The ITSPmagazine Podcast

Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year’s coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year’s event.Getting Ready for Black Hat 2024The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat.Introducing Jeswin Mathai and SquareXJeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product’s efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat.The Birth of SquareXSean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security.Addressing Security GapsJeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity.Innovative Security SolutionsSquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience.A Scalable and Privacy-Safe SolutionMarco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws.Real-World Use CasesTo illustrate SquareX’s capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats.Looking Ahead to Black Hat and DEF CONThe discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today’s cybersecurity challenges and solutions.ConclusionIn conclusion, the conversation with Jeswin Mathai offers a comprehensive look at how SquareX is revolutionizing browser security. Their innovative solutions address critical gaps in traditional security measures, ensuring both consumer and enterprise users are protected against sophisticated threats. Join us at Black Hat Conference 2024 to learn more and engage with the experts at SquareX.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Jeswin Mathai, Chief Architect, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/jeswinmathai/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Jason Healey, Senior Research Scholar, Cyber Conflict Studies, SIPA at Columbia University [@Columbia]On LinkedIn | https://www.linkedin.com/in/jasonhealey/At BlackHat: https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jason-healey-31682____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesOpening Remarks:Sean Martin and Marco Ciappelli set the stage with their signature banter, creating an inviting atmosphere for a deep dive into cybersecurity. Marco introduces a philosophical question about measuring success and improvement in the field, leading seamlessly into their conversation with Jason Healey.Meet the Expert:Sean introduces Jason Healey, a senior research scholar at Columbia University and a former military cybersecurity leader with extensive experience, including roles at the Pentagon and the White House. Jason shares his excitement for Black Hat 2024 and the anniversary celebrations of ITSPmagazine, expressing anticipation for the discussions ahead.The Role of Defense in Cybersecurity:Jason previews his journey from military service to academia, posing the critical question, “Is defense winning?” He provides a historical perspective, noting that cybersecurity challenges have been present for decades. Despite significant investments and efforts, attackers often seem to maintain an edge. This preview sets the stage for a deeper exploration of how to measure success in defense, which he plans to address in detail at the conference.Shifting the Balance:Jason highlights the need for a comprehensive framework to evaluate the effectiveness of defense mechanisms. He introduces the concept of metrics like “mean time to detect,” suggesting that these can help gauge progress over time. Jason plans to discuss the importance of understanding system-wide dynamics at Black Hat, emphasizing that cybersecurity is about continual improvement rather than quick fixes.Economic Costs and Broader Impacts:Sean shifts the discussion to the economic aspects of cybersecurity, a topic Jason is set to explore further at the event. Jason notes that while financial implications are substantial, other indicators, such as the frequency of states declaring emergencies due to cyber incidents, provide a broader view of the impact. He underscores the need to address disparities in cybersecurity protection, pointing out that not everyone has access to the same level of defense capabilities.Community and Collaboration:Marco and Jason discuss the importance of community involvement in improving cybersecurity. Jason stresses the value of shared metrics and continuous data analysis, calling for collective efforts to build a robust defense against evolving threats. This theme of collaboration will be a key focus in his upcoming session.Looking Forward:As they wrap up, Sean and Marco express their anticipation for Jason’s session at Black Hat 2024. They encourage the audience to join in, engage with the topics discussed, and contribute to the ongoing conversation on cybersecurity.Conclusion:Sean concludes by thanking Jason for his insights and highlighting the importance of the upcoming Black Hat sessions. He invites listeners to follow ITSPmagazine's coverage for more expert discussions and insights into the field of cybersecurity.For more insightful sessions and expert talks on cybersecurity, make sure to follow ITSPmagazine's Black Hat coverage. Stay safe and stay informed!Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________ResourcesIs Defense Winning? (Session): https://www.blackhat.com/us-24/briefings/schedule/index.html#is-defense-winning-40663Learn more about Black Hat USA  2024: https://www.blackhat.com/us-24/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP).The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification.The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats.Key Points Discussed:Behavioral Detection vs. Signature-Based Methods:Brooke emphasized the limitations of signature-based detection in addressing modern cloud security challenges. RAD Security's shift to behavioral detection ensures early identification of zero-day attacks, addressing both runtime and software supply chain vulnerabilities.Enhanced Capabilities for Real-Time Response:The platform provides automated response actions such as quarantining malicious workloads, labeling suspicious activities, and terminating threats. It leverages machine learning and large language models to classify detections accurately, aiding security operations centers (SOC) in quicker and more effective remediation.Recognition and Impact:RAD Security’s innovative approach has earned it a finalist spot in the prestigious Black Hat Startup Spotlight Competition, signifying industry acknowledgment of the need to move beyond traditional, reactive signatures to a proactive, behavioral security approach. They were also recognized during RSA Conference, one of the only startups to garner such a position.Supply Chain Security:Brooke highlighted the importance of analyzing third-party services and APIs at runtime to get a comprehensive threat picture. RAD Security’s verified runtime fingerprints ensure a defense-ready posture against supply chain attacks, exemplified by its response to the recent XZ Backdoor vulnerability.Future of Cloud Security:As security teams navigate increasingly complex cloud environments, the legacy method of relying on signatures is no longer viable. RAD Security's behavioral approach represents the future of cloud detection and response, offering a robust, resilient solution against novel and evolving threats.RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection.For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation.Learn more about RAD Security: https://itspm.ag/radsec-l33tzNote: This story contains promotional content. Learn more.Guest: Brooke Motta, CEO & Co-Founder, RAD Security [@RADSecurity_]On LinkedIn | https://www.linkedin.com/in/brookemotta/On Twitter | https://x.com/brookelynz1ResourcesA Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4biOpen Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kroLearn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-securityView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Ben Soltoff, Entrepreneur in Residence (EIR) and the Ecosystem-Builder in Residence at the Martin Trust Center for MIT Entrepreneurship [@EshipMIT]On LinkedIn | https://www.linkedin.com/in/ben-soltoff/On Twitter | https://twitter.com/bensoltoffHosts: Alejandro Juárez CrawfordOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alejandro-juarez-crawfordMiriam Plavin-MastermanOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/miriam-plavin-masterman______________________Episode IntroductionIn this episode, cohosts Alejandro Juárez Crawford and Mim Plavin-Masterman are joined by Ben Saltoff, the ecosystem builder-in-residence at the Martin Trust Center for MIT Entrepreneurship. With a focus on transforming academic technology into real-world applications, his role involves guiding students through the complexities of entrepreneurship, particularly in the context of climate technology.______________________Special Note: We have not been able to contact our producer or the students at the BRAC University Social Impact Lab who contribute vitally to this podcast. Our thoughts are with these students and everyone in Bangladesh. We respectfully ask listeners who appreciate the podcast to please make people aware of events there.______________________ResourcesBen's book on climate entrepreneurship. More info will be available here starting next week: https://climateandenergystartups.com/Martin Trust Center for MIT Entrepreneurship: https://entrepreneurship.mit.edu/______________________Episode SponsorsAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network______________________For more podcast stories from What If Instead? Podcast with Alejandro Juárez Crawford and Miriam Plavin-Masterman, visit: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alejandro-juarez-crawford and https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/miriam-plavin-masterman Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Kim Jones, Director, Intuit [@Intuit]On LinkedIn | https://www.linkedin.com/in/kimjones-cism/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin explores the importance of achieving velocity in cybersecurity operations with Kim Jones, a seasoned leader with nearly four decades of experience in intelligence, security, and risk.Jones, who has served in various roles such as Army Intel Officer, CISO, and most recently, in Performance Acceleration at Intuit, brings a wealth of knowledge to the table. Jones stresses that cultural alignment is crucial for cybersecurity teams to move faster without compromising security. He highlights the importance of leaders setting clear priorities and fostering an environment where team members feel comfortable raising conflicts and collaborating to find solutions. “A good leader is going to push the organization 5 percent beyond what it thinks it can do,” says Jones, emphasizing the necessity of pushing teams beyond their perceived limits while ensuring they work cohesively.One of the key takeaways from the discussion is Jones' analogy of velocity: “Velocity implies taking that motion in a given appropriate direction,” he explains. For Jones, mere motion is insufficient if it lacks direction. He believes that enterprises must align their resources toward a common goal to achieve true velocity, minimizing internal friction and inefficiencies along the way. Effective leadership, according to Jones, plays