CISO Insights:Voices in Cybersecurity
Welcome to CISO Insights, the official podcast of CISO Marketplace, where we dive deep into the latest trends, challenges, and innovations in cybersecurity.
Listen On Your Favorite Platform
Also available on: Overcast, Pocket Casts, Castro, Castbox, Podfriend, Goodpods
Latest Episodes
Explore the critical cybersecurity challenges facing the financial services industry today, from the increased risk of data breaches and sophisticated cyber attacks to emerging threats like quantum computing and client-side vulnerabilities. Drawing insights from the cutting-edge solutions featured in the CYBERTECH100, we delve into innovative technologies like AI-powered threat detection, behavioral biometrics, post-quantum cryptography, and centralized access management that are revolutionizing how financial institutions protect their assets and customers. Join us as we unpack the complexities of the digital finance landscape and discover how to stay ahead of evolving cyber risks. www.compliancehub.wiki/navigating-the-digital-maze-a-comprehensive-guide-to-e-commerce-compliance
:16:24
This episode examines Spain's proactive approach to online child safety. We explore the Spanish Data Protection Agency's (AEPD) innovative framework for age verification and its emphasis on safeguarding children's rights in the digital age. COPAA, KOSA, TDPSA
:35:52
This episode explores the complex challenges and opportunities facing the U.S. in the realm of cybersecurity. Experts weigh in on a new report outlining a roadmap for the incoming administration, emphasizing the need for a comprehensive national strategy, public-private partnerships, and a robust cyber workforce.
:30:29
This podcast explores the alarming trend of North Korean IT workers infiltrating US companies, using their positions to generate revenue, evade sanctions, and potentially engage in cyber espionage. Discover the tactics they employ and how businesses can protect themselves.
:18:04
Explore the EU's groundbreaking law regulating artificial intelligence. We break down the risk-based system, banned practices, and global impact. Join us as we decode the AI Act and its implications for the future of technology.
:13:23
In an era where cyber and physical threats increasingly intersect, critical infrastructure faces unprecedented risks. This podcast delves into the crucial need for security convergence, exploring how organizations can break down security silos between IT, physical security, and operational technology (OT) to achieve a holistic and resilient defense. We examine the challenges of converging disparate security cultures and technologies, and highlight the benefits of a unified approach, including improved risk management, efficiency, and protection against hybrid threats. Drawing on expert insights and real-world examples, we explore strategies for strategic alignment, joint risk assessments, and the implementation of frameworks that foster collaboration and a stronger security posture for the foundational systems that underpin modern society. www.secureiotoffice.world/bridging-the-divide-why-converged-security-is-imperative-for-protecting-critical-infrastructure (http://www.secureiotoffice.world/bridging-the-divide-why-converged-security-is-imperative-for-protecting-critical-infrastructure) www.securitycareers.help/the-evolving-role-of-the-ciso-leading-converged-security-teams-in-a-cyber-physical-world (http://www.securitycareers.help/the-evolving-role-of-the-ciso-leading-converged-security-teams-in-a-cyber-physical-world)
:17:50
Navigate the complex cybersecurity landscape of Q2 and Summer 2025 as we delve into the escalating convergence of AI-driven cyberattacks, the persistent vulnerabilities of the expanding Internet of Things (IoT), and the challenges of establishing robust security and governance frameworks. Based on recent Q1 2025 incident data and expert projections, this episode explores the weaponization of AI in phishing, malware, and social engineering, the continued exploitation of poorly secured IoT devices, and the evolving tactics of ransomware and state-sponsored actors. We'll also discuss the crucial need for proactive defense, AI-augmented security, and adaptation to a fragmenting global regulatory environment. breached.company/strategic-cybersecurity-outlook-ai-iot-and-threat-actor-convergence-in-q2-summer-2025
:23:38
The first four months of 2025 witnessed an alarming surge in global cybersecurity incidents, with ransomware attacks reaching unprecedented levels. Join us as we dissect the key trends, including the evolution of ransomware tactics like double extortion, the increasing sophistication of social engineering fueled by AI and deepfakes, and the persistent exploitation of software vulnerabilities. We'll delve into major incidents like the crippling attack on Change Healthcare and the record-breaking Bybit cryptocurrency theft, highlighting the most targeted sectors such as healthcare, education, government, and manufacturing. Finally, we'll examine how organizations, law enforcement, and the evolving global regulatory environment, with key legislation like the EU's NIS2 and DORA, are grappling with this escalating cyber threat. breached.company/global-cybersecurity-incident-review-january-april-2025
:21:32
Experts break down the latest cybersecurity reports, revealing how threat actors are evolving their tactics and accelerating their attacks. Learn what's changing, who's being targeted, and what you can do to protect yourself and your organization. www.breached.company
:16:16
This podcast delves into the complex world of Artificial Intelligence, exploring the cybersecurity risks associated with its adoption and the evolving regulatory landscape, particularly focusing on the EU AI Act. We break down the key aspects of the AI Act, including definitions of AI systems and general-purpose AI models risk classifications and the obligations for providers and deployers. We also examine strategies for securing AI applications and managing the cybersecurity threats that arise with increased AI usage Join us as we navigate the balance between AI innovation, security, and compliance. www.compliancehub.wiki/navigating-the-technical-landscape-of-eu-ai-act-compliance
:32:04
This podcast examines the SolarWinds cyber breach, a sophisticated supply chain attack that sent shockwaves through the cybersecurity landscape. It explores the attack's mechanics, how malicious code embedded in SolarWinds' Orion software updates compromised thousands of organizations, including prominent government agencies and Fortune 500 companies.
