, but about understanding where value exists in the business, and how to protect it efficiently.From Security Operations to Risk OperationsWhile a traditional SOC focuses on attack surface and compromise detection, the Risk Operations Center is designed to understand, prioritize, and mitigate value at risk. Richard describes how this involves normalizing data across environments, connecting asset identities—including ephemeral and composite digital assets—and aligning technical activity to business impact.The Risk Operations Center enables teams to think in terms of risk surface, not just threat surface, by giving security leaders visibility into what matters most—and the tools to act accordingly. And importantly, it does so without increasing headcount.A CISO’s Role in the Business of RiskRichard challenges security leaders to break away from purely tactical work and lean into business alignment. He argues that boards want CISOs who think strategically—who can talk about capital reserves, residual risk, and how mitigation and transfer can be measured against business outcomes. In his words, “A successful business is in the business of exposing more value to more people… security must understand and support that mission.”This episode is packed with ideas worth listening to and sharing. What would your version of a Risk Operations Center look like?Learn more about Qualys: https://itspm.ag/qualys-908446Note: This story contains promotional content. Learn more.Guest: Rich Seiersen, Chief Risk Technology Officer, Qualys | https://www.linkedin.com/in/richardseiersen/ResourcesLearn more and catch more stories from Qualys: https://www.itspmagazine.com/directory/qualysLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, richard seiersen, risk, cybersecurity, data, resilience, telemetry, automation, ciso, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.