Redefining CyberSecurity

In this Their Story podcast episode, Pam Murphy, CEO of Imperva, talks to Sean Martin about the challenges facing businesses in terms of cybersecurity.Murphy explains that data is the most valuable asset of any company and that protecting data is a vital aspect of cybersecurity. Murphy discusses the growing importance of APIs in the current environment, and how securing APIs is a challenge for CISOs, with many Shadow APIs being used. Murphy also notes that the regulatory aspect of security is increasing, with more rules and regulations emerging around the world.Businesses face reputational risk and can suffer major operational disruption as a result of a breach, making security more important than ever. Murphy explains how Imperva helps customers protect their data, applications, and APIs from cyberattacks, and  discusses the need for security vendors as trusted partners to focus on time to value and total cost of ownership, especially given the growing skills shortage in the security sector.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Pam Murphy, CEO at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/pam-murphy-a5297915/On Twitter | https://twitter.com/PamMurphyInTechResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Their Story podcast, Sean Martin talks with Matthew Vinton and Sergey Medved from Quest about the challenges associated with Active Directory (AD) and the importance of these systems in a company's overall security methodology and posture.Active Directory remains an integral part of an organization’s IT infrastructure as it is the pillar of identity that most organizations use to enable their workforce, partners, and business processes. The trio discusses how Quest helps companies manage their AD environment across a variety of functional areas like assessing the environment, detecting changes, putting in preventive controls, and guiding response and recovery.They also cover the growing challenges security leaders face concerning AD and the gap between the people in the trenches and business leaders who may not understand the inherent importance of AD. Exacerbating this reality is the ongoing security talent shortage, where few new entries into the field learn the technology as it is not as forward-looking when compared to Azure.About the Cybersecurity risk management for Active Directory from QuestMicrosoft Active Directory (AD) is under attack. That’s why cybersecurity risk management is so important. With 95 million attempted AD attacks every day, it should be no surprise to hear AD was the target of another cybercrime. But these concerns aren’t contained to on-prem AD; in 2021 alone, there were more than 25 billion Azure AD attacks. It’s clear cybersecurity risk management needs to be a consideration, and even if the issues you’ve encountered aren’t intentional or nefarious, you still need to be prepared for the worst.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests:Matthew Vinton, Strategic Systems Consultant at Quest [@Quest]On Linkedin | https://www.linkedin.com/in/matthew-vinton/On Twitter | https://twitter.com/Mister_momentumSergey Medved, VP, Product Management and Marketing at Quest [@Quest]On Linkedin | https://www.linkedin.com/in/sergeym/ResourcesLearn more about Quest: https://itspm.ag/quest-adp23Learn more about the Quest Cybersecurity for Active Directory Solution: https://itspm.ag/quest-pp49For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this podcast, Mathieu Gorge, CEO and founder of VigiTrust, talks with Sean Martin about GRC (Governance, Risk, and Compliance) software. Gorge's award-winning VigiOne tool enables clients to prepare for, validate, and manage continuous compliance with more than 100 security frameworks worldwide.Gorge also discusses the idea that security is a journey, not a destination, and how risk surfaces change continually. He recommends choosing a GRC platform that allows different stakeholders to view risk from different perspectives. Gorge also discusses his Five Pillars of Security framework, which focuses on physical security, people's security, data security, infrastructure security, and crisis management. Gorge also talks about the VigiTrust Global Advisory Board, a think-tank that brings together people from all over the world to discuss topics such as geopolitical risk, critical infrastructure protection, and diversity and inclusion in cybersecurity.The risk conversation has become a hot topic. Listen in to this episode to think differently about how you approach, analyze, and address the risk your organization faces.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Mathieu Gorge, CEO at VigiTrust [@VigiTrust] - Chairman of the VigiTrust Global Advisory BoardOn Linkedin | https://www.linkedin.com/in/mgorge/On Twitter | https://twitter.com/MatGorgeResourcesLearn more about VigiTrust and their offering: https://itspm.ag/vigitrust04e618More about Mathieu Gorge: https://mathieugorge.com/Book | The Cyber Elephant in the Boardroom: Cyber-Accountability with the Five Pillars of Security Framework: https://mathieugorge.com/book/For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guests: Leah McLean, Vice President - Cybersecurity Specialist, Mastercard Data & Services [@Mastercard]On LinkedIn | https://www.linkedin.com/in/leahrmclean/On Twitter | https://twitter.com/lmcleanDiana Kelley, Chief Security Officer / Chief Strategy Officer, CybrizeOn LinkedIn | https://www.linkedin.com/in/dianakelleysecuritycurve/At RSAC | https://www.rsaconference.com/experts/diana-kelleyDavi Ottenheimer, VP Trust and Digital Ethics, Inrupt [@inrupt]At RSAC | https://www.rsaconference.com/experts/Davi%20Ottenheimer____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this panel, we will explore the potential impact artificial intelligence  technologies can have on the role of the security analyst and security operations. How can these technologies be used for:Education, training, skill development, and practice?Better protection, detection, response, and recovery?Program definition, planning, management, and measurement to create better results?Connect security operations to the business to drive better business outcomes?Given some of the controversy surrounding generative AI (ChatGPT), we will also explore the potential harms coming from the use of these technologies.____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsBe sure to share and subscribe!

