Redefining CyberSecurity

A cautionary tale and a call to action for the digital age as we reimagine—perhaps even redefine—the relationship between technology and talent in cybersecurity.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Guest: David Hunt, AuthorOn Linkedin | https://www.linkedin.com/in/david-hunt-b72864200/On Twitter | https://twitter.com/privateducky____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity, host Sean Martin engages in a thought-provoking conversation with David Hunt, author of the book, Irreducibly Complex Systems: An Introduction to Continuous Security Testing, to explore the topic presented in the book.David introduces the concept of irreducibly complex systems, explaining that continuous security testing requires a system where all the individual components must be functioning correctly for the system to work. He uses the analogy of a mousetrap to illustrate this idea, highlighting that removing even one component renders the entire system useless.The conversation also digs into the challenges of testing in changing environments and the need to understand how defenses perform during specific time frames. They discuss the value of continuous security testing in gaining visibility into the effectiveness of security defenses and shedding light on techniques used by malicious actors.Sean, having been a software quality assurance engineer in previous roles, and David, having held numerous roles in the commercial, public, and non-profit realms, explore the differences between continuous security testing and traditional security testing. They explain that continuous testing focuses on evaluating how defenses respond to attacks, rather than testing offensive capabilities. Moreover, continuous security testing operates at complete scale on production systems, unlike traditional testing which is often limited to development environments.They also discuss the importance of overcoming the dichotomy of skill sets required for continuous security testing. David explains that the offensive skills needed to create effective tests and attacks are often separate from the software skills needed to build a safe, high-assurance command and control center.Throughout the episode, Sean and David provide listeners with valuable insights into the world of continuous security testing and its significance in the evolving cybersecurity landscape. They emphasize the need for organizations to adopt this approach in order to gain better visibility and understanding of their defenses in the face of emerging threats.There’s a lot to take from this conversation, including an extreme example of how continuous security testing results have redefined cybersecurity in David’s organization.____________________________About the bookContinuous security testing (CST) is a new strategy for validating your cyber defenses. We buy security products that promise to protect us, like EDR, but how do we know they're working? CST takes the stance that endpoints are the center of your infrastructure universe. Whether the operating system verticalizes defense or a third party is bolted on, it is the job of the endpoint to protect itself from within. This new concept dictates testing should occur around the clock, in production and at scale. It provides an open model that others can use to approach testing and finally answer the question: Do you know with certainty that your defenses will protect you against the latest threats?____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesIrreducibly Complex Systems: An Introduction to Continuous Security Testing (Book): https://www.yellowduckpublishing.com/books.html?title=icsd____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Sue Bergamo, Executive Advisor/CISO/CIO at BTE Partners, LLCOn Linkedin | https://www.linkedin.com/in/suebergamo/On Twitter | https://www.twitter.com/@suebergamoOn YouTube | https://www.youtube.com@suebergamo____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin engages in a conversation with guest Sue Bergamo about the dynamics and responsibilities of cybersecurity leadership. They discuss, compare, and contrast the roles of the CISO, CIO, and CTO in an organization and the handoff of tasks and responsibilities between them.Sue emphasizes the need for a holistic approach to security, with the CISO responsible for protecting the inner workings of the company and its data. They explore the challenges of hiring in the cybersecurity field and the impact of the current economic climate. Sue cautions against a siloed approach to security and advocates for a well-rounded security program. They discuss the importance of consistency and structure in change control and release management processes to prevent issues and vulnerabilities. They also emphasize the role of the CISO as a trusted advisor, communicator, and educator within the organization. They touch on the maturity level of cybersecurity programs and the need for organizations to embrace business-level conversations to reduce risk and exposure. Sue addresses the current state of the industry, highlighting the challenges faced by CISOs and security teams. She suggests that a calm and collected approach is a sign of a well-functioning security program. This, however, could leave the rest of the organization questioning their investment in cybersecurity. To this end, they discuss the importance of implementing controls and processes to create structure, improve security posture, and demonstrate this to the business leaders and key stakeholders.Overall, the episode provides valuable insights into the evolving role of the CISO and the importance of a holistic approach to cybersecurity. The conversation is informative, thoughtful, and thought-provoking, without sensationalizing the content or adopting a journalistic tone.Listeners can expect to gain insights into the complex dynamics of cybersecurity leadership and the challenges faced by organizations in the current landscape. Have a listen!