ITSPmagazine

This year at Black Hat USA 2025, the conversation is impossible to escape: artificial intelligence. But while every vendor claims an AI-powered edge, the real question is how organizations can separate meaningful innovation from noise.In our discussion with Evgeniy Kharam, Vice President of Cybersecurity Architecture at Herjavec Group (formerly), Chief Strategy Officer (CSO) at Discern Security, and long-time security leader and author, the theme of AI confusion takes center stage. Evgeniy notes that CISOs and security architects don’t have the time or resources to analyze what “AI” means in every product pitch. With over 4,000 vendors in the ecosystem, each layering its own flavor of AI, the burden falls on security leaders to distinguish hype from usable automation.From Gondola Pitches to AI OverloadEvgeniy shares how his creative networking events—skiing, biking, and beyond—mirror the industry’s need for genuine connection and trust. Just as his “gondola pitch” builds authentic engagement, buyers want clarity and honesty from technology providers. The proliferation of AI labels, however, makes that trust harder to establish.Where AI Can HelpEvgeniy highlights areas where AI can reduce friction, from vulnerability management and detection to policy writing and compliance. Yet, even here, issues such as hallucinations, privacy tradeoffs, and ethics cannot be ignored. When AI begins influencing employee monitoring or analyzing sensitive data, organizations face difficult questions about fairness, transparency, and control.The Unspoken Challenge: Surveillance and TrustAs we discuss the balance between employee privacy and corporate protection, it becomes clear that AI introduces new layers of surveillance. In Europe, cultural and legal boundaries create clear separation between personal and professional lives. In North America, the lines blur, raising ethical debates that may ultimately be tested in courts.The takeaway? AI has the potential to unlock workflows that were previously too costly or complex. But without transparency, governance, and a commitment to responsible use, the “AI in everything” trend risks overwhelming the very leaders it is meant to help.___________Guest:Evgeniy Kharam, Chief Strategy Officer (CSO), Discern Security | On LinkedIn: https://www.linkedin.com/in/ekharam/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSsean martin, marco ciappelli, evgeniy kharam, black hat usa 2025, ai, privacy, surveillance, cybersecurity, automation, governance, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com ______Title: Why Electric Vehicles Need an Apollo Program: The Reneweable Energy Infrastructure Reality We're Ignoring | A Conversation with Mats Larsson | Redefining Society And Technology Podcast With Marco Ciappelli______Guest: Mats Larsson New book: "How Building the Future Really Works." Business developer, project manager and change leader – Speaker. I'm happy to connect!On LinkedIn: https://www.linkedin.com/in/matslarsson-author/Host: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society 🌎 LAX 🛸 FLR 🌍WebSite: https://marcociappelli.comOn LinkedIn: https://www.linkedin.com/in/marco-ciappelli/_____________________________This Episode’s SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________⸻ Podcast Summary ⸻ Swedish business consultant Mats Larsson reveals why electric vehicle transition requires Apollo program-scale government investment. We explore the massive infrastructure gap between EV ambitions and reality, from doubling power generation to training electrification architects. This isn't about building better cars—it's about reimagining our entire transportation ecosystem in our Hybrid Analog Digital Society.⸻ Article ⸻ When Reality Meets Electric Dreams: Lessons from the Apollo MindsetI had one of those conversations that stops you in your tracks. Mats Larsson, calling in from Stockholm while I connected from Italy, delivered a perspective on electric vehicles that shattered my comfortable assumptions about our technological transition."First of all, we need to admit that we do not know exactly how to build the future. And then we need to start building it." This wasn't just Mats being philosophical—it was a fundamental admission that our approach to electrification has been dangerously naive.We've been treating the electric vehicle transition like upgrading our smartphones—expecting it to happen seamlessly, almost magically, while we go about our daily lives. But as Mats explained, referencing the Apollo program, monumental technological shifts require something we've forgotten how to do: comprehensive, sustained, coordinated investment in infrastructure we can't even fully envision yet.The numbers are staggering. To electrify all US transportation, we'd need to double power generation—that's the equivalent of 360 nuclear reactors worth of electricity. For hydrogen? Triple it. While Tesla and Chinese manufacturers gained their decade-plus advantage through relentless investment cycles, traditional automakers treated electric vehicles as "defensive moves," showcasing capability without commitment.But here's what struck