:26:11
This episode explores Brazil's General Data Protection Law (LGPD), examining its impact on businesses worldwide, key principles, and enforcement.
:13:41
From water bills held hostage to artists losing their savings, this week's cyberattacks expose our digital vulnerabilities. We unpack the motives, the players, and the tech shaping this digital battleground. Plus, what you can do to protect yourself.
:13:10
Ever order takeout online? You're thinking about food, not data, right? But somewhere a company is processing your order, your address, and even your payment information, possibly sending it across borders. This podcast is your crash course on data privacy laws and cross-border data transfers. Learn how GDPR, CCPA, LGPD, and PIPL impact you and what control you have over your data.
:08:08
Ever get the feeling like someone's listening in on your digital life? Well, Texas has heard you! In this episode, we break down the Texas Data Privacy and Security Act (TDPSA), a game-changing law designed to give Texans more control over their personal data.
:11:10
Tired of the annual PCI scramble? This episode explores how to make PCI DSS part of your everyday security posture. We'll discuss practical tips, new technologies, and the evolving threat landscape, emphasizing that security is a journey, not a destination!
:11:59
Delve into the critical artificial intelligence trends shaping 2025, as highlighted in the statworx AI Trends Report. This podcast explores the rapid advancements in AI, the ongoing global competition for AI supremacy, the impact of European regulations like the AI Act, and the potential bursting of the AI investment bubble, offering insights for businesses and decision-makers.
:17:02
Join us as we explore the hidden world of Terms of Service and End User License Agreements. We'll examine how companies and governments collect and use your data, the implications for your privacy and freedoms, and what you can do to protect yourself in the digital age.
:16:55
Learn how scammers plan attacks around holidays and your habits! This episode breaks down common seasonal scams, how to spot them, and how to protect yourself. Plus, we explore the world of scam baiting! visit: www.ScamWatchHQ.com (http://www.scamwatchhq.com)
:10:07
Every week, another company is slapped with a hefty fine for violating data privacy. This podcast explores the financial fallout of data breaches and ransomware attacks, discussing high-profile cases and the evolving regulatory landscape. Are companies taking data security seriously or just writing checks? Tune in to find out!
:14:57
Explore landmark legal cases like USA v. Sullivan and SEC v. SolarWinds and learn about the evolving responsibilities of CISOs and the impact of cyber security on financial stability.
:13:01
Learn what it takes to be a Chief Information Security Officer in this deep dive into building a security culture.
:10:39
This podcast provides a comprehensive overview of the essential cybersecurity laws that shape how we interact with data in the digital age. Listeners will gain a clear understanding of the key regulations, including GDPR, CCPA, HIPAA, and PCI DSS, and how these laws work in concert to protect personal and sensitive information. The podcast breaks down complex legal concepts into accessible explanations, using real-world examples to illustrate the practical implications of cybersecurity law.
:18:39
Join us as we explore the evolving landscape of AI governance, comparing the US, EU, and Chinese approaches, and discussing the implications for society.
:25:35
In this CISO Insights episode, we unpack the GDPR and its impact on you and your business. Learn the key principles of data privacy, how companies are adapting, and get practical tips on managing data inventory, consent, and breach responses. Whether you're a business owner or tech enthusiast, discover how GDPR is shaping the future of data privacy. Tune in for actionable advice and expert insights!
:11:35
Join us as we unravel the complex world of deepfakes. We'll expose the technology behind these AI-generated illusions, explore their potential for harm and deception, and equip you with the knowledge to spot these digital deceptions. From imposter scams and disinformation campaigns to the liar's dividend, we'll navigate the ethical and societal implications of this rapidly evolving technology.