In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this engaging conversation, industry experts discuss the value of mainframes, the importance of cybersecurity, and how businesses can benefit from implementing mainframe technology in a secure manner. Join Sean Martin, Phil Buckellew, and Cynthia Overby as they explore real-world use cases, share valuable insights, and discuss innovative solutions to modernize and secure mainframe infrastructures. They also discuss the importance of not only focusing on the technical aspect of mainframes but also understanding the business operations and end-user needs.Cynthia Overby shares an experience she had with a client who believed that securing their mainframe would prevent access to their customers. She emphasizes the importance of finding a balance between security and accessibility. Automated tools and the zero-trust framework are crucial in achieving this balance.Phil Buckellew highlights the value that Cynthia's team brings to Rocket Software due to their deep and extensive experience in mainframe security. KRI and Rocket Software, together, strive to make security a part of everything they do, ensuring transparency and seamless integration. The pair also discuss the challenges and benefits of migrations to and from mainframe environments.Phil explains that the value of mainframes lies in their continuity, scalability, and high availability. These factors make them attractive to businesses that prioritize secure and reliable transaction processing. Cynthia adds that mainframes can offer better security and efficiency than other platforms, which is evident from their continued growth in the marketplace.Tune in to this insightful episode of Redefining CyberSecurity and learn how to empower your business with security and innovation in the new age of mainframes. Don't miss out – listen now! Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests:Cynthia Overby, President & Co-Founder at Key Resources, Inc. [@KeyResourcesInc ]On Linkedin | https://www.linkedin.com/in/cynthia-overby-41110a3/Phil Buckellew, President, Infrastructure Modernization BU at Rocket Software [@rocket ]On Linkedin | https://www.linkedin.com/in/phil-buckellew/On Twitter | https://twitter.com/BuckellewResourcesCatch the video and podcast version of this conversation: www.itspmagazine.com/their-stories/the-mainframe-advantage-robust-security-meets-infrastructure-modernization-a-rocket-software-and-kri-security-story-with-phil-buckellew-and-cynthia-overbyLearn more about Rocket Software and their offering: https://itspm.ag/keyresources-2876Mainframe Modernization and Cybersecurity: https://itspm.ag/kri-secs4mPodcast: The Humans In The Mainframe | Common Misunderstandings In Mainframe Security Management | A Key Resources Story With Ray OverbyPodcast: When Failure Is Not An Option, Organizations Turn To The Mainframe — Incorporating Mainframes Into Your Zero Trust Architecture | A Key Resources Story With Cynthia OverbyAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Dr. Christina Liaghati, AI Strategy Execution & Operations Manager for MITRE’s AI and Autonomy Innovation Center [@MITREcorp]On LinkedIn | https://www.linkedin.com/in/christina-liaghati/On Twitter | https://twitter.com/CLiaghatiAt RSAC | https://www.rsaconference.com/experts/dr%20christina%20liaghati____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this Chats on the Road to RSA Conference podcast episode, listeners are treated to an insightful discussion between Dr. Christina Liaghati, Sean Martin, and Marco Ciappelli about the evolving landscape of AI security, its impact on various sectors, and the proactive steps being taken to address emerging threats. Dr. Liaghati shares her unique experiences working with government sponsors and her involvement in the development of MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems), a knowledge base of adversary tactics, techniques, and case studies for machine learning (ML) systems based on real-world observations, demonstrations from ML red teams and security groups, and the state of the possible from academic research. ATLAS is modeled after the MITRE ATT&CK framework and its tactics and techniques are complementary to those in ATT&CK.The conversation highlights how the rapid adoption of AI systems, combined with the lack of understanding of the risks involved, has led to new vulnerabilities and threats that need to be addressed. Listeners are also offered a glimpse into the challenges presented by the integration of AI into various systems, the need for collaboration between the AI and cybersecurity sectors, and the importance of understanding the new threat landscape created by AI adoption. Dr. Liaghati shares real-life examples of attacks on AI systems, emphasizing the need for constant vigilance and collaboration between industry, government, and academia to tackle these challenges.The conversation also digs deeper into the potential consequences of AI deployment in high-stakes environments, such as finance and healthcare, and the importance of allocating resources to red teaming to identify vulnerabilities and secure these critical systems. By examining the current state of AI security and discussing the steps being taken to ensure its future, this episode provides an engaging and informative look at the complex interplay between AI, cybersecurity, and the systems we rely on every day.____________________________ResourcesSession | Hardening AI/ML Systems - The Next Frontier of Cybersecurity: https://www.rsaconference.com/USA/agenda/session/Hardening%20AIML%20Systems%20-%20The%20Next%20Frontier%20of%20CybersecurityLearn more about MITRE Atlas: https://atlas.mitre.org/MITRE Atlas on Slack (invitation): https://join.slack.com/t/mitreatlas/shared_invite/zt-10i6ka9xw-~dc70mXWrlbN9dfFNKyyzQLearn more about MITRE ATT&CK framework: https://attack.mitre.org/Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe!

