Episodios

  • AI Will Replace Democracy: The Future of Government is Here. Or, is it? Let's discuss! | A Conversation with Eli Lopian | Redefining Society And Technology Podcast With Marco Ciappelli

    AI Will Replace Democracy: The Future of Government is Here. Or, is it? Let's discuss! | A Conversation with Eli Lopian | Redefining Society And Technology Podcast With Marco Ciappelli
    Sep 27 2025
    ⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com ______Title: Tech Entrepreneur and Author's AI Prediction - The Last Book Written by a Human Interview | A Conversation with Jeff Burningham | Redefining Society And Technology Podcast With Marco Ciappelli______Guest: Eli LopianFounder of Typemock Ltd | Author of AIcracy: Beyond Democracy | AI & Governance Thought LeaderOn LinkedIn: https://www.linkedin.com/in/elilopian/Book: https://aicracy.aiHost: Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society 🌎 LAX 🛸 FLR 🌍WebSite: https://marcociappelli.comOn LinkedIn: https://www.linkedin.com/in/marco-ciappelli/_____________________________This Episode’s SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak: https://itspm.ag/itspbcweb_____________________________⸻ Podcast Summary ⸻ I had one of those conversations that makes you question everything you thought you knew about democracy, governance, and the future of human society. Eli Lopian, founder of TypeMock and author of the provocative book on AI-cracy, walked me through what might be the most intriguing political theory I've encountered in years.⸻ Article ⸻ Technology entrepreneur Eli Lopian joins Marco to explore "AI-cracy" - a revolutionary governance model where artificial intelligence writes laws based on abundance metrics while humans retain judgment. This fascinating conversation examines how we might transition from broken democratic systems to AI-assisted governance in our evolving Hybrid Analog Digital Society.Picture this scenario: you're sitting in a pub with friends, listening to them argue about which political rally to attend, and suddenly you realize something profound. As Eli told me, it's like watching people fight over which side of the train to sit on while the train itself is heading in completely the wrong direction. That metaphor perfectly captures where we are with democracy today.Eli's background fascinates me - breaking free from a religious upbringing at 16, building a successful AI startup for the past decade, and now proposing something that sounds like science fiction but feels increasingly inevitable. His central premise stopped me in my tracks: no human being should be allowed to write laws anymore. Only AI should create legislation, guided by what he calls an "abundance metric" - essentially optimizing for human happiness, freedom, and societal wellbeing.But here's where it gets really interesting. Eli isn't proposing we hand over control to a single AI overlord. Instead, he envisions three separate AI systems - one controlled by the government, one by the opposition, and one by an NGO - all working with the same data but operated by different groups. They must reach identical conclusions for any law to proceed. If they disagree, human experts investigate why.What struck me most was how this could actually restore direct democracy. In ancient Athens, every citizen participated in the polis. We can't do that with hundreds of millions of people, but AI could process everyone's input instantly. Imagine submitting your policy ideas directly to an AI system that responds within hours, explaining why your suggestion would or wouldn't improve societal abundance. It's like having the Athenian square scaled to modern complexity.The safeguards Eli proposes reveal his deep understanding of human nature. No AI can judge humans - that remains strictly a human responsibility. Citizens don't vote for charismatic politicians anymore; they vote for actual policies. Every three years, people choose their preferred policies. Every decade, they set ambitious collective goals - cure cancer, reach Mars, whatever captures society's imagination.Living in our Hybrid Analog Digital Society, we already see AI creeping into governance. Lawyers use AI, governments employ algorithms for efficiency, and citizens increasingly turn to ChatGPT for advice they once sought from doctors or therapists. Eli's insight is that we're heading toward AI governance whether we plan it or not - so why not design it properly from the start?His most compelling point addresses a fear I share: that AI lacks creativity. Eli argues this is actually a feature, not a bug. AI generates rather than truly creates. The creative spark - proposing that universal basic income experiment, suggesting we test new social policies, imagining those decade-long goals - that remains uniquely human. AI simply processes our creativity faster and more fairly than our current broken systems.The privacy question loomed large in our conversation. Eli proposes a brilliant separation: your...
    Más Menos
    37 m
  • Why Identity Must Come First in the Age of AI Agents | A Black Hat SecTor 2025 Conversation with Cristin Flynn Goodwin | On Location Coverage with Sean Martin and Marco Ciappelli