me most: we need entirely new competencies. "Electrification strategists and electrification architects," as Mats called them—professionals who can design power grids capable of charging thousands of logistics vehicles daily, infrastructure that doesn't exist in our current planning vocabulary.We're living in this fascinating paradox of our Hybrid Analog Digital Society. We've become so accustomed to frictionless technological evolution—download an update, get new features—that we've lost appreciation for transitions requiring fundamental systemic change. Electric vehicles aren't just different cars; they're a complete reimagining of energy distribution, urban planning, and even our relationship with mobility itself.This conversation reminded me why I love exploring the intersection of technology and society. It's not enough to build better batteries or faster chargers. We're redesigning civilization's transportation nervous system, and we're doing it while pretending it's just another product launch.What excites me isn't just the technological challenge—it's the human coordination required. Like the Apollo program, this demands that rare combination of visionary leadership, sustained investment, and public will that transcends political cycles and market quarters.Listen to my full conversation with Mats, and let me know: Are we ready to embrace the Apollo mindset for our electric future?Subscribe wherever you get your podcasts, and join me on YouTube for the full experience. Let's continue this conversation—because in our rapidly evolving world, these discussions shape the future we're building together.Cheers,Marco⸻ Keywords ⸻ Electric Vehicles, Technology And Society, Infrastructure, Innovation, Sustainable Transport, electric vehicles, society and technology, infrastructure development, apollo program, energy transition, government investment, technological transformation, sustainable mobility, power generation, digital society__________________ Enjoy. Reflect. Share with your fellow humans.And if you haven’t already, subscribe to Musing On Society & Technology on LinkedIn — new transmissions are always incoming.https://www.linkedin.com/newsletters/musing-on-society-technology-7079849705156870144You’re listening to this through the Redefining Society & Technology podcast, so while you’re here, make sure to follow the show — and join me as I continue exploring life in this Hybrid Analog Digital Society.End of transmission.____________________________Listen to more Redefining Society & Technology stories and subscribe to the podcast:👉 https://redefiningsocietyandtechnologypodcast.comWatch the webcast version on-demand on YouTube:👉 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9Are you interested Promotional Brand Stories for your Company and Sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We're Becoming Dumb and Numb": Why Black Hat 2025's AI Hype Is Killing Cybersecurity -- And Our Ability to Think Random and Unscripted Weekly Update Podcast with Sean Martin and Marco Ciappelli__________________SummarySean and Marco dissect Black Hat USA 2025, where every vendor claimed to have "agentic AI" solutions. They expose how marketing buzzwords create noise that frustrates CISOs seeking real value. Marco references the Greek myth of Talos - an ancient AI robot that seemed invincible until one fatal flaw destroyed it - as a metaphor for today's overinflated AI promises. The discussion spirals into deeper concerns: are we becoming too dependent on AI decision-making? They warn about echo chambers, lowest common denominators, and losing our ability to think critically. The solution? Stop selling perfection, embrace product limitations, and keep humans in control. __________________10 Notable QuotesSean:"It's hard for them to siphon the noise. Sift through the noise, I should say, and figure out what the heck is really going on.""If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make things better.""We'll stop thinking and we won't use it as a tool to make our minds better, to make our decisions better.""We are told then that this is the reality. This is what good looks like.""Maybe there's a different way to even look at things. So it's kind of become uniform... a very low common denominator that is just good enough for everybody."Marco:"Do you really wanna trust the weapon to just go and shoot everybody? At least you can tell it's a human factor and that's the people that ultimately decide.""If we don't make decision anymore, we're gonna turn out in a lot of those sci-fi stories, like the time machine where we become dumb.""We all perceive reality to be different from what it is, and then it creates a circular knowledge learning where we use AI to create the knowledge, then to ask the question, then to give the answers.""We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head.""You're selling the illusion of security and that could be something that then you replicate in other industries." Picture this: You walk into the world's largest cybersecurity conference, and every single vendor booth is screaming the same thing – "agentic AI." Different companies, different