Spotlight
Editor
A Practical Look at Incident Handling: How a ...

A routine bug bounty submission triggered a deep investigation at a digital signage company and revealed how strong processes guide fast, measured incident response. The discussion highlights what transparency looks like in practice and why passwordless authentication is becoming central to reducing credential driven risks.

Full Story
Editor
How to Make One SOC Analyst Work Like Ten: Stop ...

This Brand Story episode explores how security operations can move past the limits of data normalization and enable every analyst to perform like an entire team. Monzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to show how AI-driven collaboration reshapes what’s possible in the SOC.

Full Story, Spotlight Story
Editor
The Schema Strikes Back: Killing the ...

This episode explores how Crogl’s patented approach removes the need for data normalization, allowing security teams to query unstructured data directly across systems. Director of Product Marketing Cory Wallace joins Sean Martin to discuss how this innovation empowers analysts, reduces schema drift, and restores visibility across complex environments.

Full Story
Editor
How F-Secure Transformed from Endpoint Security ...

The cybersecurity industry operates on a fundamental misconception: that consumers want to understand and manage their digital security. After 17 years at F-Secure and extensive consumer research, Dmitri Vellikok has reached a different conclusion—people simply want security problems to disappear without their involvement.

Full Story
Editor
Why This Cybersecurity Executive Left Corporate ...

The decision to leave a successful corporate position and start a company requires more than just identifying a market opportunity. For Shankar Somasundaram, it required witnessing firsthand how traditional cybersecurity approaches consistently failed in the environments that matter most to society: hospitals, manufacturing plants, power facilities, and critical infrastructure.

Taming The Chaotic World Of API Security — Finding Your Path To Protection | An Imperva Story with Kunal Anand

A Their Story conversation with Sean Martin, Marco Ciappelli, and Imperva executives

As digital consumers, we need APIs to beckon mobile apps and access the digital services we love. But, for companies, it's a new dimension of risk that many aren't prepared for. In part, because it's not always clear: who's responsible for securing the APIs?

Perhaps it's the engineers/developers. Maybe it's the InfoSec team. In some instances, there's a dedicated AppSec team that oversees this activity. Sometimes it's a combo of this group. But, unfortunately, because of the lack of clarity, sometimes it's nobody.

To help bring clarity to the chaos, we had Kunal Anand, CTO at Imperva, join us to help understand what organizations are up against and then help them find ways to operationalize API security.

CyberSecurity Leaders Use Cybersecurity Maturity Model (CMM) To Achieve Cybersecurity Maturity With Their InfoSec Program | A Blue Lava Story With Demetrios Lazarikos (Laz) And Andy Hoernecke

A Their Story conversation with Sean Martin and Demetrios Lazarikos (Laz) + Andy Hoernecke from Blue Lava

Listen in to learn more from Laz and Andy as they share their experiences and expertise. Join us to examine what it means for InfoSec teams to achieve maturity and how a comprehensive program framework can help the group begin their journey by setting a baseline and establishing maturity measurements.

Crowdsourcing Cybersecurity Intelligence To Secure Society | A CrowdSec Story With Philippe Humeau

A Their Story conversation with Sean Martin, Marco Ciappelli, and Philippe Humeau, CEO at CrowdSec

CrowdSec is joining the good guys on this battlefield and understands that by acting together and sharing important, relevant pieces of information, we can successfully counteract organized cybercrime. CrowdSec's CTI-driven IPS objective is to automate cybersecurity threat intelligence sharing and consumption on a large scale.

Learn more about what it means to join the crowd and how all the information can benefit businesses and organizations all over the globe. This is the value of authentic and accurate information sharing.

Language Holds The Key To Communicating Security And Business Strategy | A Blue Lava Story With Jen Sanford and Rock Lambros

A Their Story conversation with Sean Martin, "Rock" Lambros of RockCyber, and Jen Sanford from Blue Lava

CISOs tend to talk to other technical personnel and don’t get involved in business conversations on a regular basis. To succeed in their role, however, CISOs need to get out from behind their keyboards and start discussions with executives so they can begin to translate what they do in security into what the business wants to hear. But finding those connection points between technology and the business is difficult.