a pivotal role in this alignment. He argues that leaders need to create a culture where collaboration and conflict resolution are normalized practices. “Not every leader has to be charismatic, but every leader has to lead and set the tone,” Jones notes, adding that consistent and principled leadership is more impactful than charisma alone. Jones also touches on the real-world repercussions of failing to balance velocity with cultural alignment.Drawing from his extensive career, he shares that misalignment often leads to burnout and inefficiencies. He underscores the importance of leaders making time for their peers and team members, noting, “Inaction is as reckless as acting without thought.” Jones advises that prioritizing responses and maintaining open communication channels can significantly enhance team effectiveness. For organizations aiming to boost their cybersecurity operations, Jones' insights offer a valuable roadmap. By focusing on cultural alignment, setting clear priorities, and encouraging effective leadership, businesses can achieve the velocity needed to thrive. Jones' approach underscores that achieving velocity isn't about making things move faster in disarray but rather about coordinated and purposeful acceleration toward shared goals.Top Questions AddressedHow can organizations achieve velocity in their cybersecurity operations?Why is cultural alignment important for achieving velocity?What role does effective leadership play in achieving cybersecurity velocity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesInspiring Resource: https://www.linkedin.com/posts/kimjones-cism_velocity-simplified-activity-7201763704848175104-sprZ/Velocity, Simplified (Blog Post): https://www.security2cents.com/post/velocity-simplified___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: ✨ Lennart Maschmeyer, Senior Researcher at Center for Security Studies (CSS) at ETH Zurich [@CSS_ETHZurich]On LinkedIn | https://www.linkedin.com/in/lennartmaschmeyer/____________________________Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli_____________________________This Episode’s SponsorsBlackCloak 👉 https://itspm.ag/itspbcwebBugcrowd 👉 https://itspm.ag/itspbgcweb_____________________________Episode IntroductionWelcome to another thought-provoking episode of the Redefining Society Podcast! I'm Marco Ciappelli, and today, we're diving deep into the intricacies of subversion, cyber warfare, and manipulation techniques with our special guest, Lennart Maschmeyer. As a Senior Researcher at the Center for Security Studies at ETH Zurich, Lennart brings a nuanced perspective on how technology intersects with international politics and conflict.Setting the SceneThis episode begins with an introduction highlighting the excitement of being in the same time zone as Lennart Maschmeyer, an expert in subversion and cyber conflicts, joining us from Zurich. The picturesque setting of ETH Zurich serves as a backdrop for our exploration of complex topics such as cyber warfare and manipulation techniques.The Path to CybersecurityLennart shares his unconventional journey into cybersecurity and international relations. Originally a photographer with aspirations of becoming a surgeon, Lennart eventually found his passion in political science and cybersecurity. He holds a PhD in Political Science from the University of Toronto and an MPhil in International Relations from the University of Oxford. His research focuses on the subversive nature of cyber power, particularly its operational challenges and strategic limitations.Subversion and Cyber Warfare: Historical and Modern PerspectivesA key discussion in this episode revolves around the concept of subversion. Lennart emphasizes that while the mechanisms of subversion aren't entirely new, the technology involved has evolved. Subversion involves finding and exploiting vulnerabilities within systems to manipulate them. Lennart argues that this method, though theoretically powerful, faces practical challenges.Drawing comparisons between historical subversion techniques during the Cold War and modern-day cyber operations, Lennart notes that both forms of subversion rely on similar mechanisms, despite differences in technology. Whether it was Cold War-era spies infiltrating societies or modern-day hackers manipulating computer systems, the essence of subversion remains the same: exploiting vulnerabilities to achieve political goals without overt violence.Notable Cyber Operations and Their ImpactThroughout the discussion, Lennart references several notable cyber operations, such as attempts to disable power grids in Ukraine and large-scale disinformation campaigns. Despite the initial hype surrounding these operations, their practical impact often fell short of strategic goals. Operations like NotPetya spread uncontrollably, sometimes causing collateral damage, highlighting the inherent unpredictability and limitations of such cyber initiatives.The Future of Cyber Warfare and Traditional SubversionAs Lennart delves deeper into his research findings, he underscores that while cyber operations can have significant local and temporary effects, they often lack the capacity to decisively change political outcomes on a larger scale. Traditional subversion techniques, though less flashy, often prove more effective.Moving forward, Lennart suggests that we must remain vigilant against both traditional and modern subversive threats. The focus should not just be on sophisticated cyber attacks but also on more traditional forms of espionage and subversion. The orchestration of various tactics, including cyber