products, but somehow they all taste like the same marketing milkshake.That's exactly what Sean Martin and Marco Ciappelli witnessed at Black Hat USA 2025, and their latest Random and Unscripted with Sean and Marco episode pulls no punches in exposing what's really happening behind the buzzwords."Marketing just took all the cool technology that each vendor had, put it in a blender and made a shake that just tastes the same," Marco reveals on Random and Unscripted with Sean and Marco, describing how the conference floor felt like one giant echo chamber where innovation got lost in translation.But this isn't just another rant about marketing speak. The Random and Unscripted with Sean and Marco conversation takes a darker turn when Marco introduces the ancient Greek myth of Talos – a bronze giant powered by divine ichor who was tasked with autonomously defending Crete. Powerful, seemingly invincible, until one small vulnerability brought the entire system crashing down.Sound familiar?"Do you really wanna trust the weapon to just go and shoot everybody?" Marco asks, drawing parallels between ancient mythology and today's rush to hand over decision-making to AI systems we don't fully understand.Sean, meanwhile, talked to frustrated CISOs throughout the event who shared a common complaint: "It's hard for them to sift through the noise and figure out what the heck is really going on." When every vendor claims their AI is autonomous and perfect, how do you choose? How do you even know what you're buying?The real danger, they argue on Random and Unscripted with Sean and Marco, isn't just bad purchasing decisions. It's what happens when we stop thinking altogether."If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make our minds better," Sean warns. We risk settling for what he calls the "lowest common denominator" – a world where AI tells us what success looks like, and we never question whether we could do better.Marco goes even further, describing a "circular knowledge learning" trap where "we use AI to create the knowledge, then to ask the question, then to give the answers." The result? "We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head."Their solution isn't to abandon AI – it's to get honest about what it can and can't do. "Stop looking for the easy button and stop selling the easy button," Marco urges vendors on Random and Unscripted with Sean and Marco. "Your product is probably as good as it is."Sean adds: "Don't be afraid to share your blemishes, share your weaknesses. Share your gaps."Because here's the thing CISOs know that vendors often forget: "CISOs are not stupid. They talk to each other. The truth will come out."In an industry built on protecting against deception, maybe it's time to stop deceiving ourselves about what AI can actually deliver. ________________ Keywordscybersecurity, artificialintelligence, blackhat2025, agentic, ai, marketing, ciso, cybersec, infosec, technology, leadership, vendor, innovation, automation, security, tech, AI, machinelearning, enterprise, business________________Hosts links:📌 Marco Ciappelli: https://www.marcociappelli.com📌 Sean Martin: https://www.seanmartin.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode’s SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3August 18, 2025The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes OptionalReflections from Black Hat USA 2025 on Deception, Disinformation, and the Marketing That Chose Fiction Over FactsBy Marco CiappelliSean Martin, CISSP just published his analysis of Black Hat USA 2025, documenting what he calls the cybersecurity vendor "echo chamber." Reviewing over 60 vendor announcements, Sean found identical phrases echoing repeatedly: "AI-powered," "integrated," "reduce analyst burden." The sameness forces buyers to sift through near-identical claims to find genuine differentiation.This reveals more than a marketing problem—it suggests that different technologies are being fed into the same promotional blender, possibly a generative AI one, producing standardized output regardless of what went in. When an entire industry converges on identical language to describe supposedly different technologies, meaningful technical discourse breaks down.But Sean's most troubling observation wasn't about marketing copy—it was about competence. When CISOs probe vendor claims about AI capabilities, they encounter vendors who cannot adequately explain their own technologies. When conversations moved beyond marketing promises to technical specifics, answers became vague, filled with buzzwords about proprietary algorithms.Reading Sean's analysis while reflecting on my own Black Hat experience, I realized we had witnessed something unprecedented: an entire industry losing the ability to distinguish between authentic capability and generated narrative—precisely as that same industry was studying external "narrative attacks" as an emerging threat vector.The irony was impossible to ignore. Black Hat 2025 sessions warned about AI-generated deepfakes targeting executives, social engineering attacks using scraped LinkedIn profiles, and synthetic audio calls designed to trick financial