With this story, Martin, Lambros and Sanford focus on strategy and planning because that’s what helps CISOs evolve into the role they want now and into the future. But it doesn’t happen magically. Only through understanding, research, and action, can CISOs reach that point.

It’s time to make your own magic happen. Have a listen.

Executives Are Under Siege As Hackers Target The Video Game Industry | A BlackCloak Story With Chris Pierson And Joel Fulton

A Their Story conversation with Sean Martin, Marco Ciappelli, and BlackCloak CEO and founder, Chris Pierson with CyberSecurity and CISO veteran, Joel Fulton

It is not the first, nor the last, time we suggest studying our history to learn about our present and imagine the future. To get a view for how society reacts to scams and cons, we can look to the past for education, perhaps some inspiration, and maybe even some guidance. Yes, even when looking at cybersecurity and the video game industry.

In this new chapter of the BlackCloak story, we get to dive into a new report the team put together, looking at the world of gaming as the source of risk, threats, and compromise. And, to our liking, we got to use the report's findings to take a look back in time (way back, in fact), such that we can connect the dots between humanity, psychology, and security (cyber and not).

Listen in. Go back in time with us. And prepare for the future. Remember, while the report is about gaming — this isn't a game.

Cloud Modernization Strategies | What Does Your Data Transformation Journey Look Like | An Imperva Story with Ron Bennatan

A Their Story conversation with Sean Martin, Marco Ciappelli, and Imperva executives

We live in a world where the only constant is change. We’ve managed to survive by anticipating and following the changes to our business models, data models, and threat models. Have we done a decent job bringing our business to the cloud thus far? What about where we head to next?

This is a 2-part podcast series with Imperva executives. The series will explore the past, present, and future paths organizations have and will need to take to the cloud with a data security model and solution designed to handle constant growth and change.

Now… please join us as we join you on this journey you’ve already begun.

The Business Value Of A Security First Approach As A Means To Achieve And Maintain Compliance | A HITRUST Customer And Partner Story With Rudi Perkins (Welvie) And Blaise Wabo (A-LIGN)

A Their Story conversation with Rudi Perkins (Welvie) And Blaise Wabo (A-LIGN), customer and partner of HITRUST, respectively

Suppose you're like Rudi, who, six years ago, tried to bring his organization to an effective level of compliance and increase his security posture by managing multiple spreadsheets. In that case, you're probably finding yourself going nuts — just like Rudi did, and many others do, when faced with a similar complex and overwhelming situation.

Thankfully, this is when Rudi's and Blaise's stories — individually and collectively — can make a world of difference for you.

They've figured many things out: they found the right processes, tools, and partners to make this experience better overall. They've created an experience they want, driven by a common framework that maps all of those things together, giving you the means to do the controls assessment, identify and mitigate the gaps, and then apply that work to many standards, frameworks, and regulations in the US and abroad.

In short, what HITRUST and its Assessor community are doing here is to enable the business — individually and collectively as part of a larger supply chain — to operate securely within the boundaries of the regulatory and industry requirements for which they must abide.

“Our customers expect that of us. Our partners expect that of us. We should expect that of each other and of ourselves too.” —Sean Martin

The Humans In The Mainframe | Common Misunderstandings In Mainframe Security Management | A Key Resources Story With Ray Overby

A Their Story conversation with Sean Martin, Marco Ciappelli, and Key Resources CTO and co-founder, Ray Overby

The lack of InfoSec talent is something the cybersecurity industry complains about all the time. How does this challenge differ when we look at mainframe security? Once again, perception and reality are not a match.

We've come full circle with mainframes. They still do what they were designed to do — really well, in fact. Still, we need to understand the role of the human in the equation as we try to do two things at once: 1) run the critical business processes on the mainframe, and 2) remember that security doesn't happen magically; it requires human intervention.

It's time to put the humans back in the mainframe. History, as usual, can help us clarify the present and plan for a better future.

Have a listen to learn more.

Take Back The Keys To Your Kingdom | A Semperis Story About Purple Knight's Mission To Secure Active Directory | With Darren Mar-Elia And Ran Harel

A Their Story conversation with Sean Martin, Marco Ciappelli, and leaders from Semperis

Here is the truth: Active Directory remains a soft target for attackers attempting to steal credentials and deploy ransomware. However, there is another truth: it doesn't have to stay that way. There is a new Knight in the castle — it is purple, and it is here to change the game.