    Why Identity Must Come First in the Age of AI Agents | A Black Hat SecTor 2025 Conversation with Cristin Flynn Goodwin | On Location Coverage with Sean Martin and Marco Ciappelli
    Sep 26 2025
    When we talk about AI at cybersecurity conferences these days, one term is impossible to ignore: agentic AI. But behind the excitement around AI-driven productivity and autonomous workflows lies an unresolved—and increasingly urgent—security issue: identity.In this episode, Sean Martin and Marco Ciappelli speak with Cristin Flynn Goodwin, keynote speaker at SecTor 2025, about the intersection of AI agents, identity management, and legal risk. Drawing from decades at the center of major security incidents—most recently as the head cybersecurity lawyer at Microsoft—Cristin frames today’s AI hype within a longstanding identity crisis that organizations still haven’t solved.Why It Matters NowAgentic AI changes the game. AI agents can act independently, replicate themselves, and disappear in seconds. That’s great for automation—but terrifying for risk teams. Cristin flags the pressing need to identify and authenticate these ephemeral agents. Should they be digitally signed? Should there be a new standard body managing agent identities? Right now, we don’t know.Meanwhile, attackers are already adapting. AI tools are being used to create flawless phishing emails, spoofed banking agents, and convincing digital personas. Add that to the fact that many consumers and companies still haven’t implemented strong MFA, and the risk multiplier becomes clear.The Legal ViewFrom a legal standpoint, Cristin emphasizes how regulations like New York’s DFS Cybersecurity Regulation are putting pressure on CISOs to tighten IAM controls. But what about individuals? “It’s an unfair fight,” she says—no consumer can outpace a nation-state attacker armed with AI tooling.This keynote preview also calls attention to shadow AI agents: tools employees may create outside the control of IT or security. As Cristin warns, they could become “offensive digital insiders”—another dimension of the insider threat amplified by AI.Looking AheadThis is a must-listen episode for CISOs, security architects, policymakers, and anyone thinking about AI safety and digital trust. From the potential need for real-time, verifiable agent credentials to the looming collision of agentic AI with quantum computing, this conversation kicks off SecTor 2025 with urgency and clarity.Catch the full episode now, and don’t miss Cristin’s keynote on October 1.___________Guest:Cristin Flynn Goodwin, Senior Consultant, Good Harbor Security Risk Management | On LinkedIn: https://www.linkedin.com/in/cristin-flynn-goodwin-24359b4/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcweb___________ResourcesKeynote: Agentic AI and Identity: The Biggest Problem We're Not Solving: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-agentic-ai-and-identity-the-biggest-problem-were-not-solving-49591Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025New York Department of Financial Services Cybersecurity Regulation: https://www.dfs.ny.gov/industry_guidance/cybersecurityGood Harbor Security Risk Management (Richard Clarke’s firm): https://www.goodharbor.net/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDScristin flynn goodwin, sean martin, marco ciappelli, sector, microsoft, ai, identity, agents, ciso, quantum, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Más Menos
    22 m
  • How F-Secure Transformed from Endpoint Security to Predicting Scams Before They Happen | A Brand Story Conversation with Dmitri Vellikok, Product and Business Development at F-Secure