:12:20
Join us for SOC Insights, the podcast dedicated to demystifying the world of the Security Operations Center. We delve into the core functions of a SOC including collection, detection, triage, investigation, and incident response. Explore essential SOC tools like SIEMs, Threat Intelligence Platforms, and Incident Management Systems. Understand the critical role of threat intelligence, the proactive practice of threat hunting and the importance of metrics for measuring SOC performance. We'll also discuss the challenges faced by SOC teams, such as alert triage, the need for skilled staff, and the integration of automation and orchestration. Whether you're a seasoned security professional or new to the field, SOC Insights provides valuable perspectives on building and operating an effective cyber defense. www.securitycareers.help/the-nerve-center-of-cyber-defense-understanding-and-building-effective-security-operations-centers
:25:11
This episode explores the risks of "confabulation" in AI, where systems generate outputs that appear credible but are actually fabricated. The hosts discuss a NIST report highlighting this issue and emphasizing the importance of proactive measures to mitigate the potential for AI misuse.
:07:53
Millions in recovery costs. Chaos for residents. The Suffolk County cyberattack was a major wake-up call. Join us as we unpack the recent report revealing the perfect storm of missed warnings, systemic failures, and poor decisions that left Suffolk County vulnerable to attack.
:14:31
LockBit ransomware has dominated headlines for its ruthless attacks and lucrative business model. This podcast goes beyond the headlines, exploring LockBit's evolution, its notorious triple extortion tactics, and the impact on victims worldwide. Listen as experts analyze real attack breakdowns and offer insights into how to protect your organization from becoming the next victim.
:11:21
Join us as we unpack the alarming findings from Proofpoint's Voice of the CISO report. This episode explores the anxieties keeping CISOs awake at night, from the looming threat of major cyberattacks to the struggle with burnout in the face of mounting pressure.
:12:56
Confused by the growing number of state privacy laws? Join us as we break down these complex regulations, empowering you to protect your data and navigate the evolving world of digital privacy. We will discuss how states like Connecticut, Florida, Texas, Maine, Montana, and Oregon are tackling these issues and what it means for you!
:10:43
Schools, hospitals, airports, and even a global energy giant weren't safe from cyberattacks this summer. Listen as we unpack the major events, new ransomware players, and the alarming trend of attacks on essential services.
:08:51
Join us as we trace Evil Corp’s evolution from their early days developing banking trojans like Dridex and BitPaymer to their more recent adoption of ransomware-as-a-service models like LockBit. We'll investigate the key players behind the operation, including the elusive mastermind Maksim Yakubets and his intricate network of developers, administrators, and financial facilitators.
:09:06
Join us as we explore the complex world of AI regulations. We'll break down the latest laws and guidelines from around the world, discuss their impact on businesses and individuals, and examine the ethical considerations shaping the future of AI. Get ready to understand the rules governing the AI revolution.
:13:00
In a world driven by data, are you truly protected? Join us as we explore the complexities of cyber insurance, empowering businesses and individuals to make informed decisions in the face of evolving digital threats.
:14:35
Black Cat, also known as ALPHV, was one of the most prolific and feared ransomware groups in the world. This episode examines Black Cat's rise to prominence, their use of the ransomware-as-a-service model, and the events that led to their dramatic downfall. Learn how they exploited a critical vulnerability in Veritas Backup Exec, bypassed multi-factor authentication, and used a combination of technical prowess and social engineering to extort millions from their victims.
:10:26
This podcast explores the evolving cybersecurity landscape, drawing insights from the Microsoft Digital Defense Report 2024 and the ENISA Threat Landscape. We delve into the tactics of nation-state actors and cybercriminals, the growing impact of AI on both attacks and defenses, and strategies for building resilience in an increasingly complex digital world. Join us as we examine the latest threats, emerging techniques like AI-enabled social engineering and deepfakes, and the innovative solutions being developed to secure our digital future. breached.company/navigating-the-cyber-frontier-key-insights-for-a-secure-digital-future
:26:50
In this episode, we explore HIPAA and HITECH, their impact on healthcare data privacy, and how these regulations affect everyone. We'll discuss HIPAA's evolution and how HITECH strengthened it with stricter standards for electronic health records, business associates, and breach notifications. Learn about key concepts like PHI, BAAs, and encryption, with real-world examples to help you understand compliance and the importance of data security.
:09:21
Feeling lost in a sea of acronyms like NIST, ISO 27001, and CIS? This podcast is your guide to understanding and choosing the right cybersecurity framework for your organization. We break down the jargon, explore the strengths of each framework, and help you ask the right questions to find the perfect fit for your size, industry, and budget. Join us as we demystify cybersecurity frameworks and empower you to build a safer digital future.