institutions. Security researchers documented how adversaries craft sophisticated deceptions using publicly available content. Meanwhile, our own exhibition halls featured countless unverifiable claims about AI capabilities that even the vendors themselves couldn't adequately explain.But to understand what we witnessed, we need to examine the very concept that cybersecurity professionals were discussing as an external threat: narrative attacks. These represent a fundamental shift in how adversaries target human decision-making. Unlike traditional cyberattacks that exploit technical vulnerabilities, narrative attacks exploit psychological vulnerabilities in human cognition. Think of them as social engineering and propaganda supercharged by AI—personalized deception at scale that adapts faster than human defenders can respond. They flood information environments with false content designed to manipulate perception and erode trust, rendering rational decision-making impossible.What makes these attacks particularly dangerous in the AI era is scale and personalization. AI enables automated generation of targeted content tailored to individual psychological profiles. A single adversary can launch thousands of simultaneous campaigns, each crafted to exploit specific cognitive biases of particular groups or individuals.But here's what we may have missed during Black Hat 2025: the same technological forces enabling external narrative attacks have already compromised our internal capacity for truth evaluation. When vendors use AI-optimized language to describe AI capabilities, when marketing departments deploy algorithmic content generation to sell algorithmic solutions, when companies building detection systems can't detect the artificial nature of their own communications, we've entered a recursive information crisis.From a sociological perspective, we're witnessing the breakdown of social infrastructure required for collective knowledge production. Industries like cybersecurity have historically served as early warning systems for technological threats—canaries in the coal mine with enough technical sophistication to spot emerging dangers before they affect broader society.But when the canary becomes unable to distinguish between fresh air and poison gas, the entire mine is at risk.This brings us to something the literary world understood long before we built our first algorithm. Jorge Luis Borges, the Argentine writer, anticipated this crisis in his 1940s stories like "On Exactitude in Science" and "The Library of Babel"—tales about maps that become more real than the territories they represent and libraries containing infinite books, including false ones. In his fiction, simulations and descriptions eventually replace the reality they were meant to describe.We're living in a Borgesian nightmare where marketing descriptions of AI capabilities have become more influential than actual AI capabilities. When a vendor's promotional language about their AI becomes more convincing than a technical demonstration, when buyers make decisions based on algorithmic marketing copy rather than empirical evidence, we've entered that literary territory where the map has consumed the landscape. And we've lost the ability to distinguish between them.The historical precedent is the 1938 War of the Worlds broadcast, which created mass hysteria from fiction. But here's the crucial difference: Welles was human, the script was human-written, the performance required conscious participation, and the deception was traceable to human intent. Listeners had to actively choose to believe what they heard.Today's AI-generated narratives operate below the threshold of conscious recognition. They require no active participation—they work by seamlessly integrating into information environments in ways that make detection impossible even for experts. When algorithms generate technical claims that sound authentic to human evaluators, when the same systems create both legitimate documentation and marketing fiction, we face deception at a level Welles never imagined: the algorithmic manipulation of truth itself.The recursive nature of this problem reveals itself when you try to solve it. This creates a nearly impossible situation. How do you fact-check AI-generated claims about AI using AI-powered tools? How do you verify technical documentation when the same systems create both authentic docs and marketing copy? When the tools generating problems and solving problems converge into identical technological artifacts, conventional verification approaches break down completely.My first Black Hat article explored how we risk losing human agency by delegating decision-making to artificial agents. But this goes deeper: we risk losing human agency in the construction of reality itself. When machines generate narratives about what machines can do, truth becomes algorithmically determined rather than empirically discovered.Marshall McLuhan famously said "We shape our tools, and thereafter they shape us." But he couldn't have imagined tools that reshape our perception of reality itself. We haven't just built machines that give