Episodes

  • The Ransomware Threat and the Resilience Imperative | A HITRUST Collaborate 2024 Conversation with Allan Liska | On Location Coverage with Sean Martin and Marco Ciappelli

    The Ransomware Threat and the Resilience Imperative | A HITRUST Collaborate 2024 Conversation with Allan Liska | On Location Coverage with Sean Martin and Marco Ciappelli
    Sep 14 2024
    Guest: Allan Liska, Senior Security Architect and Ransomware Specialist, Recorded Future [@RecordedFuture]On Linkedin | https://www.linkedin.com/in/allan2On Twitter | https://twitter.com/uuallan____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of the On Location with Sean and Marco podcast, recorded for the HITRUST Collaborate Conference in Dallas, TX, hosts Sean Martin and Marco Ciappelli engage in a dynamic conversation around the theme of cybersecurity in healthcare, specifically focusing on ransomware resilience. Sean and Marco are joined by Allan Liska for an insightful discussion on the current state of ransomware and the importance of proactive defenses.The episode begins with Sean and Marco acknowledging the hectic nature of their schedule, emphasizing their excitement for the upcoming events. Sean mentions his active participation at the HITRUST conference, working closely with risk management and compliance experts, while Marco expresses his envy yet supports Sean’s engagements.Allan Liska, the guest of this episode, brings a wealth of knowledge as an intelligence analyst specializing in ransomware research at Recorded Future. Allan delineates the ongoing challenges faced by organizations, particularly in healthcare, in mitigating ransomware threats. He highlights the increase in law enforcement activities targeting ransomware groups, which has led to more internal drama within the cybercriminal community, making the topic more relatable and urgent for organizations.A substantial part of the conversation revolves around the significance of tabletop exercises in preparing organizations for ransomware incidents. Allan stresses that effective tabletop exercises must involve representatives from across the entire organization, ensuring comprehensive preparedness. The exercises should be engaging and realistic, incorporating lessons learned to update incident response plans continually. Allan also recommends keeping out-of-band communication methods ready, such as using Signal, to ensure seamless operations during a ransomware attack.The importance of leadership buy-in is underlined, with Allan explaining how having senior leaders understand and support these exercises can significantly enhance the overall security posture. The discussion touches on common pitfalls, such as the assumption that backups alone will suffice, highlighting the necessity of regular, holistic testing of recovery processes.The hosts also reflect on the collaborative aspect of the HITRUST conference, noting that it provides an invaluable opportunity for participants to network, share best practices, and learn from each other's experiences. That's precisely the spirit Allan hopes to capture during his session at the conference.In conclusion, this episode is a deep dive into the complexities of ransomware defense, offering practical advice and underscoring the collective effort required to protect healthcare systems against cyber threats. Sean and Marco invite listeners to stay engaged and informed through their podcast series, promising more enlightening discussions on critical cybersecurity topics.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9RleBe sure to share and subscribe!____________________________ResourcesThe Ransomware Threat and the Resilience Imperative (Session): https://www.hitrustevents.com/event/HITRUSTCollaborate2024/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce?session=3448b1bf-3996-4945-95ed-bd957710b0acLearn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf
    Show more Show less
    24 mins
  • The Missing Link: How We Collect and Leverage SBOMs | An OWASP 2024 Global AppSec San Francisco Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli

    The Missing Link: How We Collect and Leverage SBOMs | An OWASP 2024 Global AppSec San Francisco Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli
    Sep 14 2024
    Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]On LinkedIn | https://www.linkedin.com/in/cassiecrossley/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli head to San Francisco to attend the OWASP Global AppSec conference. They kick off their journey with a light-hearted conversation about their destination, quickly segueing into the substantive core of the episode. The dialogue provides a rich backdrop to the conference's key focus: securing applications and the crucial role of Software Bill of Materials (SBOMs) in this context.Special guest Cassie Crossley joins the hosts to delve deeper into the significance of SBOMs. Cassie introduces herself and highlights her previous engagements with the podcast, touching on her upcoming session titled "The Missing Link: How We Collect and Leverage SBOMs." She explains the essential function of SBOMs in tracking open-source and commercial software components, noting the importance of transparency and risk evaluation in modern software development.Cassie explains that understanding the software components in use, including transitive dependencies, is crucial for managing risks. She discusses how her company, Schneider Electric, implements SBOMs within their varied product lines, ranging from firmware to cloud-based applications. By collecting and analyzing SBOMs, they can quickly assess vulnerabilities, much like how organizations scrambled to evaluate their exposure in the wake of the Log4J vulnerability.Sean and Marco steer the conversation towards the practical aspects of SBOM implementation for smaller companies. Cassie reassures that even startups and smaller enterprises can benefit from SBOMs without extensive resources, using free tools like Dependency-Track to manage their software inventories. She emphasizes that having an SBOM—even in a simplified form—provides a critical layer of visibility, enabling better risk management even with limited means.The discussion touches on the broader impact of SBOMs beyond individual corporations. Cassie notes the importance of regulatory developments and collective efforts, such as those by the Cybersecurity and Infrastructure Security Agency (CISA), to advocate for wider adoption of SBOM standards across industries.To wrap up, the hosts and Cassie discuss the value of conferences like OWASP Global AppSec for fostering community dialogues, sharing insights, and staying abreast of new developments in application security. They encourage listeners to attend these events to gain valuable knowledge and networking opportunities. Finally, in their closing remarks, Sean and Marco tease future episodes in the On Location series, hinting at more exciting content from their travels and guest interviews.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jtBe sure to share and subscribe!____________________________ResourcesThe Missing Link - How We Collect and Leverage SBOMs (Session): https://owasp2024globalappsecsanfra.sched.com/event/1g3XV/the-missing-link-how-we-collect-and-leverage-sbomsWhy the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin: https://redefiningcybersecuritypodcast.com/episodes/why-the-industry-needs-openssf-a-conversation-with-omkhar-arasaratnam-adrianne-marcum-arun-gupta-and-christopher-robinson-redefining-cybersecurity-with-sean-martinLearn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/SBOM-a-Rama: https://www.linkedin.com/feed/update/urn:li:activity:7232385837869469699/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/...
    Show more Show less
    21 mins
  • Charting the Path Forward: Navigating Security and Compliance at Collaborate 2024 | A HITRUST Collaborate 2024 Conversation with Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins | On Location Coverage with Sean Martin and Marco Ciappelli

    Charting the Path Forward: Navigating Security and Compliance at Collaborate 2024 | A HITRUST Collaborate 2024 Conversation with Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins | On Location Coverage with Sean Martin and Marco Ciappelli
    Sep 9 2024
    Guests:Leslie Jenkins, Sr. Director, Marketing, HITRUST [@HITRUST]On LinkedIn | https://www.linkedin.com/in/lsjenkins/Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]On LinkedIn | https://www.linkedin.com/in/robertbooker/Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/Steve Perkins, Chief Marketing Officer, HITRUST [@HITRUST]On LinkedIn | https://www.linkedin.com/in/steve-perkins-1604b31/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of "On Location with Sean and Marco," Sean Martin welcomes listeners to an engaging Chats on the Road episode heading from Frisco, Texas, where he discusses Collaborate 2024—an upcoming event centered on security, risk management, and compliance programs. Sean is joined by notable industry figures, including Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins, who collectively provide a comprehensive overview of Collaborate 2024.The discussion begins with Robert Booker sharing insights into the history and objectives of the HITRUST Collaborate conference. He explains the event's organic growth and its focus on creating a community-driven environment where participants can engage in meaningful conversations about the challenges they face in the industry.Steve Perkins elaborates on the theme "charting the path forward," highlighting the importance of addressing recent industry events, such as significant breaches, and fostering collective efforts in assurance, risk management, and compliance. The agenda includes a variety of sessions ranging from roundtable discussions with seasoned industry professionals to focused talks on emerging trends like ransomware and workforce development.Blake Sutherland touches on the unique aspects of cyber insurance, outlining the benefits of integrating HITRUST certifications into the insurance process to enhance risk decisions and streamline procurement. The conversation also touches on the significance of AI in the industry, as Robert Booker discusses the challenges and opportunities associated with AI governance and security. He emphasizes the need for a robust framework to ensure AI systems are secure and align with corporate governance.Leslie Jenkins adds to the excitement by talking about the conference's location at the Dallas Cowboys' world headquarters, which promises a unique networking experience. She underscores the importance of in-person interactions and how they contribute to the event's overall value.The episode concludes with logistical details for attendees and a collective anticipation for the upcoming event. Sean and guests express their enthusiasm for being part of a community that actively engages in shaping the future of security, risk management, and compliance. Listeners are encouraged to stay tuned for more insightful episodes and register for the event through links provided in the show notes.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9RleBe sure to share and subscribe!____________________________ResourcesLearn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf
    Show more Show less
    17 mins
  • Learning about Identity Week Americas and SIDI HUB Summit | An Identity Week USA 2024 Conversation with Jeff Reich | On Location Coverage with Sean Martin and Marco Ciappelli