:13:27
Discover how CISO Marketplace's latest innovations, GeneratePolicy.com and CyberAgent.Exchange, are transforming cybersecurity for startups and SMBs. Learn how AI-driven policy generation simplifies compliance and documentation, and how AI-powered agents automate critical security roles, enhancing efficiency and reducing costs. We delve into the key features, benefits, and target audiences for these cutting-edge solutions designed to strengthen your cybersecurity posture. www.cisomarketplace.services (http://www.cisomarketplace.services) Visit and Vote! https://www.producthunt.com/posts/generatepolicy-com-ai-policy-generator https://www.producthunt.com/posts/cyber-agent-exchange-ai-talent-hub
:13:10
Explore the evolving landscape of cyber threats with insights from the CrowdStrike 2025 Global Threat Report. We delve into the tactics, techniques, and procedures of modern adversaries, from social engineering and AI-driven attacks to cloud exploitation and vulnerability exploits. Learn how to proactively defend your organization against these ever-changing threats and stay one step ahead of enterprising adversaries. breached.company/technical-brief-evolving-threat-actor-tactics-in-2025
:31:14
Navigating the complex landscape of U.S. state data privacy laws can be challenging. Join us as we break down the key aspects of these regulations, including consumer rights, business obligations, data breach notification requirements, and enforcement trends. We'll explore the nuances of laws like the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA), and emerging legislation like the New York Privacy Act (if passed), helping businesses and consumers understand their rights and responsibilities in an ever-evolving digital world. www.compliancehub.wiki/navigating-the-maze-an-in-depth-look-at-u-s-state-data-privacy-laws (http://www.compliancehub.wiki/navigating-the-maze-an-in-depth-look-at-u-s-state-data-privacy-laws) https://globalcompliancemap.com https://cisomarketplace.services (https://cisomarketplace.services/)
:27:09
This podcast breaks down the complexities of the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) framework. We delve into the fundamental differences between Level 1's basic safeguarding requirements, Level 2's alignment with NIST SP 800-171 Rev 2, and Level 3's enhanced security based on NIST SP 800-172 and government assessment. Understand the distinct security requirements, assessment processes (self-assessment vs. certification by C3PAOs or DIBCAC), and prerequisites for each level to ensure your organization can confidently navigate the CMMC landscape. www.compliancehub.wiki/navigating-cmmc-compliance-for-your-defense-contractor-website
:16:20
This podcast explores the critical landscape of AI security, drawing on insights from leading experts and resources. We delve into the unique challenges and risks associated with AI systems, including both machine learning and heuristic models. We will discuss the various types of threats, such as those that occur during development, through use, and at runtime, as well as their associated controls. We will also examine the application of these concepts in the specific context of Generative AI, which presents its own unique challenges. https://www.hackernoob.tips/llm-red-teaming-a-comprehensive-guide/
:20:35
This podcast dives into the shocking findings of a live honeypot experiment that recorded over 570,000 cyber attacks in just seven days. We explore the attack trends, including brute-force attempts, stolen credentials, automated bots, and known vulnerabilities, offering valuable insights for SOC analysts, security researchers, and anyone curious about real-world cyber threats. Learn about attacker behavior, commonly exploited vulnerabilities, and actionable steps to make security teams smarter and better prepared. breached.company/the-relentless-tide-understanding-global-cyber-attacks-and-breaches
:23:39
This podcast delves into the crucial aspects of cyber security incident response maturity. We explore how organizations can assess and improve their capabilities using tools like the detailed assessment based on 15 steps. We discuss key concepts such as criticality assessments, threat analysis, and the importance of people, process, technology, and information in preparing for, responding to, and following up on cyber security incidents. Understand how target maturity levels and weighting factors can be used to tailor your assessment and identify areas for improvement in your cyber security incident response lifecycle. https://irmaturityassessment.com breached.company/enhancing-cyber-resilience-an-in-depth-look-at-incident-response-maturity-assessments
:21:32
Join us as we explore the NIST Cybersecurity Framework (CSF) 2.0, the essential guide for organizations looking to manage and reduce cybersecurity risks. We delve into the six core Functions: Govern, Identify, Protect, Detect, Respond, and Recover, examining the key changes and updates from previous versions. Whether you're new to the CSF or looking to implement the latest version, this podcast offers insights into creating Organizational Profiles, understanding Community Profiles, and leveraging the framework to improve your overall cybersecurity posture. We'll also discuss how the NIST CSF complements other compliance frameworks and helps you build a resilient and risk-informed cybersecurity strategy www.compliancehub.wiki/the-nist-cybersecurity-framework-csf-2-0-a-comprehensive-guide-for-your-compliance-hub
:18:25
This episode breaks down the evolution of ransomware over the past two years (December 2022 to November 2024), using a trove of cyber insights reports. Listeners will gain a clear understanding of how ransomware has transformed from basic encryption schemes to sophisticated attacks involving data exfiltration, double extortion, and specialized targeting. The episode explores: Evolving Tactics: The shift from simple encryption to data theft and double extortion, increasing pressure on victims. Expanding Targets: The move beyond traditional targets like healthcare and government to include critical infrastructure, highlighting the growing threat to essential services. Ransomware-as-a-Service: The emergence of this model, lowering the barrier to entry for cybercriminals and contributing to the fragmentation of the ransomware landscape.