operations, disinformation, and direct sabotage, represents the real threat—a nuanced blend of old and new.ConclusionIn closing, Lennart and I reflect on the importance of understanding the broader context in which these technologies operate. We emphasize that technology alone doesn't change the world; it's how people use it that matters. Recognizing the potential and limitations of both cyber and traditional subversion is crucial for navigating the evolving landscape of international conflict and security.This episode of the Redefining Society Podcast sheds light on the complexities of subversion in the digital age. For a detailed exploration of these themes and more, be sure to tune into the full conversation.Stay connected for more insightful discussions on how technology is shaping—and being shaped by—our society._____________________________Resources ____________________________To see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Fred Heiding, Research Fellow, HarvardOn LinkedIn | https://www.linkedin.com/in/fheiding/On Twitter | https://twitter.com/fredheidingOn Mastodon | https://mastodon.social/@fredheidingOn Instagram | https://www.instagram.com/fheiding/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this Chats on the Road episode as part of the On Location with Sean and Marco series, hosts Sean Martin and Marco Ciappelli invite listeners into an engaging dialogue with Fred Heiding, a research fellow in computer science at Harvard. The episode dives into the intricacies of national cybersecurity strategies, exploring the intersection of technology, policy, and economics in safeguarding nations against cyber threats.Fred opens up about his journey from a technical background to a more policy-focused role at Harvard’s Kennedy School, driving home the importance of a multidisciplinary approach to cybersecurity. This sets the stage for a captivating discussion on the collaborative research project he's leading, which aims to evaluate and enhance national cybersecurity strategies worldwide.Listeners are treated to an insightful narrative on how the project originated from an insightful question Fred posed at a Harvard conference, leading to a fruitful partnership with national security researcher Alex O'Neill and Lachlan Price, a pivotal figure in crafting Australia's renowned cybersecurity strategy. Together, they've been investigating the effectiveness of various national strategies, emphasizing the need for context-specific evaluations.A major highlight of the episode is the discussion on the inclusion of emerging technologies, particularly AI, in these cybersecurity policies. Fred provides an optimistic update on how even slightly older documents are proactively addressing future-proof strategies against new technological threats. This is paired with a deep dive into the concepts of resilience and the importance of creating detailed, actionable policy documents that can be evaluated for effectiveness over time.Sean and Marco steer the conversation towards the practical implications of these strategies, questioning how economic factors influence cybersecurity policy and the trade-offs between system security and usability. Fred’s insights into the economic dimensions of cybersecurity, including the balance between investment in protection and the potential costs of cyber attacks, add a valuable perspective to the discussion.The episode promises to inspire listeners with Fred’s forward-thinking approach and the practical applications of his research. As Fred previews his upcoming presentation at Black Hat, excitement builds for those interested in the detailed findings and innovative strategies he will share.Tune in to this episode for a thought-provoking exploration of national cybersecurity strategies, enriched by Fred Heiding’s expert insights and the dynamic interaction between the hosts and their guest. Whether you're a policymaker, technologist, or cybersecurity enthusiast, this conversation offers valuable takeaways and a fresh perspective on the ever-evolving cyber landscape.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Contributors to A Multilateral Framework for Evaluating National Cybersecurity Strategies (BlackHat Session): Fred Heiding  |  Research Fellow, HarvardAlex O'Neill  |  IndependetLachlan Price  |  Research Assistant, HarvardEric Rosenbach  |  Senior Lecturer in Public Policy, Harvard____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________ResourcesA Multilateral Framework for Evaluating National Cybersecurity Strategies: https://www.blackhat.com/us-24/briefings/schedule/#a-multilateral-framework-for-evaluating-national-cybersecurity-strategies-40879Learn more about Black Hat USA  2024: https://www.blackhat.com/us-24/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesVroom Vroom! The Black Hat Tradition with Sean and MarcoIt's that time of year again, and Sean Martin and Marco Ciappelli are kicking things off with their customary banter on the road to Black Hat USA 2024. This time, there's no need to "vroom vroom" their way to Las Vegas as they'll be flying there instead. But no matter how they get there, it's all about reaching the grand event that is Black Hat.A Decade of ITSP Magazine and Black HatMarco highlights a significant milestone for their publication: ITSP Magazine is celebrating its 10th anniversary, a journey that began alongside the Black Hat conference. Steve Wylie, who has also been with Black Hat since 2014, shares this sentiment of growth and reflection.What to Expect at Black Hat USA 2024Steve Wylie provides a comprehensive overview of what attendees can expect