Guest: Rohit Ghai, Chief Executive Officer of RSA Security [@RSAsecurity]On LinkedIn | https://www.linkedin.com/in/rohitghai/On Twitter | https://twitter.com/rohit_ghaiAt RSAC | https://www.rsaconference.com/experts/rohit-ghai____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this Chats on the Road to RSA Conference 2023 podcast episode, Rohit Ghai, Chief Executive Officer of RSA Security, discusses the thought process that went into his declaring the looming identity crisis in the cybersecurity industry as the topic for his keynote session. Ghai examines the prominence of identity in cybersecurity and the impact of AI on human roles in the field. Sean Martin and Marco Ciappelli appeal to Ghai to explore the complexities of managing human and machine identities, the evolution of identity professionals' roles, and the significance of aligning AI with human values and business outcomes.As AI becomes more pervasive and powerful, the conversation highlights the challenges of aligning AI with human values while grappling with the complexities of managing identities in an increasingly automated world. The conversation also focuses on the transformation of identity professionals' roles, emphasizing the need for a shift from hands-on tasks to a supervisory role where they can focus on high-value problems and decision-making.____________________________ResourcesKeynote Session | The Looming Identity Crisis: https://www.rsaconference.com/usa/agenda/session/Forging-a-New-AlloyLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac23spAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastBe sure to share and subscribe!

Guests: Justin Elze, CTO at TrustedSec [@TrustedSec]On LinkedIn | https://www.linkedin.com/in/justinelze/On Twitter | https://twitter.com/HackingLZMick Douglas, Founder and Managing Partner at InfoSec Innovations [@ISInnovations]On LinkedIn | https://linkedin.com/in/mick-douglasOn Twitter | https://twitter.com/bettersafetynet____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesIn this new Redefining Cybersecurity Podcast episode, Justin Elze, Mick Douglas, and Sean Martin delve into the importance of understanding networking concepts in the realm of cybersecurity. They discuss the misconceptions surrounding networking knowledge and how it often becomes cumbersome for people to learn. They highlight the underappreciated areas of networking that are frequently encountered in enterprise environments, such as DNS issues, virtual machines, VLANs, and more. The conversation also touches on the OSI model and the need for a structured approach to learning and adapting to various enterprise environments.The episode highlights how the shift to cloud-based solutions and remote work has made certain aspects of networking easier while also changing the landscape of network security. The discussion examines the importance of understanding and implementing effective security controls based on the organization's needs and threat surface rather than relying on outdated or ritualistic practices. The trio further explores the concept of abstraction versus understanding the intricate details of IT security policy and controls.Justin and Mick also talk about the need for a standard body of knowledge for cybersecurity professionals when it comes to networking concepts. They emphasize that while it's not necessary to be a networking expert, a deeper understanding of core concepts can significantly improve the effectiveness of network defense. By fostering a better understanding of networking within the information security community, professionals can better identify and address potential vulnerabilities and misconfigurations within their environments.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3ITSPmagazine YouTube Channel📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources ____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

In this Their Story podcast episode, Clément Jeanjean, Senior Director at SandboxAQ, joins Sean Martin and Marco Ciappelli to discuss the company's unique mission to combine quantum physics and artificial intelligence to address some of the world’s most difficult problems in three main industries: simulation, cybersecurity, and quantum sensing. Jeanjean delves into how SandboxAQ can significantly reduce the time it takes to develop new drugs, improve cybersecurity with quantum-resistant cryptography management, and create innovative sensing capabilities in healthcare and terrestrial navigation.The conversation also covers the timeline and risks associated with the arrival of quantum computers, particularly regarding the current and future states of cryptography. Jeanjean emphasizes the growing consensus that fault-tolerant quantum computers may be available within 8 to 12 years, highlighting the challenges that major organizations face in migrating to post-quantum cryptography, which can take up to 10 years for mature organizations – possibly longer for less mature organizations.Jeanjean also describes the various industries that have started moving towards quantum-resistant cryptography, such as financial services, healthcare, telecommunications, and the public sector. He explains the need for companies to gain visibility and control over their cryptographic assets and how SandboxAQ is helping them build an inventory and prepare for the migration to post-quantum cryptography.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Clément Jeanjean, Senior Director, SandboxAQ [@SandboxAQ]On Linkedin | https://www.linkedin.com/in/clementjeanjean/On Twitter | https://twitter.com/clemjohnjohnResourcesLearn more about SandboxAQ and their offering: https://itspm.ag/sandboxaq-j2enTry SandboxAQ Security Suite: https://itspm.ag/sandbob3gyRead the Security Suite Press Release: https://itspm.ag/sandboxb3e744For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story