:16:48
This episode examines recent trends in GDPR enforcement, including the shift towards personal liability for management, the rise of class action lawsuits, and the importance of compliant data transfer mechanisms. We'll discuss how the EU court's recent award of damages for illegal data transfers without material loss could lead to significant legal challenges. Learn how to protect your organization from heavy penalties and safeguard user data. https://dataprivacytool.info (https://dataprivacytool.info/) https://finemydata.com (https://finemydata.com/) https://www.compliancehub.wiki (https://www.compliancehub.wiki/)
:23:36
Join us as we explore the latest cybersecurity advisory from the NSA and its international partners, revealing the most exploited vulnerabilities of 2023. We break down complex technical jargon into understandable concepts, highlighting real-world examples like the Microsoft Outlook vulnerability that allows attackers to take over your system just by opening an email! Discover the common weaknesses hackers target and learn practical steps to protect yourself. From enabling multi-factor authentication to understanding the dangers of buffer overflows and SQL injections, we provide actionable insights to enhance your cybersecurity posture. Tune in and level up your digital defenses!
:14:14
The cybersecurity landscape in 2024 saw a dramatic 20% surge in exploited vulnerabilities, with attackers increasingly targeting network edge devices and cloud infrastructure. This episode dives into the key statistics, trends, and major incidents, highlighting the critical need for proactive security measures like robust patch management and zero-trust architecture to combat the growing threat. https://www.breached.company/the-escalating-threat-landscape-a-deep-dive-into-2024s-surge-in-vulnerability-exploitation/
:14:02
In a world increasingly shaped by digital interactions and artificial intelligence, online scams are becoming more sophisticated and pervasive. Scam Savvy delves into the tactics employed by fraudsters, from exploiting emotions in charity and romance scams to leveraging AI for deepfakes and personalized phishing attacks. We unmask these deceptive practices and equip you with the knowledge to protect yourself in the evolving landscape of online crime. www.scamwatchhq.com/navigating-the-digital-deception-understanding-and-avoiding-online-scams-in-the-age-of-ai (http://www.scamwatchhq.com/navigating-the-digital-deception-understanding-and-avoiding-online-scams-in-the-age-of-ai) https://identityrisk.myprivacy.blog (https://identityrisk.myprivacy.blog/)
:15:17
This episode delves into the rapid rise of the Chinese AI startup DeepSeek, exploring its cutting-edge technology that rivals major competitors and its recent challenges including a cyberattack and mounting global scrutiny. We'll examine the concerns surrounding data privacy, censorship, and regulatory hurdles that DeepSeek faces in the wake of its quick success.
:22:38
Ever get the feeling you're being watched online? Like every click, every like, every share is feeding some invisible monster? Well, you're not wrong. This podcast explores the dark side of Meta, the company formerly known as Facebook, and how its vast empire impacts your privacy, security, and even your mental health. We'll uncover Meta's data collection practices, expose the chilling world of deepfake scams, and investigate allegations that Meta's algorithms are enabling child exploitation. Get ready to take back control of your digital life. We'll provide practical tips on how to protect yourself from data breaches, manipulative algorithms, and government overreach. Plus, we'll explore the future of online privacy, from smart glasses to the metaverse. Tune in and join the fight for a safer and more ethical digital world.
:23:10
Explore the complex landscape of artificial intelligence risks with the MIT AI Risk Repository. This podcast delves into the repository's comprehensive database, causal and domain taxonomies, and methodologies for identifying and classifying AI threats. Join experts as they discuss how policymakers, auditors, academics, and industry professionals can leverage this resource to navigate the evolving challenges of AI safety and governance. https://www.myprivacy.blog/ai-risk-repository-meta-review-database-and-taxonomies/
:21:27
This episode explores the growing cybersecurity risks associated with the increasing connectivity of modern equipment across industries. We examine how the integration of IoT devices and digital technologies in construction, agriculture, and transportation introduces vulnerabilities that can be exploited by malicious actors. We discuss the potential consequences of these cyber threats, including project delays, safety hazards, data breaches, and financial losses.