us answers—we've built machines that decide what questions we should ask and how we should evaluate the answers.But the implications extend far beyond cybersecurity itself. This matters far beyond. If the sector responsible for detecting digital deception becomes the first victim of algorithmic narrative pollution, what hope do other industries have? Healthcare systems relying on AI diagnostics they can't explain. Financial institutions using algorithmic trading based on analyses they can't verify. Educational systems teaching AI-generated content whose origins remain opaque.When the industry that guards against deception loses the ability to distinguish authentic capability from algorithmic fiction, society loses its early warning system for the moment when machines take over truth construction itself.So where does this leave us? That moment may have already arrived. We just don't know it yet—and increasingly, we lack the cognitive infrastructure to find out.But here's what we can still do: We can start by acknowledging we've reached this threshold. We can demand transparency not just in AI algorithms, but in the human processes that evaluate and implement them. We can rebuild evaluation criteria that distinguish between technical capability and marketing narrative.And here's a direct challenge to the marketing and branding professionals reading this: it's time to stop relying on AI algorithms and data optimization to craft your messages. The cybersecurity industry's crisis should serve as a warning—when marketing becomes indistinguishable from algorithmic fiction, everyone loses. Social media has taught us that the most respected brands are those that choose honesty over hype, transparency over clever messaging. Brands that walk the walk and talk the talk, not those that let machines do the talking.The companies that will survive this epistemological crisis are those whose marketing teams become champions of truth rather than architects of confusion. When your audience can no longer distinguish between human insight and machine-generated claims, authentic communication becomes your competitive advantage.Most importantly, we can remember that the goal was never to build machines that think for us, but machines that help us think better.The canary may be struggling to breathe, but it's still singing. The question is whether we're still listening—and whether we remember what fresh air feels like.Let's keep exploring what it means to be human in this Hybrid Analog Digital Society. Especially now, when the stakes have never been higher, and the consequences of forgetting have never been more real. End of transmission.___________________________________________________________Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.___________________________________________________________Enjoyed this transmission? Follow the newsletter here:https://www.linkedin.com/newsletters/7079849705156870144/Share this newsletter and invite anyone you think would enjoy it!New stories always incoming.___________________________________________________________As always, let's keep thinking!Marco Ciappellihttps://www.marcociappelli.com___________________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Writer | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At Black Hat USA 2025, artificial intelligence wasn’t the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick’s keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen’s “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At Black Hat 2025, Sean Martin sits down with Ofir Stein, CTO and Co-Founder of Apono, to discuss the pressing challenges of identity and access management in today’s hybrid, AI-driven environments. Stein’s background in technology infrastructure and DevOps, paired with his co-founder’s deep cybersecurity expertise, positions the company to address one of the most common yet critical problems in enterprise security: how to secure permissions without slowing the pace of business.Organizations often face a tug-of-war between security teams seeking to minimize risk and engineering or business units pushing for rapid access to systems. Stein explains that traditional approaches to access control — where permissions are either always on or granted through manual processes — create friction and risk. Over-provisioned accounts become prime targets for attackers, while delayed access slows innovation.Apono addresses this through a Zero Standing Privilege approach, where no user — human or non-human — retains permanent permissions. Instead, access is dynamically granted based on business context and automatically revoked when no longer needed. This ensures engineers and systems get the right access at the right time, without exposing unnecessary attack surfaces.The platform integrates seamlessly with existing identity providers, governance systems, and IT workflows, allowing organizations to centralize visibility and control without replacing existing tools. Dynamic, context-based policies replace static rules, enabling access that adapts to changing conditions, including the unpredictable needs of AI agents and automated