    Learning about Identity Week Americas and SIDI HUB Summit | An Identity Week USA 2024 Conversation with Jeff Reich | On Location Coverage with Sean Martin and Marco Ciappelli
    Sep 6 2024
    Guest: Jeff Reich, Executive Director, Identity Defined Security Alliance [@idsalliance]On LinkedIn | https://www.linkedin.com/in/jreich/On Twitter | https://twitter.com/JeffReichCSO____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesWelcome to this pre-event episode of On Location, where we’re diving into what’s to come at Identity Week Americas, happening September 11th and 12th, 2024, at the Washington Convention Center in D.C. Although I won’t be on-site, Jeff—who leads the Identity Defined Security Alliance (IDSA)—gave me the inside scoop on why this event is one you can’t afford to miss.Our conversation ranges from the critical role of digital identities and payments, to the pressing challenges facing the identity landscape today. Jeff shared insights on the panels he’ll be participating in, like Interoperable Digital Identities and The Future of Payments, giving a preview of the big discussions that will take place at the event.We even touched on more serious global issues, such as the plight of refugees who lack identification, and how Identity Week is working toward solutions that can have a real impact. On top of that, the SIDI HUB Summit will run alongside the event, focusing on creating a standardized, globally recognized digital identity system.With Identity Week happening across multiple continents—from the Americas to Europe and Asia—the need for international collaboration has never been clearer. Jeff’s vision for a globally interoperable identity system is ambitious, but the starting point is simple: practical steps like multi-factor authentication and building awareness about identity security.As we look forward to the event, Jeff also mentioned that there might still be some passes available for those interested in attending. Whether you’re in the public sector, tech, or simply passionate about identity solutions, this event is your chance to get involved in shaping the future.Stay tuned for more coverage, and thanks for joining me on this pre-event journey as we explore what’s in store at Identity Week Americas.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQtJTmj9bp2RMzfkXLnN4--Be sure to share and subscribe!____________________________ResourcesLearn more about Identity Week USA 2024: https://itspm.ag/identinwxnSIDI Hub: https://sidi-hub.community/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf
    Show more Show less
    25 mins
  • An Introduction to CyberTech NYC Conference 2024 with Event Director Steve Corrick | On Location Coverage with Sean Martin and Marco Ciappelli

