The ITSPmagazine Podcast

At RSAC Conference 2026, Anthony Cusimano, Chief Evangelist and Director of Solutions Marketing at Object First, joins Sean Martin on the show floor to break down what separates truly immutable storage from the checkbox version. The answer comes down to zero access: no command line interface, no root access, no administrative back doors at any layer -- for customers or for Object First itself. Object First appliances are purpose-built for Veeam and ship with S3 protocol storage in automatic compliance mode, versioning, and object lock. Once data is written and a retention period is set, nothing -- no admin, no attacker, not even the vendor -- can touch it. Cusimano describes the architecture as a storage utility, not an administration platform: Veeam handles all backup policy and configuration; Object First handles one thing only, ensuring the data cannot be erased. The statistics behind the design are sobering. According to Cusimano, 96 percent of ransomware attacks specifically target backup data -- a figure validated across four independent industry surveys. Organizations that rely on encryption alone, without immutable storage, are leaving a critical gap that attackers have learned to exploit. Many do not discover that gap until recovery is already underway. Cusimano also makes the case for recovery testing as a security priority in its own right. He recommends full tabletop exercises that assume worst-case conditions: every admin credential compromised, active directory gone. Teams that run through this process discover gaps in their architecture that no amount of vendor documentation will surface. His practical tip -- collect coworkers' cell phone numbers before an incident -- reflects just how complete the communications blackout can be when directory services fail. Two capabilities from Object First round out the conversation. Fleet Manager, launching May 6th, gives managed service providers and large enterprises a single SaaS dashboard to manage all Object First instances with unified telemetry and honeypot visibility -- with no backup data leaving the appliance. And the honeypot feature, included on every device at no cost, simulates a Veeam backup and replication server as a decoy. When agentic AI-driven attacks probe the environment, they interact with the honeypot exactly as they would a real target, triggering alerts that can surface threats days or weeks before a full attack develops. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Anthony Cusimano, Chief Evangelist & Director of Solutions Marketing, Object First LinkedIn: https://www.linkedin.com/in/anthonycusimano89/ RESOURCES Object First website: https://objectfirst.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Anthony Cusimano, Object First, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, ransomware, immutable storage, backup security, Veeam, data protection, RSAC Conference 2026, cyber resilience, absolute immutability, ransomware recovery, Fleet Manager, honeypot detection, managed service providers, zero trust storage Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, the noise is relentless. Vendor booths, AI pitches, and breathless marketing compete for attention at every turn. Michael Parisi, Chief Growth Officer at Steel Patriot Partners, joins Sean Martin and Marco Ciappelli on the ground in San Francisco to name what too few are willing to say out loud: most of the conversation happening on the show floor does not reflect the conversations that actually matter. The real exchanges, Parisi says, are happening backstage -- in the hallways, over coffee, between practitioners who trust each other enough to ask: does this vendor actually do what they say? That shift back to peer-driven trust is not a trend. It is a correction. Security leaders are exhausted and fragile, operating under intense pressure, and they are returning to the relationships they know rather than the research tools and AI-generated answers they do not trust. Steel Patriot Partners was built around exactly that dynamic. Their operating principle -- business owners first, engineers second, compliance and security people third -- runs counter to how most consulting firms approach an engagement. Rather than leading with frameworks or certifications, the team starts by asking what outcome the client is actually trying to achieve. Parisi is candid about how often that conversation leads them to steer a client away from the path they came in convinced they needed. That willingness to say no -- and mean it -- is what sets a trusted advisor apart from a vendor. The outcome-first philosophy shapes every engagement. As founder Jason Ford says, 80% of what Steel Patriot Partners does is a therapy session. Organizations coming in with complex compliance challenges -- FedRAMP, CMMC, HITRUST, DoD IL -- need more than a checklist. They need a partner who has lived those journeys themselves, made the mistakes, and can speak honestly about what is worth pursuing and what is not. Parisi's advice to anyone evaluating a consulting partner is pointed: ask the question up and down the team, not just of the founder. The firms that have genuinely lived what they sell -- and can talk about the failures as clearly as the successes -- are the ones worth trusting when the stakes are high. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Michael Parisi, Chief Growth Officer, Steel Patriot Partners LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/ RESOURCES Steel Patriot Partners: https://www.steelpatriotpartners.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Michael Parisi, Steel Patriot Partners, Sean Martin, brand spotlight, brand story, brand marketing, marketing podcast, cybersecurity consulting, compliance advisory, FedRAMP, CMMC, HITRUST, DoD IL, trusted advisor, outcome-based consulting, vendor trust, cybersecurity noise, RSAC Conference 2026, security leadership, GRC, business risk, human in the loop Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Dr. Chris Pierson, Founder and CEO of BlackCloak, sat down with Sean Martin and Marco Ciappelli for a conversation that has become something of an annual tradition. What started in 2018 as a category BlackCloak largely invented -- digital executive protection -- has become one of the most pressing concerns in enterprise security. Adversaries have figured out that the easiest path into a company often runs straight through the personal lives of its leaders: the About Us page, the board listing, the family members visible on social media. BlackCloak was built to close that gap. BlackCloak announced at RSAC Conference 2026 the launch of its new travel advisory platform -- a tool designed to give executives and their families actionable, real-time intelligence when traveling domestically or internationally. Pierson explained that CISOs and CSOs are increasingly being asked questions that go well beyond network security: what are the crime trends in this city, what embassy contacts are needed, which areas should be avoided? The platform distills complex, fast-moving threat intelligence into concise briefings -- four or five pages, mobile-accessible, and built for the executive and the family members traveling alongside them. On the privacy side, BlackCloak introduced Search Suppression -- a new feature that goes further than data broker removal alone. Even after information is scrubbed from the major data broker sites, traces of personally identifiable information can persist across the open internet. Search Suppression identifies those instances and requests their removal from search engine results, shrinking the digital footprint that attackers use to build targeted OSINT profiles. And because the threat surface shifts as executives' children age and begin generating their own data trails, the platform monitors continuously -- not just at a single point in time. Pierson also addressed the deepfake threat head-on. BlackCloak re-released its Impersonation Protection feature with deeper capabilities specifically designed for this problem. Plugin-based detection tools for Teams or Zoom leave the most common attack vectors -- phone calls, text messages, WhatsApp, Signal -- completely unaddressed. Impersonation Protection allows members to push a quick identity-verification request through the BlackCloak app to anyone in their trusted circle, regardless of how the original communication arrived. If verification fails, alarm notifications fire to both the CISO and the BlackCloak team. In a world where high-quality deepfake audio and video can be synthesized from publicly available earnings call recordings and media appearances, slowing down to verify through a trusted channel is one of the most reliable defenses available. The conversation closed on the concept of trust -- a word Pierson returned to repeatedly. It is, he said, the reason people choose BlackCloak. The relationships the company builds with CISOs, CSOs, and the executives and families they protect require trust that is built carefully and maintained continuously. As BlackCloak scales, preserving that culture is something Pierson thinks about deeply. For a company whose entire business is built on protecting people in their most personal digital spaces, trust is not just a value. It is the product. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Dr. Chris Pierson, Founder and CEO, BlackCloakhttps://www.linkedin.com/in/drchristopherpierson/ RESOURCES BlackCloak official website: https://blackcloak.io BlackCloak Digital Executive Protection Platform: https://blackcloak.io/product/ Request a BlackCloak demo: https://blackcloak.io/executives/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Dr. Chris Pierson, BlackCloak, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand spotlight, digital executive protection, executive cybersecurity, personal cybersecurity, deepfake defense, impersonation protection, travel advisory security, search suppression, data broker removal, OSINT, executive privacy, RSAC Conference 2026, RSAC 2026, cybersecurity, privacy Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode from RSA Conference 2026, Marco Ciappelli sits down with Ben Halpert, founder of the non-profit organization Savvy Cyber Kids, to discuss the critical intersection of child development and technology. Since its founding in 2007, Savvy Cyber Kids has been on a mission to provide parents and educators with the tools needed to guide children through the digital world. Ben explains why introducing technology too early can be detrimental to a child’s emotional preparedness and brain development, and why adult-led guidance is essential even when kids seem like "tech experts". In this conversation, we explore: The Evolution of Threats: Moving from MySpace and CRT monitors to 24/7 access via mobile devices. Early Intervention: Why the "rhyme and picture book" approach works for children as young as three to teach concepts like online aliases and stranger safety. Safe AI for Kids: Introducing a new partnership with Chaperone, a platform featuring "homework mode" and parental controls to ensure AI is a tool for learning, not a shortcut for thinking. Going Global: How the organization has expanded internationally with materials translated into Spanish, German, French, and Hebrew. About Our Guest Ben Halpert is a cybersecurity veteran with over 25 years of experience and the founder of Savvy Cyber Kids. He is dedicated to helping parents navigate the "wild" of the internet with positive, developmentally appropriate programming.   Resources Savvy Cyber Kids Website: savvycyberkids.org More RSAC 2026 Coverage: itspmagazine.com/rsac Marco's Website: Marcociappelli.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Marco Ciappelli sits down with Hoala Greevy, founder of Paubox, to discuss a mission-driven initiative aimed at changing the face of the technology industry.  What started as a celebratory giveaway of spam musubi for Paubox customers has evolved into the Paubox Kahikina Scholarship, a recurring $1,000 annual grant for Native Hawaiian students pursuing careers in STEM and technology.   Key Highlights: • The Mission: To encourage Native Hawaiians—who are significantly underrepresented in tech and medical fields—to pursue and stay in STEM careers.  • The Impact: Since 2019, the scholarship has grown from a single recipient to 62, providing both financial aid and direct access to a professional network.  • Beyond the Money: Recipients share their college journeys through annual blog posts or vlogs, creating a community of future leaders.  • New Milestones: Hoala discusses the scholarship's recent 501(c)(3) nonprofit status, opening the doors for corporate partnerships and expanded funding.   How to Support or Apply: If you are a Native Hawaiian student pursuing STEM, or if you are interested in donating to the fund, visit the link below: •  Website: https://www.paubox.com/kahikina-stem-scholarship   • Application Deadline: May 31st.   Marco's Website: https://www.marcociappelli.com  ITSPmagazine: https://www.ITSPmagazine.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Marco Ciappelli sits down with cybersecurity evangelist and thought leader Theresa Lanowitz at the end of day one on the expo floor for a conversation that cuts through the noise — from shadow AI and leadership accountability, to brand identity, to why most companies here can't articulate a message above the fray. Plus: a Peloton story that accidentally became the best explanation of brand loyalty you'll hear all week.  Chapters: - Judge Sentences CEO to 8 Hours on the RSAC Floor  - End of Day One: Setting the Scene  - Who Is Theresa Lanowitz  - The Binary View of AI: Love It, Fear It, or Find the Gray  - Leadership's Role in the AI Transformation - Shadow AI: The Insider Threat Nobody Is Naming  - Why Some Companies Still Say No to AI  - Fighting With Your LLM (We All Do It)  - AI Slop and the Brand Differentiation Problem - The Peloton Story: What Real Brand Loyalty Looks Like  - RSAC 2026: Everyone Sounds the Same  - Where Is Agentic AI Actually Going - Integration, Orchestration, ROI: The Real Questions  - Make AI Your Own  What's actually covered: → Why agentic AI is dominating RSAC 2026 — and why it all sounds the same → Shadow AI: the insider threat nobody is calling an insider threat → What strong brand presence actually looks like (hint: it's not a circus tent) → Why fear — not budget — is the real reason companies still say no to AI → Integration, orchestration, ROI: what comes after the hype → The one