During this podcast, we learn more about Semperis' mission with its new free tool, Purple Knight, including what it can do, how it works, and what the end results can be once an organization takes concrete steps to protect the keys to its kingdom.

Join us on this new adventure and meet this new character in the Semperis saga.

Once upon a time...

6 Years Of Vulnerability Analysis: Stacking Up The Bugs To Understand Their Impact On Business | The 6th Annual 2021 Vulnerability Statistics Report | An Edgescan Story With Eoin Keary

A Their Story conversation with Sean Martin, Marco Ciappelli, and Eoin Keary from Edgescan

It is that jolly time of the year: The Edgescan vulnerability stats report has arrived! After six annual editions, it has become an industry pillar representing the global state of cybersecurity vulnerability management.

It is not for nothing that this large dataset is also part of other annual security analysis reports, such as the OWASP Top 10 and Verizon Data Breach Investigations Report (DBIR).

So, what's in it? A bunch of numbers, and they all mean something. They will help you and your organization improve the effectiveness of your vulnerability management program and, in turn, your risk profile. But do not take our word for it. We spoke directly with the founder of the report and the company behind it, Edgescan's CEO, Eoin Keary.

Evolving Third-Party Risk Management for Today’s Complex Ecosystems | An Archer Story With Jon Ehret And Chris Patteson

A Their Story conversation with Sean Martin, Marco Ciappelli, and leaders from Archer and RiskRecon

The third-party ecosystems of today’s organizations have become more complex, more digital, and more extensive than ever before. The need for an accurate picture of your vendor’s security posture is greater than ever, with public and private sector organizations reporting a surge in cyber-attacks, and at the same time, continuing to experience and react to substantial disruption to their third-party ecosystems.

Want to learn more? Have a listen and watch the on-demand webinar.

The Good, The Bad, And The Ugly | The Bad Bot Report 2021 | An Imperva Story with Edward Roberts

A Their Story conversation with Sean Martin, Marco Ciappelli, and Imperva

The 8th edition of the Bad Bot Report, produced using research and analysis from Imperva Research Labs, shows that more than 40% of all web traffic requests originated from a bot last year. The reduction in human traffic coupled with the increase in bot traffic, according to the report, suggests the growing scale and widespread impact of bots in daily life.

This is a 2-part podcast series with Imperva. In this series, we get to speak with Edward Roberts, Director of Strategy, Application Security at Imperva, to look at the findings in the report from two angles. Be sure to catch both episodes to get both perspectives.

Their Identities Are Hidden, But Their Frustrations Are Not | InfoSec Confessions: Log's Honest Truth | A Devo Story

A Their Story conversation with Sean Martin, Marco Ciappelli, and the team from Devo. This is a 5-part podcast series inspired by the Log’s Honest Truth video campaign recently published by Devo.

Logs do not lie. But, what is the true story that a company’s business data can tell to the security professionals that use these logs everyday to do their job? Perhaps more importantly, can these cybersecurity professionals candidly and openly talk about the way they feel about their job and how they would like the data to work better for them?

Sometimes we just need a safe space to share how we really feel.

Listen to each podcast episode, watch the accompanying Log’s Honest Truth confession video, and be sure to subscribe to our newsletter and podcasts to catch all of the episodes as they become available.

Building A Center Of Excellence For Business Processes And Workflow Automation | A Nintex Story With Josh Waldo And Maggie Malone Swearingen

A Their Story conversation with Sean Martin, Marco Ciappelli, and leaders from Nintex and Protiviti

When defined and executed well, a Center of Excellence can be more than a model or process to follow; it can set the bar for the organization by which each part can play a role in making things better. It's not automatic—it requires dedication—and customization.

Have a listen to learn about what our guests hear every day from organizations of all sizes looking to make things better for the business by transforming their business processes with a clear view for what it means to be excellent in how things are built, managed, and executed.

Enjoy, and automate!