    An Introduction to CyberTech NYC Conference 2024 with Event Director Steve Corrick | On Location Coverage with Sean Martin and Marco Ciappelli
    Aug 26 2024
    Guest: Steve Corrick, Director, Cybertech New YorkOn LinkedIn | https://www.linkedin.com/in/stevecorrick/On Twitter | https://x.com/scorrickOn Facebook | https://www.facebook.com/stephen.corrick____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesA Virtual Road Trip to CyberTech NYCIn a lively pre-event discussion, we embark on a metaphorical journey across the States, representing our excitement for the CyberTech NYC Conference, happening on September 5th, 2024, at the Metropolitan Pavilion in Chelsea. The idea of this "drive" is a fun nod to the interconnectedness of our virtual world and our anticipation of the event.Event Spotlight: Why CyberTech NYC MattersWe kick things off by highlighting the significance of this event, mentioning that it starts early on September 4th with pre-event activities, leading up to the main event on the 5th. Steve Corrick, one of the key organizers, provides a behind-the-scenes look at the planning process and explains how this third edition of CyberTech NYC has become a distinctive fixture in the cyber ecosystem.The Global and Local Impact of CyberTechSteve takes us through the journey of CyberTech as a global series, tracing its roots from Tel Aviv to its expansion across multiple continents. What sets CyberTech NYC apart, he says, is its dual focus on both global trends and local innovation. New York City, now a burgeoning hub for tech and cybersecurity, plays host to an event that showcases local talent, startups, and established players alike.Comprehensive Coverage of Cyber TopicsThe event’s agenda is packed with content designed to tackle critical issues, such as:Cyber Talent Initiative: Programs for everyone, from students to professionals looking to upskill.VC and Investor Focus: The Investing in the Best initiative to help startups boost their funding.Government and Agency Involvement: Discussions on how localities can strengthen their cyber ecosystems.Main Stage Content: Keynotes on fake news, the role of cyber in elections, and other pressing topics.Inclusivity and Innovation: A Diverse Speaker LineupWe appreciate the diversity of speakers and the range of topics covered. With big names like Walmart, AWS, and various innovative startups, the event promises to offer something for everyone. Steve also explains the event’s blend of formats, including main stage panels, roundtables, and think tanks, all aimed at fostering in-depth discussions and knowledge sharing.The Evolving Cyber LandscapeReflecting on how cybersecurity events have evolved over the years, Steve notes the shift from niche gatherings to mainstream importance. With cyber threats becoming part of our daily lives, collaboration among countries and industries has become essential for enhancing global security.Local Focus with Global ReachWe commend the event’s ability to balance global participation with a strong local focus. Steve agrees, emphasizing their collaboration with local and state-level initiatives in New York, further solidifying the city’s place on the global cybersecurity map.Looking Forward to CyberTech NYC 2024Our conversation wraps up with a sneak peek at the event’s schedule, including a Happy Cyber Hour on the evening of September 5th and additional pre-event activities on the 4th. Steve and his team are excited to connect with participants from around the globe, and we’ll be sharing more updates as CyberTech NYC 2024 approaches.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf____________________________Follow our Cybertech NYC 2024 coverage: https://www.itspmagazine.com/cybertech-nyc-2024-cybersecurity-event-coverage-in-new-york-cityOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRjdy_wDSLBwgPkM3zSeau_Be sure to share and subscribe!____________________________ResourcesLearn more about Cybertech NYC 2024: https://nyc.cybertechconference.com/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast
    Show more Show less
    22 mins
  • Recapping Black Hat 2024 and What’s Next | On Location Coverage with Sean Martin and Marco Ciappelli

    Recapping Black Hat 2024 and What’s Next | On Location Coverage with Sean Martin and Marco Ciappelli
    Aug 20 2024
    Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of "On Location With Sean Martin and Marco Ciappelli," our hosts dive into their time at Black Hat 2024 in Las Vegas, reflecting on key takeaways and sharing what’s next on their journey. Whether you're deep into cybersecurity or just curious about the industry, this blog post offers a snapshot of what to expect from Sean and Marco.Recapping Black Hat 2024Marco CiappelliChoo, choo . . .Sean MartinIs that the sound of the fast train back from Vegas? Or just the rush of everything we experienced?Marco CiappelliI'm still wondering why there's no train from LA to Vegas. And don't get me started on LA to San Francisco—that's another conversation entirely.The conversation kicks off with a lighthearted nod to travel woes before shifting to the core of the episode: their reflections on Black Hat 2024. Sean and Marco bring unique perspectives, emphasizing the importance of thinking beyond cybersecurity's technical aspects to consider its broader impact on society and business.Sean's Operational InsightsSean MartinI like to look at things from an operational angle—how can we take what we learn and bring it back to the business to help leaders and practitioners do what they love?Sean’s Black Hat 2024 Recap Newsletter explores the evolution from reactive data responses to strategic enablement, AI and automation, modular cybersecurity, and the invaluable role of human insights. His focus is clear: helping businesses become more resilient and adaptable through smarter cybersecurity practices.Marco's Societal ImpactMarco CiappelliCybersecurity isn’t a destination—it’s a journey. We’re never going to be fully secure, and that’s okay. Cultures change, technology evolves, and we have to keep adapting.Marco’s take highlights the societal implications of cybersecurity. He talk about how different fields and nations are breaking down silos to collaborate more effectively. His newsletter often reflects on the need for digital literacy across business, society, and education, emphasizing the importance of broadening our understanding of technology’s role.Upcoming Events and ConferencesThe duo is excited about their packed schedule for the rest of 2024 and beyond, including:CyberTech New York (September 2024): Focused on policy, innovation, SecOps, AppSec, and sustainability.OWASP AppSec San Francisco (September 2024): Covering the OWASP Top 10 for LLMs and more.Sector in Toronto (October 2024): Offering unique coverage ideas, closely tied to Black Hat.Did someone said that they will be back covering an APJ event, in Melbourne, before the end of the year??? Additional VenturesThey’ll also be hosting innovation panels and keynotes at a company event in New Orleans, with CES in Las Vegas and VivaTech in Paris on the horizon for 2025, blending B2B startup insights with consumer tech, all with a cybersecurity twist.Subscribe and Stay TunedMarco and Sean invite you to subscribe to their newsletters and follow their podcast, "On Location," as they continue their journey around the globe—both physically and virtually—bringing fresh perspectives on business, technology, and cybersecurity. You’ll also find unique "brand stories" that highlight innovations making our world safer and more sustainable.Stay connected, enjoy the ride, and don’t forget to subscribe to both their newsletters and the "On Location" podcast on YouTube!Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv____________________________Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQBe sure to share and subscribe!____________________________ResourcesSean's Newsletter Article: https://www.linkedin.com/pulse/reflecting-black-hat-2024-operationalizing-enhanced-business-martin-ccive/Marco's Newsletter Article: https://www.linkedin.com/pulse/my-reflections-from-itspmagazines-black-hat-usa-2024-state-ciappelli-ayglc/?trackingId=hLvuq5LqQ%2B2RHNpgDtIJlQ%3D%3DOn Location Podcast: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.comLearn more about Black Hat USA 2024: https://www.blackhat.com/us-24/____________________________Catch all of our event coverage: ...
    Show more Show less
    21 mins
  • OWASP Top 10 For Large Language Models: Project Update | An OWASP 2024 Global AppSec San Francisco Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco Ciappelli