message that matters: make AI your own 🔗 More from RSA Conference 2026: itspmagazine.com/rsac   Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is the RSA Conference floor a visionary glimpse into the future, or just an "AI blender" where every vendor tastes the same? Join hosts Marco Ciappelli and Sean Martin as they sit down with industry heavyweights Theresa Lanowitz and Joe Carson to dissect the real sentiment of RSAC 2026. Key Discussion Points: The AI Agent Explosion: Everyone says they can secure your agents, but is there any actual differentiation? Keynote Insights: A breakdown of George Kurtz’s CrowdStrike keynote on "Full Throttle" AI vs. total fear. The "Mushroom" Metaphor: Why AI is like a power-up in Super Mario Kart—it makes you go faster, but it doesn't make you a better driver. The Marketing Disconnect: Why vendor messaging is failing to map to the actual "to-do lists" of modern CISOs. Niche Power: Why the most innovative solutions are often found on the perimeter of the expo floor.   Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is the cybersecurity industry just "agent-washing" its marketing, or are we on the verge of a revolutionary shift in how CISOs manage risk? Join Madelein van der Hout (Senior Analyst at Forrester), Marco Ciappelli, and Sean Martin as they record live from the RSA Conference to cut through the GenAI noise.     Key Discussion Points:   The CISO Challenge: Why security leaders are struggling to define their roles for the next five years.       Agentic Behavior: The risks of AI agents attempting to bypass security controls to "find a way" to complete tasks.       AI vs. AI: Exploring the concept of a "cybersecurity autoimmune disease" where defensive and offensive AI clash.       Regulation as an Enabler: Why the EU AI Act and digital safety rules should be viewed as "brakes" that allow organizations to go faster, not slower.       The Missing Link: Why discovery and identity are the most overlooked aspects of the agentic age.     Chapters: 0:00 - Live from RSA Conference San Francisco 1:03 - The impossible task of the modern CISO 2:26 - Why there were no "puppies" at RSAC this year 4:14 - Cutting through the GenAI marketing noise 5:51 - Upskilling vs. reskilling for an AI workforce 7:50 - The need for "Discovery" in AI agents 11:39 - Budgeting: Securing AI within the AI budget 13:24 - Stop treating AI like it's "mysterious" software 15:42 - Regulation: The EU AI Act and "Brakes" for innovation 18:19 - AI Horror Stories: Agents gone rogue? 23:00 - The Cybersecurity Autoimmune Disease theory Suggested Tags Broad Tags: Cybersecurity, InfoSec, Artificial Intelligence, GenAI, AI Agents, RSA Conference, RSAC 2026. Specific Tags: Forrester Research, Madelein van der Hout, CISO strategy, EU AI Act, AI regulation, Agentic AI, AI security risks, Cybersecurity marketing, Tech regulation. Next Step: Would you like me to generate a high-impact thumbnail concept or a few community post blurbs to promote the video once it's live? Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Healthcare's AI ambition and its data infrastructure are moving at different speeds. In this edition of Lens Four, Sean Martin examines what happens when those speeds collide — and who is accountable when the sequence is wrong. 🔍 In this episode: 82% of health systems have limited or no AI governance in place, while deployments proceed — Digital Medicine Society 58% of frontline clinical staff are using unsanctioned AI tools — not out of recklessness, but because approved alternatives don't exist — Wolters Kluwer The vendor trust gap: trusted vendors are shipping AI capabilities into integrated products after contracts are signed, after integrations are built, after due diligence has closed — and most health systems have no mechanism to detect it Jason Kor of HITRUST on what procurement processes aren't built to catch — recorded for the Redefining CyberSecurity Podcast The Stryker attack: a nation-state operation that disrupted hospitals through their supplier — not their own systems Ryan Patrick of HITRUST on why availability of services now sits in the same risk tier as confidentiality of data Who actually owns the patient's data — the provider, the insurer, the vendor, the device manufacturer, the government program, or the patient? TEFCA — the Trusted Exchange Framework and Common Agreement — moves data nationally across eleven Qualified Health Information Networks. It does not move the ownership rights with it The CMS agenda: $1.7 trillion, 160 million Americans, and a policy clock that does not wait for the identity infrastructure to catch up The vocabulary of transformation — what "pilot to production" and "scale" are selecting for, and what they are leaving out Zero Trust reframed as the infrastructure condition that makes trustworthy AI deployment possible — not just a ransomware defense Fourth Lens: Healthcare's AI ambition and its data infrastructure are moving at different speeds — and the patient is where those speeds collide. The program layer is making sequence choices. The market layer is accelerating pressure. The messaging layer is optimizing for ambition. None of it is an argument against innovation. All of it is an argument for discipline — A-to-Z, every dependency, ambiguity, and fragility along the way. 