Full Story, BHUSA2025
Editor
Access Roulette: How to Stop Betting Your ...

This episode explores how dynamic, context-aware access controls can eliminate the friction between security and productivity. Learn how a Zero Standing Privilege approach protects both human and AI identities while enabling organizations to operate at full speed without compromising safety.

BHUSA2025
Editor
Event Recap: Kieran Human at Black Hat USA 2025 ...

ThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.

Full Story, BHUSA2025
Editor
Data Kidnapping: Because File Encryption Is So ...

Ransomware groups are increasingly abandoning file encryption in favor of high-value data theft, using extortion to extract massive payouts while avoiding the spotlight. This conversation reveals who they target, how they operate, and what organizations can do to shut down their most exploitable weaknesses.

Full Story, BHUSA2025
Editor
Cybersecurity Hiring Is Not Broken—Your Job ...

This episode shifts the conversation from technology to the people powering cybersecurity success, revealing how workforce risk management transforms retention, alignment, and operational efficiency. Discover how real-time visibility into capabilities and roles empowers leaders to make smarter staffing decisions, strengthen budgets, and keep teams fulfilled.

Full Story, BHUSA2025
Editor
How to Automate Cybersecurity Operations ...

AI-powered micro agents are enabling organizations to automate targeted tasks quickly and reliably, reducing manual work and accelerating response times in security and beyond. This conversation reveals how a platform approach can extend automation benefits from SOCs to every corner of the enterprise.

Vulnerability Stats Report 2020 Review | Their Story | Edgescan | A Conversation With Eoin Keary and Rahim Jina

A Their Story conversation with Sean Martin and Marco Ciappelli

Guests: Eoin Keary and Rahim Jina

For five years running, Edgescan has conducted an annual survey to analyze the state of vulnerability assessment programs within organizations across the globe. With new data points in hand, giving their team the ability to evaluate year-over-year changes, this year’s results raise the obvious question: “Have we learned anything to help make our businesses more secure?”

Some technologies aren’t the silver bullet, and the human element is still critical as they bring the risk assessment to the table. With this point in mind, assuming you are human, you may want to listen to this chat and also read their report to get a view into how you can work with your peers—and the technology—to reduce risk through full-stack vulnerability management.

The Importance Of CyberSecurity Storytelling | Their Story | RSA Security | A Conversation With Rohit Ghai

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Rohit Ghai, CEO, RSA Security

The InfoSec industry has done a lot of work to raise awareness around the risks we face in business and society, thereby increasing the appreciation for the need to protect our companies and ourselves from cybercrime, fraud, and other dangerous activity associated with being connected to the Internet. Unfortunately, the stories that have been told—and the stories that the media pick up and amplify—are often those that paint a picture of doom, and gloom, and failure.

Ultimately, it may be that we aren't defining the ending to our stories in a way that we want them to end. To this end, do we know what does it mean to win? For which side? Do we know what it means to lose? For which side? And, most importantly, does winning on one side equal losing on the other? In both directions?

Answering these questions can help us change the way we want our stories to be heard; it can help us improve the way we tell our story — can help us change the way we live our story.

Are you ready to change the narrative for a better story, a better outcome? Have a listen to this story, and then start telling yours.

Their Story | CyberSaint | A Conversation With Alison Furneaux and Padraic O’Reilly

A Their Story conversation with Sean Martin and Marco Ciappelli

Guests: Alison Furneaux and Padraic O’Reilly

The concept of governance, risk, and compliance (GRC) has been around since the mid-2000s. GRC continues to change, as do business models, the technologies that run the business, and the cyber threats that threaten to bring it to a screeching halt.

Of course, the role of the CISO has also changed, but has it kept up with the times?

Listen to the CyberSaint story to hear how they identified this problem and have been working diligently to help CISOs overcome the challenges they face.

Their Story | Lucy Security | A Conversation With Colin Bastable

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Colin Bastable

Organizations are defined by their culture—and the culture is determined by the collection of individuals that make up the organization. Organizations that take information security seriously and work with their employees to understand and embrace their role in protecting themselves and the business are the organizations that stand a better chance of thwarting off an attack.

According to today’s guest, Colin Bastable, 97% of all of the threats originate with some form of social engineering. So, organizations must work on having an understanding of the human angle as it relates to these threats—both the employees as humans and the cybercriminals as humans. Organizations must understand the human motivation—both to attack and to protect themselves. People are people on all sides of the equation—it’s just how it is; it’s just how they are.