workflows.Stein also highlights continuous discovery and anomaly detection capabilities, enabling organizations to see and act on changes in privilege usage in real time. By coupling visibility with automated policy enforcement, organizations can not only identify over-privileged accounts but also remediate them immediately — avoiding the cycle of one-off audits followed by privilege creep.The result is a solution that scales with modern enterprise needs, reduces risk, and empowers both security teams and end users. As Stein notes, giving engineers control over their own access — including the ability to revoke it — fosters a culture of shared responsibility for security, rather than one of gatekeeping.Learn more about Apono: https://itspm.ag/apono-1034Note: This story contains promotional content. Learn more.Guest:Ofir Stein, CTO and Co-Founder of Apono | On LinkedIn: https://www.linkedin.com/in/ofir-stein/ResourcesLearn more and catch more stories from Apono: https://www.itspmagazine.com/directory/aponoLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, ofir stein, apono, zero standing privilege, access management, identity security, privilege creep, just in time access, ai security, governance, cloud security, black hat, black hat usa 2025, cybersecurity, permissions Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At Black Hat USA 2025, Sean Martin, co-founder of ITSPmagazine, sat down with Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, to discuss the findings from the company’s latest ransomware report. Over the past five years, the research has tracked how attack patterns, targets, and business models have shifted—most notably from file encryption to data theft and extortion.Brett explains that many ransomware groups now find it more profitable—and less risky—to steal sensitive data and threaten to leak it unless paid, rather than encrypt files and disrupt operations. This change also allows attackers to stay out of the headlines and avoid immediate law enforcement pressure, while still extracting massive payouts. One case saw a Fortune 50 company pay $75 million to prevent the leak of 100 terabytes of sensitive medical data—without a single file being encrypted.The report highlights variation in attacker methods. Some groups focus on single large targets; others, like the group “LOP,” exploit vulnerabilities in widely used file transfer applications, making supply chain compromise a preferred tactic. Once inside, attackers validate their claims by providing file trees and sample data—proving the theft is real.Certain industries remain disproportionately affected. Healthcare, manufacturing, and technology are perennial top targets, with oil and gas seeing a sharp increase this year. Many victims operate with legacy systems, slow to adopt modern security measures, making them vulnerable. Geographically, the U.S. continues to be hit hardest, accounting for roughly half of all observed ransomware incidents.The conversation also addresses why organizations fail to detect such massive data theft—sometimes hundreds of gigabytes per day over weeks. Poor monitoring, limited security staffing, and alert fatigue all contribute. Brett emphasizes that reducing exposure starts with eliminating unnecessary internet-facing services and embracing zero trust architectures to prevent lateral movement.The ransomware report serves not just as a data source but as a practical guide. By mapping observed attacker behaviors to defensive strategies, organizations can better identify and close their most dangerous gaps—before becoming another statistic in next year’s findings.Learn more about Zscaler: https://itspm.ag/zscaler-327152Note: This story contains promotional content. Learn more.Guest:Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, | On LinkedIn: https://www.linkedin.com/in/brett-stone-gross/ResourcesLearn more and catch more stories from Zscaler: https://www.itspmagazine.com/directory/zscalerLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, brett stone-gross, ransomware, data extortion, cyber attacks, zero trust security, threat intelligence, data breach, cyber defense, network security, file transfer vulnerability, data protection, black hat, black hat usa 2025, zscaler Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Marco Ciappelli of ITSPmagazine explores cybersecurity workforce transformation with CyberSN's Deidre Diamond and Fortune 200 CISO-turned-CEO Carraig StanwyckThe corridors of Black Hat 2025 in Las Vegas buzzed with conversations about AI and emerging threats, but one of the most compelling discussions centered on something decidedly human: how we actually manage our cybersecurity teams. Marco Ciappelli, Co-Founder and CMO of ITSPmagazine, connected with longtime industry colleague Deidre Diamond, who brought along Carraig Stanwyck—a seasoned cybersecurity leader who recently transitioned from Fortune 200 CISO to CEO."It's been great running into people I know here at Black Hat," Ciappelli noted, "but finding Deidre after 11 years—and meeting the people she's been working with—that's what these events are really about. Finding out what's happening