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesShort-Takes (podcast): https://www.youtube.com/ @suebergamo ____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Trond Arne Undheim, Founder of Yegii [@Yegii_Insight] and Research Scholar in Global Systemic Risk, Innovation, and Policy at Stanford University [@Stanford].On Linkedin | https://www.linkedin.com/in/undheim/On Twitter | https://twitter.com/trondauWebsite | https://trondundheim.com/On Facebook| https://www.facebook.com/trond.undheim/On Instagram | https://www.instagram.com/trondundheim/?hl=enOn YouTube | https://www.youtube.com/channel/UCI4EpjuQzb58EiawzElwvYQ____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this thought-provoking episode of the Redefining CyberSecurity podcast, host Sean Martin is joined by futurist, Trond Arne Undheim, as they engage in a deep conversation about the intersection of technology, innovation, and risk management. Trond offers deep insights into the world of risk and the need for new paradigms to address emerging challenges.The conversation starts with a discussion on the importance of systematic feedback and validation-driven strategies in fostering innovation. Sean and Trond highlight the positive aspects of risk information, emphasizing that it can help save resources by redirecting efforts towards more viable avenues.Sean and Trond explore the notion of systems thinking and the challenges it presents. They explain that when we describe something as a "system," it implies that it is something we cannot fully control, but rather something we are amidst. They also touch on the concept of cascading risks, highlighting the potential dangers of multiple risks working together.The conversation shifts to the role of organizations in managing risk. Sean and Trond acknowledge the complexity and short-term focus of many risk management approaches and express the need for new institutions (non-profit, government, etc.) and companies (commercial product/service providers, for example) to address this gap. They mention the rise of industries focused on specific risk areas, such as cybersecurity and ESG risk, and predict that more industries will emerge to provide risk management services. Sean and Trond also explore the idea that a higher level of risk can spur innovation, but caution against irresponsible risk-taking. They stress the importance of finding a balance between risk and innovation.Join Sean and Trond for an engaging conversation rooted in philosophical discussion about the future of technology, the potential risks posed by emerging technologies like AI and bio-risks, and the impact of risk management on society. This episode of Redefining CyberSecurity Podcast helps to navigate the challenging landscape of technology and risk. We hope you enjoy it!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesYegii | https://yegii.org/blog/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

In this Brand Story episode, hosts Marco and Sean discuss data security and insider threats with their guest Terry Ray, field CTO and senior vice president for data security strategy at Imperva. The conversation covers a range of topics related to data security and the challenges organizations face.Terry highlights the need for clear policies and strategies to detect and prevent insider threats. He points out that while organizations may trust their employees and contractors, people are not always security-minded, which can lead to trouble. He also mentions the presence of malicious individuals, although they are fewer in number.Terry shares statistics that reveal a gap between organizations' perception of their data security and the reality of lacking comprehensive strategies as the trio explores the potential of AI in data security, with a focus on the limitations of AI in making complex decisions.Terry emphasizes the importance of human intelligence and oversight, arguing that AI is not yet capable of determining the best course of action in certain scenarios. He gives an example of using AI to compare web application firewalls and points out that AI may not have the context or intelligence to identify what is missing if it hasn't been done before.The group also discusses the balance between security and convenience, particularly in areas such as the medical field. They consider the advantages and risks of feeding AI with medical data and the potential for AI to find solutions that humans may not have considered.The conversation sheds light on some important strategies and best practices as well. To dive deeper into this topic and gain valuable insights from industry experts, we encourage you to listen to the full episode.Note: This story contains promotional content. Learn more.Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [@Imperva]On Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Press Release: Shadow AI set to drive new wave of insider threatsBlog: 7 Facts About Insider Threats That Should Make you Rethink Data SecurityResearch: Forrester Insider Threats Drive Data Protection ImprovementsAre you interested in telling your Brand Story?https://www.itspmagazine.com/telling-your-story