:14:02
Understand the critical data breach notification requirements under Malaysia's Personal Data Protection Act (PDPA) 2010. Learn how to identify "significant harm" and when you must notify the Personal Data Protection Commissioner and affected data subjects. Stay informed about potential penalties for non-compliance and strategies for robust data breach management. www.compliancehub.wiki/understanding-data-breach-notification-requirements-under-malaysias-pdpa
:15:13
The NIS2 Directive is here, and it's changing the cybersecurity landscape for EU businesses. This episode breaks down the complex requirements of NIS2, explaining who it affects and what steps organizations must take to comply. We'll explore key changes, risk management measures, incident reporting, and the crucial role of management accountability in this new era of cybersecurity. https://www.compliancehub.wiki/navigating-nis2-a-comprehensive-guide-to-the-eus-cybersecurity-directive/
:41:16
Dive into the dynamic world of offensive cybersecurity with insights from leading experts and real-world scenarios. We explore the critical role of techniques like penetration testing, adversary simulation, and red team exercises in proactively identifying vulnerabilities and strengthening defenses against evolving cyber threats. Understand how adopting an adversarial mindset and employing continuous assessment methodologies are essential for navigating today's complex threat landscape and building a resilient security posture. www.securitycareers.help/dont-just-scan-test-choosing-the-right-penetration-testing-partner (http://www.securitycareers.help/dont-just-scan-test-choosing-the-right-penetration-testing-partner) https://cisomarketplace.services https://generatepolicy.com
:13:25
As AI becomes more prevalent, understanding its risks and ensuring compliance are critical. This episode explores the crucial role of internal audit in guiding organizations toward responsible AI implementation. We delve into key areas like risk assessment, data governance, and transparency, offering insights for auditors and business leaders alike. https://www.compliancehub.wiki/the-role-of-internal-audit-in-responsible-ai-and-ai-act-compliance/
:27:58
Are you ready to get a 360° view of your organization’s cybersecurity posture? In this episode, we dive into the 20 Key Performance Indicators (KPIs) that CISOs use to measure and enhance their security programs. Learn how to track risk reduction, incident detection, patch compliance, and more to make data-driven decisions and demonstrate the value of security initiatives. https://www.securitycareers.help/20-key-performance-indicators-kpis-for-cisos-chief-information-security-officers
:24:15
This episode explores the growing conflict between farmers and agricultural equipment manufacturers over the right to repair their own machinery. We delve into how intellectual property laws and proprietary software limit farmers' access to repair tools and information, often creating a manufacturer monopoly. We also examine the ongoing legislative battles, industry agreements, and antitrust lawsuits that are shaping the future of agricultural technology.
:20:01
Navigate the world of SOC 2 compliance specifically for SaaS companies. We break down the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy) explain the difference between Type I and Type II audits, and offer best practices for achieving and maintaining your SOC 2 certification to build customer trust and gain a competitive advantage. Learn how to prepare for your audit, understand the importance of continuous monitoring, and leverage your SOC 2 report for business growth. www.compliancehub.wiki/soc-2-compliance-for-saas-companies-a-technical-deep-dive
:22:07
Uncover the disturbing trend of nation-states utilizing cybercriminals to achieve their strategic objectives. This episode examines how countries like Russia, Iran, China, and North Korea leverage cybercriminals for espionage, disruption, and revenue generation. Explore the various ways states collaborate with cybercriminals, from purchasing malware and tools to directly hiring attackers for specific missions.
:22:54
The podcast explores the key principles and obligations outlined in Singapore's Personal Data Protection Act (PDPA). It offers insights for organizations on how to comply with the PDPA's requirements for collecting, using, and disclosing personal data. It also examines individuals' rights to access and correct their personal data, ensuring a balance between data protection and business needs. https://www.compliancehub.wiki/understanding-the-personal-data-protection-act-singapores-framework-for-data-privacy/
:18:52
The Phobos ransomware, operating under a Ransomware-as-a-Service (RaaS) model since 2019, targets various sectors, demanding millions in ransom. This episode explores Phobos's tactics, such as exploiting vulnerable RDP ports, phishing campaigns, and open-source tools like Smokeloader, to infiltrate networks. Discover practical mitigation strategies and actions to defend against Phobos ransomware attacks and protect your organization. https://www.breached.company/overview-of-phobos-and-8base-ransomware-the-shakedown/
:22:33
Dive into the transformative world of AI in urban environments, exploring both the exciting potential and the significant risks. From UN reports and cybersecurity concerns to real-world case studies, we uncover how AI is reshaping our cities. Join us as we discuss key questions about ethics, governance, and citizen empowerment in the age of AI-driven urban development. https://www.secureiotoffice.world/ai-powered-smart-offices-balancing-innovation-and-security-in-the-modern-workspace/
:16:35