this year. As always, the event will bring the heat—literally, with Las Vegas temperatures scaling up to 108 degrees Fahrenheit. But beyond the weather, the Black Hat event itself will feature a multitude of new expansions.Key HighlightsExpanded Content Program: Black Hat is adopting a three-day format instead of its usual two, adding a day packed with additional activities and events.More Networking Opportunities: Attendees can look forward to broadening their professional circles with a variety of planned and unplanned networking events, including the Meetup Lounge and Track Chair Meet and Greets.Day Zero Program: Designed especially for newcomers, this pre-event briefing will help attendees make the most out of their experience.Innovative Summits: New summits, including an AI Summit, Innovators and Investors Summit, Industrial Controls Summit, and Cyber Insurance Summit, will target both technical and managerial audiences.Deep Dives and Panel DiscussionsSteve reveals a notable deviation from tradition: this year's keynote will be a panel discussion focused on defending democracy in an election year, featuring top cybersecurity leaders from the U.S., the EU, and the UK. This will be an essential kickoff, reflecting on the year’s heavy election schedule and the growing influence of AI.Fireside Chat with Moxie MarlinspikeAnother unique addition is a fireside chat with Moxie Marlinspike, founder of Signal, moderated by Jeff Moss. This discussion will delve into privacy concerns and the ever-important balance between privacy and security in today's technological landscape.Arsenal and the NOC: Fan Favorites ReturnSean and Steve both tip their hats to recurring features such as Arsenal, which showcases cutting-edge tools developed by the cybersecurity community, and the NOC, where attendees can witness real-time network management and protection.Wrapping UpAs Sean and Marco prepare to experience another electrifying Black Hat, they remind readers and listeners alike to subscribe to ITSP Magazine for exclusive coverage and insights. Whether you're able to attend in person or follow along remotely, Black Hat USA 2024 promises to be a crucial event for anyone in the cybersecurity field.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________ResourcesLearn more about Black Hat USA  2024: https://www.blackhat.com/us-24/The list of keynotes can be found on this page: https://www.blackhat.com/us-24/keynotes.htmlDirect links to keynotes:https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-from-the-office-of-the-ciso-smarter-faster-stronger-security-in-the-age-of-ai-42061https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-understanding-and-reducing-supply-chain-and-software-vulnerability-risks-42104https://www.blackhat.com/us-24/briefings/schedule/index.html#main-stage-let-me-tell-you-a-story-technology-and-the--vs-41962https://www.blackhat.com/us-24/briefings/schedule/index.html#solving-the-cyber-hard-problems-a-view-into-problem-solving-from-the-white-house-42239____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco’s exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco’s asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't.Why does this matter: The systems that typically track and report CVEs, don’t report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform’s exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it’s observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what’s working and what’s not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place.How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization’s security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams.Learn more about Sevco: https://itspm.ag/sevco250d8eNote: This story contains promotional content. Learn more.Guest: J.J. Guy, CEO and Co-Founder, SevcoOn LinkedIn | https://www.linkedin.com/in/jjguy/On Twitter | https://x.com/jjguy?lang=enResourcesState of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9blLearn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevcoView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ISMS.online has released its ‘State of Information Security’ report which surveyed 502 people in the UK (over 1500 globally) who work in information security across 10 sectors including technology, manufacturing, education, energy and utilities and healthcare. The main findings that it exposed are: 79% of businesses have been impacted due to an information security incident caused by a third-party vendor or supply chain partner. Over 99% of UK businesses received hefty fines for data breaches or violation of data protection rules over the last year Deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organisations.What does all of this mean? As data breaches continue to surge, government entities and trade bodies are in turn, trying to meet these challenges with updates and implementation of regulations and compliance mandates. Listen in as Luke speaks to IT managers about the need to build robust and effective information security foundations, invest in securing their supply chains and increasing employee awareness and training.Learn more about  ISMS.online: https://itspm.ag/ismsonline08ab81Note: This story contains promotional content. Learn more.Guest: Luke Dash, CEO, ISMS.onlineOn LinkedIn | https://www.linkedin.com/in/luke-dash-33867b25/ResourcesThe State of Information Security Report 2024: https://itspm.ag/ismsonlinef56b77Learn more and catch more stories from ISMS.online: https://www.itspmagazine.com/directory/isms-onlineView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.