Once you have this understanding, coupled with how the protection technologies work, you can begin to identify the gaps between what the technology can offer and what the humans can do for themselves. It’s this gap that needs to be closed.

Are you interested in understanding how to identify and close this gap? Have a listen to this chat with Colin—he’s seen this in action all around the world in many different industries.

Their Story | Accedian | A Conversation With Michael Rezek

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Michael Rezek

For years, organizations have been monitoring network traffic to squeeze every ounce of performance out of their systems and applications. The data collected and analyzed gives organizations tremendous insights into what changes need to be made to keep things up and running at top speed. This data is gold.

Many organizations stop mining and analyzing their data once they see that there’s gold there—effectively letting the platinum in their data to wash downstream. The platinum—at least in this story anyway—is security data.

Fortunately, Michael Rezek knows a bit about network data analysis, network performance, and network security—and recognizes the value of both the gold and the platinum sitting in the network data they monitor.

Have a listen to Michael as he shares the Accedian story, describing the journey they’ve taken as a company—and the journey they are helping others take as they continue down the path of their digital transformation.

Their Story | Cequence Security | A Conversation With Jason Kent

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Jason Kent

Since we are humans, we seem to be repeating all of these same mistakes in a different part of the application world—the API layer. We're forgetting that the API layer is really meant for computer to computer communications, changing the game for how we approach authentication, access control, communications, instructions, behaviors, and more. As one example, things like rate limiting can really become a problem if not addressed.

To help us understand this world better, have a listen to Jason Kent, Hacker in Residence at Cequence Security, as he shares with us some of the fun ways he hacks on applications—namely through APIs.

Their Story | BlackCloak | A Conversation With Christopher Pierson

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Christopher Pierson

Sometimes it takes some creative thinking when it comes to gaining an understanding of how information security and cybersecurity work—and why they matter, not only during work hours but after hours as well.

To help you with this thinking process, have a listen to this chat with Chris Pierson, founder, and CEO of BlackCloak, as he tells us (you) his story about the creation of BlackCloak and its cyber protection services for executives and high net worth individuals.

Who knows, you might even get a glimpse into what a BlackCloak is.

Enjoy!

Their Story | WeSecureApp | A Conversation With Venu Rao

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Venu Rao

The team at WeSecureApp have been embracing that recognition, the positive feedback they receive from their clients, and the constructive feedback from the RSA Conference Launch Pad judges (in Singapore) to continue to expand their team, their presence around the world, and their product line — all with a focus on meeting customer need and market fit.

With an expansion into the US (with a Dallas, Texas office) and a key member added to their advisory board, WeSecureApp has found themselves benefiting from several accelerator programs that are setting them up for long-term growth and success.

Listen in as Venu tells us more about these activities and what the future holds for WeSecureApp.

Their Story | ReversingLabs | A Conversation With Mario Vuksan and Tyson Whitten

A Their Story conversation with Sean Martin and Marco Ciappelli

Guests: Mario Vuksan, CEO & Co-Founder, ReversingLabs | Tyson Whitten, VP, Global Marketing, ReversingLabs

CHAPTER 2: Does the black box of machine learning and artificial intelligence give you a headache? If so, it’s like the lack of visibility into how new (dare we say, “next-gen”) information technologies work. This is beginning to give pause to many organizations looking to leverage such technologies to help them succeed with their IT security management programs. Without a view into how the data is analyzed paired with a lack of visibility for how the results can be connected back to the operations—and the business—means that organizations are forced to blindly trust that their vendors are doing the best things, the right thing.

So, how come we can’t get this visibility? What’s holding us back? Have a listen to Mario’s and Tyson’s view to hear how they see these headaches being treated in the not-so-distant future.

Their Story | Virsec | A Conversation With Willy Leichter

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Willy Leichter

Our guest today, Willy Leichter, points out that the National Vulnerability Database has been tracking between 5,000 to 7,000 vulnerabilities every year; a figure that went up to about 20,000 a couple years ago, and where we're now seeing 10,000 to 15,000 per month. Trying to keep up with this trend from a patch management perspective as the sole means to eliminate vulnerabilities and mitigate risk to the business isn't scalable; it isn't feasible.

Still, business marches on—technology marches on—security is always going to have to run fast to keep up. Most organizations accept that. But it can be daunting at times. Have a listen to this chat with Willy to get a different perspective on this problem. With any luck, you'll have a fighting chance to make it through tomorrow, and the next day, and the day after that without a serious problem with your apps.