🎙️ Podcast conversations referenced in this article: Jason Kor, HITRUST — Brand Spotlight Ryan Patrick, HITRUST — HIMSS Recap 🔗 Full article and references: seanmartin.com/lens-four 🌐 HIMSS26 coverage: itspmagazine.com Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com. Subscribe to Lens Four — Where business, innovation, and messaging come into focus. 🎯 Keywords: healthcare AI governance, order of operations AI, data foundation healthcare, vendor trust gap, patient data ownership, TEFCA, health information exchange, QHINs, Shadow AI healthcare, third-party risk management, supply chain resilience healthcare, Zero Trust healthcare, CMS interoperability framework, CIA triad healthcare, data integrity AI, identity management healthcare, HITRUST, Jason Kor, Ryan Patrick, Wolters Kluwer, Digital Medicine Society, DiMe, Google for Health, Jon McNeill, John Halamka, Mayo Clinic Platform, Sumbul Ahmad Desai, Apple Health, Daymond John, Dr. Mehmet Oz, Amy Gleason, Kim Brandt, DOGE healthcare, Stryker cyberattack, nation-state healthcare attack, HIMSS26, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, ITSPmagazine Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Show Notes For ten years, Ed Skoudis has curated one of the most anticipated sessions at RSAC Conference: SANS' "Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders." The session has always been a hit -- standing room only on the main stage -- but this year, Ed says something has changed. Not one or two topics with an AI component. All five. Ed is deliberate about how the session comes together. He starts with people, not topics. He builds the panel around SANS instructors who bring front-line insight, and he starts the process six months out. This year's panel features returning panelist Heather Mahalik, Rob Teeley back for his second year, Joshua Wright in his second year -- this time carrying two topics and eight minutes instead of six -- and, making his first appearance on this stage, Robert M. Lee of Dragos, one of the world's foremost voices on ICS and OT security. The addition of "Crucial Tips for Defenders" to the title this year was intentional. Ed pushed every panelist to move beyond naming threats and toward prescribing action -- practical, implementable steps that a CISO can hand down and a practitioner can execute the next morning. For topics where prevention is impossible, the mandate shifted to detection and response. SANS publishes session notes to their website within minutes of the talk ending. The backdrop this year is a warning Ed calls unlike anything in his 30 years of attending RSA and DEF CON. At a recent AI cybersecurity conference in San Francisco, presenters from Google and Anthropic outlined what Google termed the "vuln apocalypse" -- an imminent surge in AI-discovered zero-day vulnerabilities at a scale and pace that patching pipelines are not designed to handle. Ed's own team at Counter Hack has already experienced this firsthand: a frontier AI model identified a critical zero-day in a widely used open source project in a matter of hours. The Anthropic presenter's claim was blunt: within months, AI will surpass all human vulnerability researchers combined. All of this lands at the center of what the RSAC session is designed to address -- not as a theoretical exercise, but as a set of actions defenders can take right now. The session runs Tuesday, March 24th at 3:55 PM on the main stage, with an interactive follow-on session Wednesday morning where attendees can go deeper with individual panelists. For anyone who wants to understand where the threat landscape is actually heading and what to do about it, Ed says this is the year you cannot afford to miss it. Guest Ed Skoudis, President, SANS Technology Institute; Founder & CEO, Counter Hack | On LinkedIn: https://www.linkedin.com/in/edskoudis Host Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ Resources SANS Institute | https://www.sans.org RSA Conference 2026 is taking place April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Keywords ed skoudis, sean martin, sans institute, sans technology institute, counter hack, rsac 2026, rsa conference, five most dangerous attack techniques, ai in cybersecurity, vulnerability research, zero-day vulnerabilities, patch management, penetration testing, defender tips, ics security, ai-powered attacks, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.