in the industry and reconnecting."Diamond, who has spent 11 years in cybersecurity with eight years focused on talent matching and three years developing workforce risk management practices at CyberSN, brought a unique perspective to the conversation. Her journey from building a cyber taxonomy and job matching solution to addressing the industry's critical workforce challenges—retention, burnout, capability gaps, and career planning—set the stage for understanding how one Fortune 200 CISO discovered the limitations of traditional workforce management.The Excel Trap: When Good Intentions Meet RealityWhen Stanwyck thought he had workforce management figured out, he was using Excel spreadsheets and conducting regular happiness surveys with his cybersecurity team. As someone who started his career in human intelligence and carried that people-focused approach through government, startups, and enterprise organizations, he believed he was ahead of the curve."I thought I already had a solution," Stanwyck reflects. "I was already meeting with my people, doing specific surveys to track happiness and belonging because I wanted to catch issues early. You get your team right, and you can do anything."But when he met Deidre Diamond from CyberSN at RSA two years ago, his confidence was quickly shaken. "She was talking about workforce risk management, and I was like, 'Well, yeah, I do that. I'm all set. I'm covered.'" Diamond's response was simple: "Show me how you visualize the data you use."That's when Stanwyck discovered the limitations of his Excel-based approach—old data, time-intensive processes, and a fundamental lack of real-time visibility into how his team actually functioned.Beyond Job Titles: The Hidden Workforce RealityWhat CyberSN's platform revealed transformed Stanwyck's understanding of his own team. "You can re-interview your people like a recorder," he explains. "You can see that someone you hired as an analyst is doing all this engineering work—maybe they're better on the engineering team."The platform provided something Stanwyck had never experienced: quantitative visibility into how his team's time was actually being spent. "It gave me a level of visibility in the team, what they were doing, and how their time was being spent at a quantitative level that there's no way for me to replicate manually."Even more revealing was the discovery that job descriptions become obsolete almost immediately. "The job description of our talent is old within weeks and within months from the day it's created—if it was even created correctly at all," Diamond noted during the conversation.The Fulfillment Factor: Beyond Happiness to PurposeWhile Stanwyck's happiness surveys captured surface-level satisfaction, CyberSN's approach dug into something more fundamental. "HappinessHappy is important, but one that feels fulfilled—that they have a purpose—that's the key," Stanwyck emphasizes.The platform's approach to understanding team members went beyond traditional metrics. "When you know where they want to go, how they feel about the team, you get all this extra data," Stanwyck explains. "Your ability to craft development plans, to help them move through different parts of the team, to help with career planning—it becomes so nailed that they can't help but see their way forward."The impact was immediate and lasting. When Stanwyck transitioned to his CEO role, his team specifically requested that the organization renew their CyberSN contract. "These teammates feel like, wow, they're investing in understanding me more and planning more. It just adds to professional efficacy."From Reactive to Strategic: The Business Case RevolutionPerhaps the most significant transformation was in business communication. Every cybersecurity leader knows the refrain: "We don't have enough people." But quantifying that gap had always been nearly impossible."How do you show the gaps and how you're not able to meet specific capability requirements?" Stanwyck asks. "It's really hard using the lack of tools you have right now—it's very subjective."CyberSN's dual visualization capability became a game-changer. "You can see the whole org chart from people—what they're doing. But you can also flip it and see that same org chart from a capabilities perspective," Stanwyck describes. "Here's all the capabilities we need. How are they staffed? What are we missing? How do we plan for the future as we grow?"This visibility transformed conversations with executive leadership. "It's easier to get budgets, easier to make a business case for where you're going as you grow," Stanwyck notes. "CIOs, CFOs, CEOs can now understand what the security leader is dealing with in a way that's logical, not just a spreadsheet."The Multi-Tool DiscoveryThe platform revealed something crucial about modern cybersecurity teams: people are multi-tools, not single-purpose instruments. "You hire somebody because they do X or Y—that's the assumption," Stanwyck explains. "But when you get to know them better through the taxonomies, when you figure out what they end up doing on the team even if it wasn't what they were hired for, you start realizing these