    OWASP Top 10 For Large Language Models: Project Update | An OWASP 2024 Global AppSec San Francisco Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco Ciappelli
    Aug 20 2024
    Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead, OWASP Top 10 for Larage Language Model Applications [@owasp]On LinkedIn | https://www.linkedin.com/in/wilsonsd/On Twitter | https://x.com/virtualsteve____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of the Chat on the Road On Location series for OWASP AppSec Global in San Francisco, Sean Martin hosts a compelling conversation with Steve Wilson, Project Lead for the OWASP Top 10 for Large Language Model AI Applications. The discussion, as you might guess, centers on the OWASP Top 10 list for Large Language Models (LLMs) and the security challenges associated with these technologies. Wilson highlights the growing relevance of AppSec, particularly with the surge in interest in AI and LLMs.The conversation kicks off with an exploration of the LLM project that Wilson has been working on at OWASP, aimed at presenting an update on the OWASP Top 10 for LLMs. Wilson emphasizes the significance of prompt injection attacks, one of the key concerns on the OWASP list. He explains how attackers can craft prompts to manipulate LLMs into performing unintended actions, a tactic reminiscent of the SQL injection attacks that have plagued traditional software for years. This serves as a stark reminder of the need for vigilance in the development and deployment of LLMs.Supply chain risks are another critical issue discussed. Wilson draws parallels to the Log4j incident, stressing that the AI software supply chain is currently a weak link. With the rapid growth of platforms like Hugging Face, the provenance of AI models and training datasets becomes a significant concern. Ensuring the integrity and security of these components is paramount to building robust AI-driven systems.The notion of excessive agency is also explored—a concept that relates to the permissions and responsibilities assigned to LLMs. Wilson underscores the importance of limiting the scope of LLMs to prevent misuse or unauthorized actions. This point resonates with traditional security principles like least privilege but is recontextualized for the AI age. Overreliance on LLMs is another topic Martin and Wilson discuss.The conversation touches on how people can place undue trust in AI outputs, leading to potentially hazardous outcomes. Ensuring users understand the limitations and potential inaccuracies of LLM-generated content is essential for safe and effective AI utilization.Wilson also provides a preview of his upcoming session at the OWASP AppSec Global event, where he plans to share insights from the ongoing work on the 2.0 version of the OWASP Top 10 for LLMs. This next iteration will address how the field has matured and new security considerations that have emerged since the initial list.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode’s SponsorsAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc____________________________Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jtBe sure to share and subscribe!____________________________ResourcesOWASP Top 10 for Large Language Models: Project Update: https://owasp2024globalappsecsanfra.sched.com/event/1g3YF/owasp-top-10-for-large-language-models-project-update Safeguarding Against Malicious Use of Large Language Models: A Review of the OWASP Top 10 for LLMs | A Conversation with Jason Haddix | Redefining CyberSecurity with Sean Martin: https://itsprad.io/redefining-cybersecurity-190OWASP LLM AI Security & Governance Checklist: Practical Steps To Harness the Benefits of Large Language Models While Minimizing Potential Security Risks | A Conversation with Sandy Dunn | Redefining CyberSecurity Podcast with Sean Martin: https://itsprad.io/redefiningcybersecurity-287Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://itsprad.io/redefining-cybersecurity-208Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/...
    Show more Show less
    24 mins
  • Harnessing Dark Web Insights to Understand Risks from the Attacker's Viewpoint | A Brand Story Conversation From Black Hat USA 2024 | A Resecurity Story with Christian Lees and Shawn Loveland | On Location Coverage with Sean Martin and Marco Ciappelli