This podcast explores the diverse cybersecurity challenges facing the African continent, from state-sponsored attacks to cybercriminal networks. It examines the development and implementation of legal and regulatory frameworks, as well as regional cooperation efforts to combat cyber threats. The podcast also discusses emerging trends like data sovereignty, AI regulation, and critical infrastructure protection, providing insights into the future of cybersecurity in Africa. www.compliancehub.wiki/cybersecurity-in-africa-navigating-threats-trends-and-the-tech-landscape/
:27:24
Decoding Digital Spain 2025" explores Spain's ambitious plan for digital transformation, focusing on key initiatives in connectivity, 5G, cybersecurity, and AI. The podcast examines how Spain aims to bridge digital divides, enhance public services, and boost its economy through strategic investments and policy reforms. Listeners will gain insights into the challenges and opportunities as Spain strives to become a leading digital hub in Europe while ensuring citizen rights and ethical AI development. www.compliancehub.wiki/span-cybersecurity-and-data-prviacy-with-gdpr-and-lopdgdd-synergy/
:32:56
This podcast dives deep into the 2025 Annual Threat Assessment by the U.S. Intelligence Community, analyzing the most serious threats to U.S. national security posed by major state actors like China and Russia, non-state transnational criminals and terrorists such as ISIS, and the growing trend of adversarial cooperation. We explore the nuanced intelligence, long-term strategic challenges, and evolving tactics that shape the global security landscape. breached.company/the-shifting-global-security-landscape-insights-from-the-2025-annual-threat-assessment/
:27:57
Navigate the complex landscape of Connected Autonomous Vehicle (CAV) cybersecurity. We delve into the critical vulnerabilities in intra- and inter-vehicle communication, explore potential attack motivations ranging from operational disruption to data theft and physical control, and discuss the significance of standards like ISO/SAE 21434 in building a secure future for autonomous mobility. Join us as we uncover the threats and solutions in the evolving world of CAV security. www.hackernoob.tips/autonomy-under-attack-a-hackers-intro-to-cav-cybersecurity (http://www.hackernoob.tips/autonomy-under-attack-a-hackers-intro-to-cav-cybersecurity) www.myprivacy.blog/your-car-knows-more-than-you-think (http://www.myprivacy.blog/your-car-knows-more-than-you-think)
:15:26
Cybercrime is a growing threat affecting all sectors, fueling a shadow economy with projected costs reaching $10.5 trillion by 2025. This episode explores the cybercrime ecosystem, from dark web platforms and cybercriminal psychology to specific attack techniques like social engineering and ransomware. Listeners will gain insights into how cybercriminals operate, their motivations, and the geographical distribution of cybercrime. We also discuss practical precautions and strategies for individuals and organizations to protect themselves against these evolving threats. www.breached.company/decoding-cybercrime-platforms-psychology-and-precautions
:21:51
Explore the cyber espionage campaigns of People's Republic of China (PRC)-affiliated threat actors, such as Volt Typhoon, targeting critical infrastructure. Understand their techniques, including living off the land (LOTL) tactics to maintain anonymity within IT infrastructures. Learn about recommended mitigations and best practices to strengthen network defenses against these sophisticated cyber threats. https://www.breached.company/chinas-cyber-campaigns-a-deep-dive-into-salt-volt-typhoon-and-other-threat-actors/
:37:46
The intersection of technology and geopolitics is creating unprecedented challenges in cybersecurity and AI governance. Global powers are competing in AI and semiconductor technologies, leading to rising tensions and potential risks. Experts at the Munich Security Conference 2025 emphasized the urgent need for international cooperation and robust frameworks to navigate this evolving landscape and foster trust through public-private partnerships https://www.breached.company/navigating-the-geopolitical-tech-storm-cybersecurity-ai-governance-and-global-power-shifts/
:17:37
A deep dive into the latest trends, threat actors, and defense strategies in Operational Technology and Industrial Control Systems cybersecurity. We discuss how geopolitical tensions, ransomware, and hacktivist activities are shaping the threat landscape, and provide actionable insights to improve your organization's security posture. Learn about implementing the SANS ICS 5 Critical Controls, vulnerability management, incident response, and more to protect your critical infrastructure. breached.company/technical-brief-strengthening-ot-ics-cybersecurity-in-2024-and-beyond
:22:14
Explore the inner workings of the Black Basta ransomware group through leaked chat logs and technical analysis. Discover their tactics, techniques, and procedures (TTPs), from initial access and lateral movement to data exfiltration and encryption. Learn how the group exploited vulnerabilities, managed internal conflicts, and targeted critical infrastructure. Gain insights into defending against ransomware attacks with actionable intelligence and mitigation strategies derived from real-world incidents and expert analysis. https://breached.company/stopransomware-black-basta
:19:37
This podcast explores how AI companies are uniquely positioned to disrupt malicious uses of AI models. We delve into real-world case studies, such as surveillance operations, deceptive employment schemes, and influence campaigns, to understand how these threats are identified and neutralized. Join us as we uncover the latest strategies and insights in the fight against AI abuse. www.myprivacy.blog/the-ai-threat-landscape-disrupting-malicious-uses-of-ai-models
:12:26
Venture into the murky world where Silicon Valley's ethical lines blur as AI giants like Google and OpenAI chase lucrative military contracts. Explore how once-sacred principles are being abandoned in favor of algorithms that now dictate life-and-death decisions on the battlefield. Uncover the implications of a future where unaccountable AI systems reshape global conflict, privacy erodes, and the public remains in the dark. www.myprivacy.blog/from-dont-be-evil-to-drone-deals-silicon-valleys-reckless-ai-arms-race