In this Brand Story podcast episode, host Sean Martin is joined by guest Marc Manzano from SandboxAQ. They explore the importance of future-proofing cryptography and the emerging field of quantum-resistant cryptography.The conversation revolves around the challenges of migrating to new cryptographic algorithms and the unknowns surrounding this process. They discuss how NIST is leading the way in defining new standards and the need for organizations to prepare for the upcoming changes. Marc introduces Sandwich, a meta library developed by SandboxAQ, which provides cryptographic agility and an easy-to-use API for secure application development with cryptography capabilities built-in. Marc explains how developers can download and build Sandwich, customize it with specific ingredients or features, and integrate it into their application development environment.In addition to Sandwich, the Security Suite by SandboxAQ is highlighted as a tool to help organizations modernize cryptography management. It provides visibility into where and how cryptography is used, along with modules for observability, compliance, and remediation. The Security Suite also offers optimization of cryptographic operations to reduce resource consumption and improve performance.Sean and Marc also touch on the challenges organizations face in understanding and implementing encryption and the collaboration between developers and security teams in managing encryption within the broader engineering and security operating environment. They discuss how Sandwich can help overcome hurdles and elevate security posture, allowing developers to focus on application development while the framework takes care of security.Overall, this episode provides insights into the evolving field of quantum-resistant cryptography, the importance of secure application development with cryptography at its core, and the role of tools like Sandwich and the Security Suite in enhancing cybersecurity practices, all aiming to educate listeners on the challenges and solutions in cryptography management.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Marc Manzano, Senior Director - Quantum Security, SandboxAQ [@SandboxAQ]On Linkedin | https://www.linkedin.com/in/marcmanzano/On Twitter | https://twitter.com/marcmanzanoResourcesLearn more about SandboxAQ and their offering: https://itspm.ag/sandboxaq-j2enRead the Sandwich Press Release: https://itspm.ag/sandbonpdaSandwich on Github: https://itspm.ag/sandbo3zq1Learn more about Sandwich: https://itspm.ag/sandboqao6Try SandboxAQ Security Suite: https://itspm.ag/sandbob3gyRead the Security Suite Press Release: https://itspm.ag/sandboxb3e744For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode of the Redefining CyberSecurity podcast, host Sean Martin along with guests Kirsten Renner and Marco Ciappelli, share their experiences and insights from DEF CON, the annual hacking conference taking place in Las Vegas, Nevada.Kirsten reflects on her nerves and excitement about speaking on the welcome panel at DEF CON, which was interrupted multiple times by alarms. Despite the interruptions, Kirsten highlights the positive reception from the audience and the approachability of well-known figures like Dark Tangent (DT) - (aka Jeff Moss). The conversation emphasizes the importance of engaging with others at conferences like DEF CON and offers tips on how to approach and interact with people. Kirsten also talks about the car hacking village, including the unique experiences like a Tesla being pummeled and hacked for a capture the flag (CTF) prize. The hosts and guest discuss the culture of badges at DEF CON, with the car hacking badges being functional and allowing participants to plug them into their cars.They mention the inclusiveness and welcoming nature of the DEF CON community and the impact of the research and content being presented. Throughout the episode, there is a comical element as Kirsten shares her experiences of speaking on stage during the alarm interruptions and the humorous interactions with the audience. The conversation also touches on Kirsten's son's involvement at DEF CON and the excitement of collecting badges, which are powered and customizable, adding to the overall sense of community and engagement at the conference. This episode offers a glimpse into the excitement, challenges, and camaraderie of attending and speaking at DEF CON, while emphasizing the importance of inclusiveness and the impact of the research being presented. Listen now to get a sense of this year's event - and be sure to follow Kirsten and the rest of the car hacking village crew to learn more about creating a safe and secure connected car ecosystem.About The Car Hacking VillageThe primary goal of the Car Hacking Village is to build a community around discovering weaknesses and exposing vulnerabilities that could significantly impact the safety and security of all drivers and passengers on the road today.  