    Harnessing Dark Web Insights to Understand Risks from the Attacker's Viewpoint | A Brand Story Conversation From Black Hat USA 2024 | A Resecurity Story with Christian Lees and Shawn Loveland | On Location Coverage with Sean Martin and Marco Ciappelli
    Aug 19 2024

    At Black Hat USA 2024, the spotlight is on redefining and rethinking security, as discussed in this Brand Story episode with Resecurity. Sean Martin, Christian Lees, and Shawn Loveland share the mic to explore the cutting-edge innovations shifting paradigms within the cybersecurity domain. Christian Lees and Shawn Loveland from Resecurity dive deep into the substance of their work and its impact on modern security teams. The primary focus is Resecurity's approach towards threat intelligence and how it aids organizations in proactively mitigating risks.

    The discussion kicks off with an overview of Resecurity's approach to threat intelligence. Unlike conventional models that operate from within the firewall, Resecurity adopts an outside-in perspective, helping clients understand what attackers might know about their infrastructure. Shawn Loveland emphasizes this unique viewpoint by illustrating how Resecurity helps organizations identify potential breaches and vulnerabilities from the attacker's perspective, well before any threats materialize.

    One intriguing point discussed by Lees and Loveland is Resecurity's comprehensive data sourcing from the dark web. Resecurity does not simply rely on common threat intel from visible websites but digs deep into exclusive, invitation-only forums and other obscure corners of the web. This meticulous venture results in a much more profound understanding of potential threats, minimizing blind spots and the risk of data inaccuracies or AI hallucinations. By drawing on diverse data sources, Resecurity promises more significant and accurate insights into the motives and methods of cybercriminals.

    Moreover, Loveland highlights the technologically sophisticated tactics employed by Resecurity, combining AI to convert unstructured data into structured, actionable intelligence for security teams. This automation not only boosts efficiency but also empowers analysts to make more informed decisions swiftly. AI in Resecurity's arsenal is not a standalone entity but integrates deeply with the human-driven aspects of threat intelligence, enriching the overall analytic experience with contextual understanding and tangible evidence.

    The guests also touch on Resecurity's AI capabilities, illustrating this through scenarios where AI accelerates threat detection and response. By transforming vast amounts of data into comprehensible formats, and even summarizing complex situations into actionable insights, AI significantly reduces the ordeal for security analysts while enhancing precision.

    In conclusion, Resecurity’s state-of-the-art threat intelligence solutions, emphasized by the knowledgeable insights from Christian Lees and Shawn Loveland, represent a proactive and innovative approach to modern cybersecurity.

    Learn more about Resecurity: https://itspm.ag/resecurb51

    Note: This story contains promotional content. Learn more.

    Guests:

    Christian Lees, CTO, Resecurity [@RESecurity]

    On LinkedIn | https://www.linkedin.com/in/christian-lees-72886b3/

    Shawn Loveland, Chief Operating Officer, Resecurity [@RESecurity]

    On LinkedIn | https://www.linkedin.com/in/shawn-loveland/

    Resources

    Learn more and catch more stories from Resecurity: https://www.itspmagazine.com/directory/resecurity

    View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

    Are you interested in telling your story?
    https://www.itspmagazine.com/telling-your-story
    Show more Show less
    19 mins