Their Story | DataLocker | A Conversation With Jay Kim

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Jay Kim

How do organizations ensure that those devices (and related ports) don’t get misused and abused — especially when there are 10s of thousands of users, each potentially with multiple external devices?

That’s where centralized management comes into play, giving IT leaders and business owners the ability to define and enforce acceptable use policies aligned with their business needs and their risk appetite. Listen to today’s story by Jay Kim as he shares some detailed use cases.

Their Story | SIRP | A Conversation With Faiz Shuja

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Faiz Shuja

We’ve arrived at a time in business where we can no longer rely on manually fighting the status quo as a means to protect the organization from compromise. We’ve reached a point where organizations must prepare for the inevitable and take aim at defining and implementing the best possible breach response capabilities—driven by intelligence and orchestrated with automation. Listen to today’s episode as Faiz Shuja shares the SIRP story with us, giving us a view into what the future holds for the security orchestration and automated response market.

Have a listen to this story!

Their Story | BYOS | A Conversation With Matias Katz

A Their Story conversation with Sean Martin and Marco Ciappelli

Guest: Matias Katz

Listen to today’s episode as Matias Katz tells us the BYOS story: the origins of the company, how Matias’ upbringing and education helped to shape the company, and how his passion and drive for knowledge and learning are helping him to take the company into the future—a future full of countless bad actors looking to compromise and exploit some of the billions of Internet-connected devices for their financial gain.

Their Story | Prevailion | A Conversation With Karim Hijazi and Adam Flatley

A Their Story conversation with Sean Martin and Marco Ciappelli

Guests: Karim Hijazi and Adam Flatley

The question for you as you listen to this conversation is: “are you zeroing in on what matters for your entire business ecosystem, or are you stuck in a world where updating patches, changing firewall rules, and running AV scans is still your top priority?”

Reinventing Privileged Access Management | A Dialogue With Martin Cannard, VP, STEALTHbits

A Their Story interview with Sean Martin

Today’s guest is Martin Cannard, Vice President, Product Strategy (Privileged Access Management) at STEALTHbits Technologies. Martin and I look at the past to explore how the world of access control and privileged access management (PAM) has changed, mainly driven mobile, cloud, and the Internet of Things.

Martin shares some stories about how organizations are changing the way they define and implement privileged access management solutions, turning the technology—and their operational infrastructure—on its side business to better support business requirements without opening up the gates too wide nor closing them down too much.

Ultimately, it’s about finding that “just right” access model that accounts for changes in risk, threat, context. This isn’t an easy task when faced with growing technical complexities, increasingly-demanding business processes, and the need to scale to meet both market and end-user demands.

After you listen to this story by STEALTHbits, check to see if your perception of privileged access management has changed—and, if so, how.

, ,

Their Story At Hacker Summer Camp | Las Vegas 2019 | Ronan Cremin, Afilias

, ,

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Ronan Cremin, CTO, Afilias

Marco and I are fortunate in that we get to hear a lot of stories. Of course, as one of our mantras spells out, we are always on the lookout for stories that are better than others.

This story is that and a bit more. It is made of the stuff that nightmares are made off; to the point that Marco has been inspired to write a Cybersecurity Halloween Short Story after hearing this one. We shall see if that is actually going to happen. 

in the meantime, it’s probably a good to take a deep breath before you listen (or watch a snippet of) our conversation with Ronan to the nightmare people may have gotten themselves into. Maybe it that new phone deal you got online wasn’t that good of a deal after all. Perchance it was just a nightmare. Perhaps it wasn’t.

, ,

Their Story At Hacker Summer Camp | Las Vegas 2019 | Yaron Kassner, Silverfort

, ,

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Yaron Kassner, Co-Founder and CTO | Silverfort

What if you could have your cake and eat it too? No matter how many times you hear this, it still sounds good. Conversely, however, we can’t even remember how many conversations we’ve had over the years, about passwords and how inconvenient and old-fashioned they are—both for today’s businesses and for personal lives operating in the digital age.

Unfortunately not much has changed and, for a while, it looked like the best way to deal with adding extra security to a password was to verify it with yet another password. It felt like we were trying to maximize protection while minimizing disruptions; seemingly, this was (and still is?) as impossible as tasting that sweet cake and still having it. Drats!

Well, times are changing, and technology is finally coming to the rescue. Here is a story about it.