tools are multi-tools."This discovery enabled better strategic planning and resource allocation. "It allows you to have a much better plan for how you're gonna leverage them throughout the organization, help them upscale, identify those opportunities for them to maximize the value they're able to provide."The Human Element in an AI-Driven WorldAs Black Hat 2025 showcased the latest in AI and automation, Stanwyck offered a refreshing perspective on the role of humans in cybersecurity's future. "AI technologies are really statistical models of existing information—they're not creative, they're not thinking outside the box," he observes.Instead of replacement, Stanwyck advocates for empowerment. "I'm excited about companies that take a smarter approach—how do we empower the human? It's kind of like putting that superhero costume on rather than getting rid of them."For cybersecurity leaders still managing teams through spreadsheets and gut feelings, this Black Hat conversation offers a clear message: true workforce visibility isn't just about knowing who works for you—it's about understanding how they work, what fulfills them, and how to strategically position your human capabilities for the challenges ahead.CyberSN's workforce risk management platform transforms how cybersecurity leaders understand, develop, and strategically deploy their most valuable asset: their people.Learn more about CyberSN: https://itspm.ag/cybersn-476941Note: This story contains promotional content. Learn more.Guests:Deidre Diamond, Founder and CEO of CyberSN | On LinkedIn: https://www.linkedin.com/in/deidrediamond/Carraig Stanwyck, CEO at 3 Tree Tech and former Fortune 200 CISO | On LinkedIn: https://www.linkedin.com/in/carraig-stanwyck/ResourcesLearn more and catch more stories from CyberSN: https://www.itspmagazine.com/directory/cybersnLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: marco ciappelli, deidre diamond, carraig stanwyck, cybersecurity, workforce management, talent retention, job descriptions, skills gap, leadership, employee engagement, career development, black hat, black hat usa, black hat 2025, workforce risk management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Mike Wayne, responsible for global sales at BlinkOps, joins ITSPmagazine host Sean Martin to discuss how organizations can harness agentic AI to transform security operations—and much more.The conversation begins with a clear reality: business processes are complex, and when security is added into the mix, orchestrating workflows efficiently becomes even more challenging. BlinkOps addresses this by providing a platform that not only automates security tasks but also extends across HR, finance, sales, and marketing. By enabling automation in areas like employee onboarding/offboarding or access management, the platform helps organizations improve efficiency, reduce risk, and free human talent for higher-value work.Mike explains that while traditional SOAR tools require heavy scripting and ongoing maintenance, BlinkOps takes a different approach. Its security co-pilot allows users to describe automations in plain language, which are then generated—90% complete—by the system. Whether the user is a SOC analyst or an HR manager, the platform supports low-code and no-code capabilities, making automation accessible to “citizen developers” across the organization.The concept of micro agents is central. Instead of relying on large, complex AI models that can hallucinate or act unpredictably, BlinkOps uses focused, purpose-built agents with smaller context windows. These agents handle specific tasks—such as enriching security alerts—within larger workflows, ensuring accuracy and control.The benefits are tangible. One customer’s triage agent processed 400 alerts in just eight days without direct human intervention, while another saved $1.8 million in manual endpoint deployment costs over a single month. Outcomes like reduced mean time to respond (MTTR) and faster time to automation are key drivers for adoption, especially when facing zero-day vulnerabilities where speed is critical.BlinkOps runs as SaaS, hybrid, or in secure environments like GovCloud, making it adaptable for organizations of all sizes and compliance requirements.The takeaway is clear: AI-driven automation doesn’t just improve security operations—it creates new efficiencies across the enterprise. As Mike puts it, when a process can be automated, “just blink it.”Learn more about BlinkOps: https://itspm.ag/blinkops-942780Note: This story contains promotional content. Learn more.Guest: Mike Wayne, Vice President, Global Sales at BlinkOps | On Linkedin: https://www.linkedin.com/in/mikejwayne/ResourcesLearn more and catch more stories from BlinkOps: https://www.itspmagazine.com/directory/blinkopsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, mike wayne, blink ops, ai automation, agentic ai, micro agents, security automation, soc automation, workflow automation, zero day response, alert triage, enrichment agent, low code automation, cyber security ai, enterprise automation, black hat usa, black hat 2025 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.