DrZeroTrust

In this conversation, I discuss the evolving landscape of cybersecurity, particularly the impact of #ai on #cyberattacks. I highlight a recent AI-driven #cybersecurity campaign, its implications for businesses, and the importance of robust cybersecurity measures. The discussion also covers vendor security in the financial sector, lessons learned from a ransomware attack in Nevada, government cybersecurity strategies, and the recent Cloudflare outage. The conversation concludes with insights into new threat intelligence tools and the need for continuous vigilance in cybersecurity practices.TakeawaysAI models have become genuinely helpful for cybersecurity operations.The first documented case of a large-scale cyber attack executed with minimal human intervention has emerged.Businesses must take cybersecurity seriously as threats become more commoditized.Phishing training alone is insufficient as a cybersecurity control.Lateral movement and privilege escalation are critical cybersecurity vulnerabilities.Government strategies need to focus on shaping adversary behavior and public-private partnerships.The recent Cloudflare outage highlights systemic issues in internet infrastructure.New threat intelligence tools are emerging to help organizations stay secure.Cybersecurity is a shared responsibility that requires vigilance from all stakeholders.The landscape of cyber threats is evolving rapidly, necessitating continuous adaptation.

I sat down with Karim Toubba, CEO of LastPass, to discuss the challenges and triumphs of navigating cybersecurity in today's digital landscape, especially the issues we face when we have been breached. This is a masterclass in how to handle #cybersecurity crisis!In this episode, Karim shares insights into LastPass's response to significant security breaches, the importance of authentic #leadership, and the evolving role of password management in a networkless world. Tune in for a candid conversation about resilience, change, and the future of cybersecurity.Takeaways: Leadership in Crisis: Karim Toubba emphasizes the importance of authentic leadership and taking responsibility, even when new to a role, as a key factor in navigating crises effectively.Security as a Priority: LastPass has made significant investments in security infrastructure and culture, highlighting the necessity of a sustained commitment to cybersecurity at all organizational levels.Cultural Shift: The implementation of security measures like Yubikeys and the focus on changing employee mindsets underscore the need for a cultural shift in cybersecurity practices.Challenges of Attribution: The difficulty in attributing cyberattacks to specific actors is discussed, with an acknowledgment of the sophisticated nature of the threats faced.Evolving Cyber Landscape: The conversation touches on the evolving nature of cybersecurity threats and the need for continuous adaptation and investment to stay ahead.Product Innovation: LastPass's expansion beyond password management to include products like SAS Monitor and SAS Protect demonstrates their commitment to addressing broader security challenges.User-Centric Security: The importance of making security measures user-friendly and front-and-center is highlighted as a critical factor in improving overall cybersecurity.

🚨 Identity is one of the many links in the #cybersecurity kill chain. If you think your perimeter is going to save you, you’re already compromised.In this episode, I sit down with Tim Prendergast to rip apart the myths of identity management in 2025. We’re talking:🔹 Why re-engineering identity security isn’t optional—it’s survival.🔹 How Zero Trust changes the way we think about foundational #security .🔹 The balancing act: usability vs. airtight controls.🔹 Why privileged access is the real battleground in every org today.The hard truth? Every business on the planet is facing the same identity chaos. Zero Trust isn’t some buzzword—it’s the operating system for the modern enterprise.👊 No sales pitches. No hand-waving. Let's get real about how to build security that actually works.

In this episode, I sit down with Ofer Klein to dig into the messy truth about #ai governance, “shadow AI,” and why most CISOs are already behind the curve. We’re talking about the reality that AI isn’t just a shiny new tool — it’s a #cybersecurity #threat vector, a compliance nightmare, and the next accelerant for both attackers and defenders.If your organization thinks it can “wait and see,” you’ve already lost. Visibility, governance, and proactive strategy aren’t optional anymore — they’re survival.Tune in and find out why AI will either accelerate your business or dismantle it — and why your security leadership better decide which side of that equation they’re on.

In this episode of The Dr. ZeroTrust Show, I sit down with Geoff Halstead, co-founder and Chief Product Officer of Faction Networks, to delve into the realities of Zero Trust Networking.We break down:Why legacy and #iot devices remain a massive #risk surfaceHow hardware plays a decisive role in #cybersecurity strategy.The investment challenges are holding back true innovation.Why accountability and continuous monitoring are non-negotiable for building a secure digital future.If you’re serious about securing infrastructure against modern threats, this is a conversation you don’t want to miss.

In this episode, Mike Elkins maps a whole‑of‑business blueprint for digital safety that actually reduces risk you can measure. We break down what “holistic” really means in practice: identity as the control plane, data‑centric design, continuous verification, least privilege, segmentation that shrinks blast radius, and automation that removes human bottlenecks. From cloud and SaaS to OT/IoT and third‑party risk, Chase shows how to connect policy, architecture, and operations so security becomes a repeatable system—not a pile of tools.TakeawaysWhy piecemeal controls create “debt‑in‑depth”How to center Zero Trust on identities, not networksPragmatic micro‑segmentation and just‑in‑time accessA simple metric stack for the board (exposure, blast radius, dwell time)How to align GRC with day‑to‑day enforcementNo FUD. No silver bullets. Just the playbook to make “holistic” real.

In this hard-hitting episode of The DrZeroTrust Show, we peel back the layers of FEMA’s #vulnerabilities—not in hurricanes or wildfires, but in its #digital backbone and #leadership. From fragile #cybersecurity defenses to internal dysfunction, these issues strike at the core of FEMA’s ability to deliver when America needs it most. I’ll break down how systemic missteps and weak strategies threaten resilience, and what must change if our nation is to withstand the crises of tomorrow.This isn’t just about disaster relief—it’s about national security, accountability, and the future of government response in the cyber age. Tune in to get the unfiltered truth.

Cyber meets Congress—no spin, no buzzwords. In this episode of The Dr. ZeroTrust Show, we break down what it's like to work with the folks on Capitol Hill from a Tech CEO's perspective. In this episode, you will hear about how leaders should approach collaborating with lawmakers, and perhaps even learn a thing or two about what it means to lead from the front as a CEO.If this helped, like, subscribe, and drop your questions in the comments—what should we tackle next?#cybersecurity #capitolhill #congress #zerotrust #policy #nationalsecurity #cisa #NIST #CIRCIA #SBOM #AIpolicy #electionsecurity #criticalinfrastructure

Cybersecurity conferences: equal parts chaos, collaboration, and caffeine. ☕💻 Behind the buzzwords and vendor swag, real innovation happens. We’ll break down how these gatherings shape the industry, spark partnerships, and prep us for the next wave of #threats. Tune in for no-BS insights on making the most of these events.

We pull no punches on the escalating #cyberwarfare threat from state-sponsored actors, with China leading the charge. From alarming penetration test results to underfunded state laws like Ohio’s latest effort, this episode dissects why America’s response is dangerously inadequate. This isn’t just another #cybersecurity scare—it’s a call for a complete strategic overhaul to safeguard national #security before it’s too late.TakeawaysChina is currently leading in cyber warfare against the U.S.The threat landscape is rapidly evolving, with increasing vulnerabilities.Broken access control remains the most common vulnerability in systems.Cybersecurity spending is slowing down, which is concerning for national security.Ohio's new cybersecurity law lacks funding and practical enforcement measures.Leadership in cybersecurity is crucial for effective defense strategies.Many organizations are still using outdated technology and practices.The need for comprehensive training and resources in cybersecurity is critical.Legislative measures must be backed by funding to be effective.The conversation highlights the urgency for a new approach to cybersecurity.