Educating security researchers on the functionality of vehicle systems coupled with providing them with the opportunity to gain hands-on experience working side by side with experts in this field is a plus for the attendees.   Leveraging the vast amount of experience the security research community brings to the Village may increase the safety and security of vehicles on the road today and for generations to come.  Breaches of automotive systems have been in the forefront of the global media for more than a year.  Wired and wireless exploitation of vehicle systems has become a critical safety concern for the automotive industry, the National Highway Traffic Safety Administration, Congress, the Department of Homeland Security, and consumers. Car Hacking Village plays an important role for researchers interested in the safety and security of the more than one billion vehicles on the road worldwide.  In 2015, over 16.5 million vehicles were sold in the United States.  On average, motor vehicles are driven over 15,000 miles annually and consumers spend upwards of 730 hours per year in their cars.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22Guest: Kirsten Renner, Community Volunteer at DEF CON 101On Linkedin | https://www.linkedin.com/in/krenner/On Twitter | https://twitter.com/KrennerOn YouTube | https://www.youtube.com/playlist?list=PLxjvVVSu5Q3-ttIUdxxyCvJiN-TXuJ7j0This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67aResourcesDEF CON 101 - Welcome to DEF CON Panel: https://forum.defcon.org/node/246130More info about the DEFCON31 Car Hacking Village Badge: https://www.youtube.com/watch?v=yvvOl6LfodQLive from the Car Hacking Village Interview (hack a Tesla Y): https://www.youtube.com/watch?v=2YyyTkMdWikITSP Black Hat 25 & DEF CON 30 Live Streaming Coverage with ITSPmagazine with Car Hacking Village: https://www.youtube.com/watch?v=1jMXUIW9FRESean and Kristen with their Car Hacking Village badge: https://twitter.com/Krenner/status/1028385017037115392?s=20Kristen on DC101 Panel (photo): https://twitter.com/bigrinnyo/status/1689807935096930304?s=20Car Hacking Village website: https://www.carhackingvillage.com/Car Hacking Village Talks | https://www.carhackingvillage.com/talksAt DEF CON: https://forum.defcon.org/node/240928For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests: Rob Black, Director at UK Cyber 9/12 Strategy Challenge [@Cyber912_UK]On LinkedIn | https://www.linkedin.com/in/rob-black-30440819/Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this thought-provoking episode of the Redefining CyberSecurity podcast, host Sean Martin engages in a deep conversation with guests Rob Black and Marco Ciappelli about the challenges and complexities of cybersecurity. The discussion revolves around the need to define the ultimate goal of cybersecurity and the potential impact on society, privacy, and human connection. They raise important questions about what it means to be a responsible cyber actor, exploring the clash between freedom of speech and content control.The trio discuss the difficulty of finding a balance between preventing harm and protecting fundamental rights.Deception emerges as a fascinating topic, with the conversation digging into the potential of using deceptive tactics to deter and disrupt cyber attackers. They ponder the ways in which attackers' decision-making can be influenced and their experiences manipulated to make it more challenging for them to succeed.The conversation also takes a philosophical turn, contemplating the existential threat posed by AI and the metaverse. They explore the potential loss of authentic human connection in a virtual world and the implications for society.Throughout the episode, they emphasize the importance of taking a comprehensive and strategic approach to cybersecurity, going beyond technology and considering psychological, social, and ethical factors. This conversation challenges conventional notions of cybersecurity and urges listeners to consider the broader implications and ethical dilemmas inherent in the digital realm.Get ready for some thought-provoking insights that will surely encourage you to further explore the complexities of cybersecurity and its impact on society.____Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____ResourcesUK Cyber 9/12 Strategy Challenge (Website): ukcyber912.co.ukThe Tularosa study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception (2019) Ferguson-Walter et al, Proceedings of the 52nd Hawaii International Conference on System Sciences 2019: https://hdl.handle.net/10125/60164Friend or Faux: Deception for Cyber Defence, (2017) Ferguson-Walter K, LaFon D, Shade T in Journal of Information Warfare (2017) 16.2 28-42: https://www.jinfowar.com/journal/volume-16-issue-2/friend-or-faux-deception-cyber-defenseDesign Thinking for Cyber Deception (2021) - Ashenden D, Black R, Reid I and Henderson S, Proceedings of the 54th Hawaii International Conference on System Sciences 2021: https://hdl.handle.net/10125/70853Cyber Security: Using Cyber Deception to Fight Off Our Attackers — Who is Our End of Level Boss? (Article): https://medium.com/@rob_black/cyber-security-using-cyber-deception-to-fight-off-our-attackers-who-is-our-end-of-level-boss-c6d2697eada____To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network 