With over a decade in the cybersecurity industry, today’s guest — Yaron Kassner, Co-Founder of and CTO at Silverfort — tells a story of a career path that takes him through the data science and machine learning halls of Microsoft and Cisco before co-founding the Isreali-based firm, Silverfort, in 2015.

It's a good story. Have a listen. Just input your password when prompted.

, ,

Their Story At Hacker Summer Camp | Las Vegas 2019 | Will Glazier and Matt Keil, Cequence Security

, ,

A Their Story interview with Sean Martin & Marco Ciappelli
Guests: Will Glazier, Head of CQ Crime Research and Matt Keil, Director of Product Marketing | Cequence Security

During Black Hat, we had the chance to meet two of these individuals from Cequence Security: one is a security research veteran that has been with the company for a long time and the other a new-hire but with a long and solid history of looking after product marketing for another very well-known security brand.

During our chat, we get to talk about a lot of things, including the birth and evolution of a start-up; the potential liability a company may incur if they have a massive infrastructure built of IoT devices that get compromised, and; bots and other automated devices that can be turned into a cyber army with evil plans and unpleasant consequences for the Internet and its users.

It was a wild ride; a conversation that we truly enjoyed. We invite you to join us as Will and Matt take us up and down the rollercoaster of InfoSec.

, ,

Their Story At Hacker Summer Camp | Las Vegas 2019 | Mahesh Rachakonda, CipherCloud

, ,

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Mahesh Rachakonda, CISSP, VP - Product & Solution Engineering | CipherCloud

With a background rooted in engineering, computer science, and middleware systems development, Mahesh Rachakonda, CISSP, VP Product & Solution Engineering at CipherCloud, has worked on several complex systems, including those found in hospitality, telecommunications, and even some military installments.

Taking the story beyond his role in the industry to that of CipherCloud’s story—which began back in 2010—Mahesh explains to us that the main company message and goal was all about enabling cloud adoption; something that initially took quite some effort to get organizations and people prepared and ready to trust this new operating environment.

As businesses adopted these cloud technologies, they also began to realize that there was a lot to understand concerning how and where security policies, controls, monitoring, and response were handled. This challenge is exacerbated given the sheer number of cloud environments running countless applications and services—which can vary dramatically depending on the industry and widespread use cases within each.

Listen to this story about Mahesh and CipherCloud. There is something interesting here for everyone — no doubt about it.

, ,

Their Story At Hacker Summer Camp | Las Vegas 2019 | Jay Kim, DataLocker

, ,

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Jay Kim, CEO and Founder | DataLocker

For today’s story, Sean and I connect with a former pharmaceutical IT professional and now-CEO of DataLocker, Jay Kim. While focused on IT problems, Jay found himself in the crosshairs of the Y2K phenomenon and got a real taste for what the “A” meant in the information security CIA Triad (Confidentiality, Integrity, and Availability). As a consequence of his choice to be in IT, Jay found himself on a business trip where he met an engineer with a novel idea about manufacturing secure external hard drives.

The idea turned into a patented, secure external hard drive device that was a platform-independent device with a built-in keypad used for authentication—meaning all the users had to do was plug it in and type in their passcode to access the data on the drive. With this, the company, DataLocker, was formed.

There’s a decent amount of story told by Jay covering the years following their FIPS-validated product in 2009, and I would encourage you to listen to hear how the business was, founded and funded, how the team grew, and how the product line and overall solution set was enhanced. Listen up. We think you will find some inspiring words here. 

Stay Tuned on ITSPmagazine Podcasts

Broadcasting Ideas. Connecting Minds. A Modern Innovative Multi-Media Platform.
A Global Space Where Intellectual Exchange Is Encouraged.

Musing On: Technology | Cybersecurity | Society & Culture | Business | Space | Science | Leadership | Environment | Healthcare & Wellness | Storytelling & Storytellers | Artificial Intelligence & Generative AI | Ethics & Philosophy | Policy & Regulations | Hacking | Software Development | Sociology & Psychology | Founders & Start-Ups | Conferences & Events | Mentoring | Creativity | Writing | Space Exploration and Security | Music | Musicians | Musical Instruments | Arts | Brands & Brand Marketing | …

Subscribe to the main ITSPmagazine Podcast Channel to listen to all our conversations directly on your favorite podcast player.

Note: These are links to the General ITSPmagazine Podcast where MOST episodes from our individual Podcast Channels are published. To subscribe to your favorite shows, please visit Our Podcasts Page

If you do not see your favorite player above, open it and search for ITSPmagazine Podcast.