Inside The Mind Of A Hacker Report | Unique Histories, Shared Destiny | A Bugcrowd Story

A Their Story conversation with Sean Martin, Marco Ciappelli, and Bugcrowd executives, business leaders, and security researchers

While similarities exist, the latest research indicates the next era of cybersecurity has more in common with the Renaissance, sharing its characteristics of humanism, exploration, and warfare.

This is a 4-part podcast and webcast series we have discussions with Bugcrowd executives, business leaders, and security researchers. The series will explore the traits, attributes, and mindset of the security researchers that enable the successful crowdsourced security assessment market, specifically focusing on these 4 areas: BUSINESS VALUE | GEOGRAPHICS | DEMOGRAPHICS | PSYCHOGRAPHICS

Bookmark this page to catch all of the episodes as they become available.

Listen and learn as you build out your security program by leveraging the global and diverse crowd.

When Failure Is Not An Option, Organizations Turn To The Mainframe — Incorporating Mainframes Into Your Zero Trust Architecture | A Key Resources Story With Cynthia Overby

A Their Story conversation with Sean Martin, Marco Ciappelli, and Key Resources president and co-founder, Cynthia Overby

As secure as the mainframe is, it is still another operating system with software running on it. Many information security programs tend to offer these systems special treatment, exemptions, and exceptions — especially when it comes to zero-trust frameworks.

The last time we checked, they were not sitting underground, disconnected from the rest of the IT infrastructure, and in the general vicinity of Area 51. Nope. They are connected and making most of our lives work throughout society. Let's show them the respect — and the security — they deserve.

Enjoy the conversation, if you please.

How And Where You Draw The Lines Of Protection Matters | A BlackCloak Story

A Their Story conversation with Sean Martin, Marco Ciappelli, BlackCloak executives, industry thought leaders, and security/risk practitioners

Balancing protection, responsibility, and liability for the safety of the employees and the safeguarding of company assets.

It may seem obvious and straightforward that there are clear lines between work time and personal time — work devices and personal devices — work networks and personal networks … and so on. It was never that simple before the work-from-home phenomenon and it’s only gotten even more complicated since.

In this three-part conversation, we’ll be looking at what it means to protect the employee as a means to protect the business. We will look at what may not be obvious for most organizations: how and where companies draw their lines of protection between their business and their employees matter. Get the responsibility lines drawn correctly and the business revenue and growth can be protected. Draw the protection line(s) incorrectly and you could be introducing liability can be added to the overall corporate risk profile.

This is a 3-part podcast series that will cover three different perspectives across these 3 episodes:
EXECUTIVES | EMPLOYEES | OPERATIONS

Bookmark this page to catch all of the episodes as they become available.

The State of Privacy In 2021 | Multi-National Companies Have Unique Privacy Requirements | An Imperva Story with Kunal Anand

A Their Story conversation with Sean Martin, Marco Ciappelli, and Imperva executives

We live in a global economy with a global Internet—but is there just one Internet?

This is a 2-part podcast series with Imperva executives. The series will explore the role of the Internet(s) in defining and enforcing data privacy policies around the world.

Subscribe to the newsletter and Subscribe to the podcast to get notified of future episodes.

2020 SOC Performance Report: A Tale of Two SOCs | A Devo Story

A Their Story conversation with Sean Martin, Marco Ciappelli, and Devo executives, business leaders, and security practitioners

What separates a highly effective SOC from a poor-performing SOC?

In this three-part conversation, we will discuss exactly that: the technology, the humans, and the synergistic relationship between the two. Together, with Devo, we explore the tale of Two SOCs: what defines success and what drives performance—plus, what doesn’t.

This is a 3-part podcast series with Devo executives, business leaders, and practitioners along with some of their strategic customers and partners. The series will explore the tale of 2 SOCs: what defines success and what drives performance—with the community-based research the Ponemon Institute performed that will effectively define these 3 episodes: TECHNOLOGY | HUMANS | BUSINESS

Bookmark this page to catch all of the episodes as they become available.

Listen and start tuning your SOC to achieve the performance the business deserves.

Customize Your Own Content Creation Program with Studio C60

Subscribe to the main ITSPmagazine Podcast Channel to listen to all our conversations directly on your favorite podcast player.