Guest: Allison Miller, Faculty at IANS [@IANS_Security] and CISO (Chief Information Security Officer) and VP of Trust at Reddit [@Reddit]On LinkedIn | https://www.linkedin.com/in/allisonmillerOn Twitter | https://twitter.com/selenakyle____________________________Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsIsland.io | https://itspm.ag/island-io-6b5ffd____________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, as part of our Chats on the Road series to Black Hat USA 2023 in Las Vegas hosts Sean Martin and Marco Ciappelli chat with Allison Miller to discuss the parallels and differences between the fraud and cybersecurity teams, focusing particularly on how each measures success and handles challenges. Sean highlights the fraud team's clear metric of money, starting and ending their processes with it, and contrasts it to the security team's reliance on metrics like MTTx (Mean Time to Detect, Respond, etc.). He's curious about how the fraud team optimizes their processes and wonders if there are lessons that security teams can glean from them.Allison appreciates the methodologies of fraud teams, especially their use of sampling to understand the magnitude of problems. She explains how fraud teams utilize backend data, machine learning, AI, and statistics to discern risk factors. Then, they test these models on forward-looking data, a methodology akin to red teaming in cybersecurity. She emphasizes the importance of continuous testing to ensure confidence in their detection capabilities. A point of difference she highlights is that fraud models have a high degree of confidence due to rigorous testing, while in cybersecurity, a lot of trust is placed on tool outputs without similar rigorous testing.Marco emphasized the importance of building trust among teams. He stated that without trust, metrics could be misleading, and the overall effectiveness of processes might decline. He urged teams to ensure that they not only trust the data but also their colleagues, suggesting that this trust fosters better communication, understanding, and ultimately, results.Sean expresses his wish for the cybersecurity world to be more integrated into applications, like the fraud teams are. Allison notes that fraud teams naturally fit into transaction processes because that's where money moves. For cybersecurity, the most natural integration point would be during authentication, but it's a risky move since blocking legitimate users would significantly impair their experience. Despite the challenges, Allison sees potential in fusion between fraud and security, especially in areas like API abuse. Both teams could benefit immensely from mutual collaboration in such areas.Allison concludes that while direct involvement of security teams within applications may be a stretch, collaboration with fraud teams can still provide valuable insights. For example, in the realm of retail and payment, insights into API abuse can be a significant area for cooperative efforts between the two teams.Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa____ResourcesFor more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:👉 https://itspm.ag/bhusa23tspWant to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:👉 https://itspm.ag/bhusa23bndlTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Alex Babar. Alex introduces listeners to Brinqa, a platform that centralizes vulnerability and security findings across various domains, such as infrastructure and cloud security, emphasizing the relevance of application security.The conversation includes Sean's insights about the challenges of differentiating application systems from the past and the complexities of the modern cloud and API-driven environments. Sean emphasizes the importance of understanding the dynamics of application risk management, bringing up the distinction between security posture and application security posture management (ASPM).As the discussion progresses, Alex highlights the increasing visibility of the term 'ASPM' within the security domain. Drawing from his experience at Black Hat, he underscores the saturation of detection tools and the challenge of streamlining vast amounts of data from different sources. Alex notes the prominence of terms like 'application security posture', suggesting a clear industry trend. He elucidates the role of ASPM, which not only centralizes data but also correlates it with business contexts, thereby aiding in risk prioritization.The podcast takes a deeper dive as Sean probes the challenges that security professionals might face in integrating this new space into their existing frameworks and programs. Alex offers valuable advice, urging organizations to self-reflect on their risk reduction strategies and to maintain a healthy balance between detecting and fixing vulnerabilities.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Alex Babar, VP, Solutions at Brinqa [@brinqa]On LinkedIn | https://www.linkedin.com/in/alexbabar/On Twitter | https://x.com/alxbbrResourcesLearn more about Brinqa and their offering: https://itspm.ag/brinqa-pmdpHear more stories from Brinqa: www.itspmagazine.com/directory/brinqaFor more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story