    How F-Secure Transformed from Endpoint Security to Predicting Scams Before They Happen | A Brand Story Conversation with Dmitri Vellikok, Product and Business Development at F-Secure
    Sep 26 2025
    The cybersecurity industry operates on a fundamental misconception: that consumers want to understand and manage their digital security. After 17 years at F-Secure and extensive consumer research, Dmitri Vellikok has reached a different conclusion—people simply want security problems to disappear without their involvement.This insight has driven F-Secure's transformation from traditional endpoint protection to what Vellikok calls "embedded ecosystem security." The company, which holds 55% global market share in operator-delivered consumer security, has moved beyond the conventional model of asking consumers to install and manage security software.F-Secure's approach centers on embedding security capabilities directly into applications and services consumers already use. Rather than expecting people to download separate security software, the company partners with telecom operators, insurance companies, and financial institutions to integrate protection into existing customer touchpoints.This embedded strategy addresses what Vellikok identifies as cybersecurity's biggest challenge: activation and engagement. Traditional security solutions fail when consumers don't install them, don't configure them properly, or abandon them due to complexity. By placing security within existing applications, F-Secure automatically reaches more consumers while reducing friction.The company's research reveals the extent of consumer overconfidence in digital security. Seventy percent of people believe they can easily spot scams, yet 43% of that same group admits to having been scammed. This disconnect between perception and reality drives F-Secure's focus on proactive, invisible protection rather than relying on consumer vigilance.Central to this approach is what F-Secure calls the "scam kill chain"—a framework for protecting consumers at every stage of fraudulent attempts. The company analyzes scam workflows to identify intervention points, from initial contact through trust-building phases to final exploitation. This comprehensive view enables multi-layered protection that doesn't depend on consumers recognizing threats.F-Secure's partnership with telecom operators provides unique advantages in this model. Operators see network traffic, website visits, SMS messages, and communication patterns, giving them visibility into threat landscapes that individual security solutions cannot match. However, operators typically don't communicate their protective actions to customers, creating an opportunity for F-Secure to bridge this gap.The company combines operator-level data with device-level protection and user interface elements that inform consumers about threats blocked on their behalf. This creates what Vellikok describes as a "protective ring" around users' digital lives while maintaining transparency about security actions taken.Artificial intelligence and machine learning have been core to F-Secure's operations for over a decade, but recent advances enable more sophisticated predictive capabilities. The company processes massive data volumes to identify patterns and predict threats before they materialize. Vellikok estimates that within 18 to 24 months, F-Secure will be able to warn consumers three days in advance about likely scam attempts.This predictive approach represents a fundamental shift from reactive security to proactive protection. Instead of waiting for threats to appear and then blocking them, the system identifies risk patterns and steers users away from dangerous situations before threats fully develop.The AI integration also serves as a translation layer between technical security events and consumer-friendly communications. Rather than presenting technical alerts about blocked URLs or filtered emails, the system provides context about threats in language consumers can understand and act upon.F-Secure's evolution reflects broader industry recognition that consumer cybersecurity requires different approaches than enterprise security. While businesses can mandate security training and complex protocols, consumers operate in environments where convenience and simplicity drive adoption. The embedded security model acknowledges this reality while maintaining protection effectiveness.The company's global reach through operator partnerships positions it to address cybersecurity as a systemic challenge rather than an individual consumer problem. By aggregating threat data across millions of users and multiple communication channels, F-Secure creates network effects that improve protection for all users as the system learns from new attack patterns.Looking forward, Vellikok anticipates cybersecurity challenges will continue evolving in waves. Current focus on scam protection will likely shift to AI-driven threats, followed by quantum computing challenges. The embedded security model provides a framework for adapting to these changes while maintaining consumer protection without requiring users to understand or ...
    Más Menos
    36 m
  • Why Cybersecurity Training Isn’t Working — And What To Do Instead | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Dr. Aunshul Rege | Redefining CyberSecurity with Sean Martin

    Why Cybersecurity Training Isn’t Working — And What To Do Instead | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Dr. Aunshul Rege | Redefining CyberSecurity with Sean Martin
    Sep 25 2025
    ⬥GUEST⬥Aunshul Rege, Director at The CARE Lab at Temple University | On Linkedin: https://www.linkedin.com/in/aunshul-rege-26526b59/⬥CO-HOST⬥Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Cybersecurity Is for Everyone — If We Teach It That WayCybersecurity impacts us all, yet most people still see it as a tech-centric domain reserved for experts in computer science or IT. Dr. Aunshul Rege, Associate Professor in the Department of Criminal Justice at Temple University, challenges that perception through her research, outreach, and education programs — all grounded in community, empathy, and human behavior.In this episode, Dr. Rege joins Sean Martin and co-host Julie Haney to share her multi-layered approach to cybersecurity awareness and education. Drawing from her unique background that spans computer science and criminology, she explains how understanding human behavior is critical to understanding and addressing digital risk.One powerful initiative she describes brings university students into the community to teach cyber hygiene to seniors — a demographic often left out of traditional training programs. These student-led sessions focus on practical topics like scams and password safety, delivered in clear, respectful, and engaging ways. The result? Not just education, but trust-building, conversation, and long-term community engagement.Dr. Rege also leads interdisciplinary social engineering competitions that invite students from diverse academic backgrounds — including theater, nursing, business, and criminal justice — to explore real-world cyber scenarios. These events prove that you don’t need to code to contribute meaningfully to cybersecurity. You just need curiosity, communication skills, and a willingness to learn.Looking ahead, Temple University is launching a new Bachelor of Arts in Cybersecurity and Human Behavior — a program that weaves in community engagement, liberal arts, and applied practice to prepare students for real-world roles beyond traditional technical paths.If you’re a security leader looking to improve awareness programs, a university educator shaping the next generation, or someone simply curious about where you fit in the cyber puzzle, this episode offers a fresh perspective: cybersecurity works best when it’s human-first.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Dr. Aunshul Rege is an Associate Professor here, and much of her work is conducted under this department: https://liberalarts.temple.edu/academics/departments-and-programs/criminal-justiceTemple Digital Equity Plan (2022): https://www.phila.gov/media/20220412162153/Philadelphia-Digital-Equity-Plan-FINAL.pdfTemple University Digital Equity Center / Digital Access Center: https://news.temple.edu/news/2022-12-06/temple-launches-digital-equity-center-north-philadelphiaNICE Cybersecurity Workforce Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/Interested in sponsoring this show with a podcast ad placement? Learn more:👉 https://www.itspmagazine.com/purchase-programs⬥KEYWORDS⬥sean martin, julie haney, aunshul rege, temple university, cybersecurity literacy, social engineering, cyber hygiene, human behavior, community engagement, cybersecurity education, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Más Menos
    45 m
  • A Mystery In Florence | A Short Story Written By Lucia & Marco Ciappelli (English Version) | Stories Sotto Le Stelle Podcast | Short Stories For Children And The Young At Heart

    A Mystery In Florence | A Short Story Written By Lucia & Marco Ciappelli (English Version) | Stories Sotto Le Stelle Podcast | Short Stories For Children And The Young At Heart
    Sep 18 2025
    A Mystery in FlorenceIn Tuscany there is so much magic: hills decorated with olive trees, vineyards and cypresses, bell towers ringing everywhere, hidden gardens, and of course enchanted cities, full of history and beauty, where famous artists have created marvellous works of art.In this tale we find ourselves in the city of Florence, where magic abounds and legends hide in every corner.A river called the Arno runs through it; and amongst the many bridges there is one that quite rightly is a bit more famous than the others: the Ponte Vecchio. In those suspended houses no one lives anymore. Every day it is full of tourists who photograph it and come to visit from all over the world, but many, many years ago on this bridge there were butchers, fishmongers and tanners as if it were a market, a square suspended over the Arno and daily life was very different from today.At the time of this story the shops were all jewellery stores owned by master goldsmiths, who lived there, worked and sold gold jewellery and precious items of the highest quality. It was one of the hearts of the city where the Florentines of the time would meet and stop to chat whilst they came and went from one side of the river to the other. Even the children spent their days having fun playing and running from one side to the other undisturbed.At this point you must know that for some days small thefts had been occurring in the artisans' shops. Gold and precious items disappeared as if stolen by the wind, silently and by surprise, without leaving a trace. Who knows who knows? Who could be the culprit?The goldsmiths gathered together, after closing their shops, right there on the bridge."But what on earth is happening?" said one."Well, if only we knew..." said another."And we can't go on like this, looking like fools!"Bernardo, one of the goldsmiths, said: "Granted I'm a bit absent-minded, but I'm certainly not blind enough not to see if gold is missing from my shop."And off they went asking questions and interrogating each other to try to find an explanation for these thefts, discover the thief and perhaps recover what was stolen.In short, it had been weeks now that gold filings from the working of gold and various precious objects had been disappearing from the shops — and all this was happening under everyone's eyes but no one had seen anything.Who to blame if not those mischievous rascals who enjoyed playing football on the bridge! Between little matches, laughter, running, various games and hide-and-seek, who knows if one of them hadn't started stealing here and there.More days passed and more gold had vanished into thin air. The goldsmiths, tired of this business, came out onto the bridge and shouted loudly all together: "Now we've really had enough and it's time to put an end to it! Let's catch the thief!"Even Giulio the baker came out to the doorway of his shop, on the left, at the end of the bridge, and although he hadn't understood precisely what was happening, he showed everyone his flour-covered hands shouting: "I've got nothing to do with it, I swear! My hands are covered in dough only because I'm always preparing focaccia to bake in the oven."And saying this he joined the others shouting: "Let's catch the thief red-handed before that sack becomes one of flour!"In that commotion, Lapo, a very clever and curious boy, son of the goldsmith Bernardo who was friends with everyone and played together with the other children on the bridge, after reflecting thought: "There's something that doesn't add up: we children don't steal, whose fault can it be?"So Lapo decided to investigate on his own. Because as his grandfather always told him: "one thing done is worth more than a hundred to do" and then he would add that "if you do it yourself you do for three."So, without much ado, the following evening he organised himself, getting hold of a magnifying glass, a notebook with pencil to take notes and a lantern that would accompany him in the dark. The latter he held tight with a slightly trembling hand, but there was no hesitation — the situation wouldn't resolve itself.At dusk, he set off from the Ponte Vecchio, where he lived with his father above the shop, towards the column in Piazza Santa Trinità.Up there was, and still is, the Statue of Justice that towered so high as to touch the sky. The journey wasn't long, but that evening it took him longer than usual, because he observed everything with attention and curiosity. He looked right, left, in the narrow streets, beyond the parapet of the Lungarno and if he saw a stone he moved that too: "you never know where you might find clues" he thought.He had heard it said that the column and the statue of Justice were magical and full of secrets. But the most amazing thing was that from its summit, where indeed the statue stood, one could see what was happening at every point in the city — as we know justice sees and knows everything.Having arrived in Piazza Santa Trinita, he gave a ...
    Más Menos
    15 m
  • Why This Cybersecurity Executive Left Corporate to Start Asimily and Secure Healthcare, Manufacturing, and Critical Infrastructure | An Asimily Brand Origin Story with Shankar Somasundaram, CEO and Founder

    Why This Cybersecurity Executive Left Corporate to Start Asimily and Secure Healthcare, Manufacturing, and Critical Infrastructure | An Asimily Brand Origin Story with Shankar Somasundaram, CEO and Founder
    Sep 17 2025
    The decision to leave a successful corporate position and start a company requires more than just identifying a market opportunity. For Shankar Somasundaram, it required witnessing firsthand how traditional cybersecurity approaches consistently failed in the environments that matter most to society: hospitals, manufacturing plants, power facilities, and critical infrastructure.Somasundaram's path to founding Asimily began with diverse technical experience spanning telecommunications and early machine learning development. This foundation proved essential when he transitioned to cybersecurity, eventually building and growing the IoT security division at a major enterprise security company.During his corporate tenure, Somasundaram gained direct exposure to security challenges across healthcare systems, industrial facilities, utilities, manufacturing plants, and oil and gas operations. Each vertical revealed the same fundamental problem: existing security solutions were designed for traditional IT environments where confidentiality and integrity took precedence, but operational technology environments operated under entirely different rules.The mismatch became clear through everyday operational realities. Hospital ultrasound machines couldn't be taken offline during procedures for security updates. Manufacturing production lines couldn't be rebooted for patches without scheduling expensive downtime. Power plant control systems required continuous availability to serve communities. These environments prioritized operational continuity above traditional security controls.Beyond technical challenges, Somasundaram observed a persistent communication gap between security and operations teams. IT security professionals spoke in terms of vulnerabilities and patch management. Operations teams focused on uptime, safety protocols, and production schedules. Neither group had effective frameworks for translating their concerns into language the other could understand and act upon.This divide created frustration for Chief Security Officers who understood risks existed but lacked clear paths to mitigation that wouldn't disrupt critical business operations. Organizations could identify thousands of vulnerabilities across their operational technology environments, but struggled to prioritize which issues actually posed meaningful risks given their specific operational contexts.Somasundaram recognized an opportunity to approach this problem differently. Rather than building another vulnerability scanner or forcing operational environments to conform to IT security models, he envisioned a platform that would provide contextual risk analysis and actionable mitigation strategies tailored to operational requirements.The decision to leave corporate security and start Asimily wasn't impulsive. Somasundaram had previous entrepreneurial experience and understood the startup process. He waited for the right convergence of market need, personal readiness, and strategic opportunity. When corporate priorities shifted through acquisitions, the conditions aligned for his departure.Asimily's founding mission centered on bridging the gap between operational technology and information technology teams. The company wouldn't just build another security tool; it would create a translation layer enabling different organizational departments to collaborate effectively on risk reduction.This approach required understanding multiple stakeholder perspectives within client organizations. Sometimes the primary user would be a Chief Information Security Officer. Other times, it might be a manufacturing operations head managing production floors, or a clinical operations director in healthcare. The platform needed to serve all these perspectives while maintaining technical depth.Somasundaram's product engineering background informed this multi-stakeholder approach. His experience with complex system integration—from telecommunications infrastructure to machine learning algorithms—provided insight into how security platforms could integrate with existing IT infrastructure while addressing operational technology requirements.The vision extended beyond traditional vulnerability management to comprehensive risk analysis considering operational context, business impact, and regulatory requirements. Rather than treating all vulnerabilities equally, Asimily would analyze each device within its specific environment and use case, providing organizations with actionable intelligence for informed decision-making.Somasundaram's entrepreneurial journey illustrates how diverse technical experience, industry knowledge, and strategic timing converge to address complex market problems. His transition from corporate executive to startup founder demonstrates how deep industry exposure can reveal opportunities to solve problems that established players might overlook or underestimate.Today, as healthcare systems, manufacturing facilities, and critical infrastructure...
    Más Menos
    35 m
  • The Problem With Threat Modeling in Application Security: Too Slow, Too Theoretical, Not Agile | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 2 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9

    The Problem With Threat Modeling in Application Security: Too Slow, Too Theoretical, Not Agile | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 2 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9
    Sep 12 2025

    Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?

    In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:

    • It’s treated as a one-time exercise, not a continuous process
    • Research shows teams who put risk first discover 2x more high-priority threats
    • Yet fewer than 4 in 10 organizations use systematic threat modeling at scale

    Drawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

    👉 What’s your take? Share your experience with threat modeling in application security in the comments below. Is your organization able to integrate threat modeling into everyday work, or does it remain a one-off exercise? What changes to process or culture would make it valuable and visible across teams?

    📖 Read the full companion article in the Future of Cybersecurity newsletter for deeper insights: https://www.linkedin.com/pulse/problem-threat-modeling-application-security-too-slow-martin-cissp-8n5ye/

    🔔 Subscribe to stay updated on the full AppSec Contradictions video series and more perspectives on the future of cybersecurity: https://www.youtube.com/playlist?list=PLnYu0psdcllRWnImF5iRnO_10eLnPFWi_

    ________

    This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

    Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity

    Sincerely, Sean Martin and TAPE9

    ________

    Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️

    Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location

    To learn more about Sean, visit his personal website.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Más Menos
    4 m
  • AI in Application Security: Why False Positives Still Overwhelm Teams Despite the Hype | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 1 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9

    AI in Application Security: Why False Positives Still Overwhelm Teams Despite the Hype | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 1 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9
    Sep 9 2025

    AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.

    False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.

    This episode breaks down:

    • Why 70% of analyst time is wasted on false positives

    • How AI-generated code introduces new security risks

    • What “alert fatigue” means for developers, security teams, and business leaders

    • Why automating bad processes creates more noise, not less

    👉 What’s your take? Share your experience with AI in security in the comments below. Has AI helped reduce noise — or only made things harder?

    📖 Read the full companion article in the Future of Cybersecurity newsletter for deeper insights: https://www.linkedin.com/pulse/ai-application-security-why-false-positives-still-sean-martin-cissp-jb8zc/

    🔔 Subscribe to stay updated on the full AppSec Contradictions video series and more perspectives on the future of cybersecurity: https://www.youtube.com/playlist?list=PLnYu0psdcllRWnImF5iRnO_10eLnPFWi_

    ________

    This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

    Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity

    Sincerely, Sean Martin and TAPE9

    ________

    Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️

    Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location

    To learn more about Sean, visit his personal website.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Más Menos
    3 m