:12:05
This episode examines the rising threats to encrypted communications and the geopolitical implications of cyber espionage. We analyze how Russian threat actors exploit vulnerabilities in messaging apps like Signal and how platforms like Telegram have become hubs for cybercrime. Also examined is the impact of government pressures on encryption standards, and the delicate balance between privacy and national security. https://www.breached.company/encrypted-frontlines-unpacking-cyber-espionage-messaging-app-vulnerabilities-and-global-security
:30:01
From understanding end-to-end encryption (E2EE) on WhatsApp to mastering privacy settings on Snapchat and managing ad preferences on X (Twitter), MyPrivacy.blog equips you with the knowledge to navigate the social media landscape with confidence. Learn about the nuances of private versus public accounts on TikTok. how to leverage features like Close Friends on Instagram and the importance of reviewing third-party app permissions on Facebook. https://www.myprivacy.blog/the-complete-guide-to-social-media-privacy-protecting-your-digital-life-in-2025/
:23:55
Dive into the key findings of the Greynoise 2025 Mass Internet Exploitation Report. We dissect how attackers are reviving old vulnerabilities, the impact of home router exploits, and the speed at which new vulnerabilities are weaponized. Discover actionable defense strategies for staying ahead of mass internet exploitation. breached.company/mass-internet-exploitation-in-2024-a-technical-overview
:24:09
Dive into Canada's National Cyber Security Strategy for 2025 and explore how it aims to protect Canadians and businesses from evolving cyber threats. This podcast examines the strategy's key pillars, including forging partnerships, promoting innovation, and disrupting cyber threat actors. Discover how the government plans to engage with all levels of society, from Indigenous communities to the private sector, to build a more resilient and secure digital Canada, as well as how the Canadian Cyber Defence Collective (CCDC) and other initiatives play a crucial role in achieving these goals.
:14:22
Welcome to Deep Dive, where we tackle complex topics head-on. In this episode, we delve into the fascinating and increasingly concerning world of deepfakes: AI-generated audio and visual content designed to deceive. We'll explore the technology behind deepfakes, from face-swapping to voice cloning the threats they pose to individuals, organizations, and even democratic processes and the ongoing efforts to detect and mitigate this emerging challenge. Join us as we break down the science fiction of today into the cybersecurity reality of tomorrow. www.myprivacy.blog/the-deepfake-dilemma-navigating-the-age-of-ai-generated-deception
:19:17
Based on the Arctic Wolf 2025 Threat Report, this podcast explores the key cybersecurity threats that organizations will face in the coming year. We delve into the prevalence of ransomware and data extortion, the ongoing challenges of business email compromise, and the persistent risks posed by intrusions. Gain insights into attacker tactics, vulnerable attack surfaces like Unsecured Remote Desktop Protocol (RDP), and actionable strategies for managing and mitigating these evolving threats. www.breached.company/deep-dive-into-the-cyber-threat-landscape-key-insights-from-the-arctic-wolf-2025-threat-report
:19:49
This episode dives into the key findings of Recorded Future's 2024 Malicious Infrastructure Report, revealing the dominant malware families like LummaC2 and AsyncRAT, the continued reign of Cobalt Strike, and the evolving tactics of threat actors, including the abuse of legitimate internet services and relay networks. We'll explore the top threats, targeted regions, and the resilience of cybercriminals in the face of law enforcement efforts, providing crucial insights for defenders navigating today's complex threat landscape. www.breached.company/unpacking-the-2024-cyber-underworld-a-technical-deep-dive-into-malicious-infrastructure
:22:32
Explore the cybersecurity and privacy challenges posed by Large Language Models (LLMs) through the lens of DeepSeek R1 red teaming. Dive into the vulnerabilities uncovered in DeepSeek R1, from harmful content generation to insecure code and biased outputs. Learn about practical strategies and frameworks like NIST AI RMF for mitigating risks and ensuring responsible AI deployment. https://www.breached.company/deepseek-r1-red-team-navigating-the-intersections-of-llm-ai-cybersecurity-and-privacy
:36:22
This episode explores the escalating cybersecurity landscape, with a particular focus on how generative AI is enabling more sophisticated and personalized cyberattacks. We delve into the ways AI is being used by cybercriminals to refine social engineering tactics, create more convincing phishing attempts in multiple languages, and automate their malicious activities. The episode also highlights the critical need for organizations to prioritize cyber resilience, focusing on building stronger cybersecurity foundations, increasing awareness and education, and developing robust incident response plans. Additionally, we discuss the importance of ecosystem-level collaboration and the need for all organizations to adopt secure-by-design principles for AI systems. We also consider the ways that governments may create policies on biotech.
:13:30
This podcast delves into the findings of the European Union Serious and Organised Crime Threat Assessment (EU-SOCTA) 2025, exploring the changing DNA of serious and organised crime in Europe as it becomes increasingly nurtured online and accelerated by AI and other new technologies. We examine the destabilising impact of these criminal activities on society, the growing intersection with hybrid threats, and the key areas of concern identified by Europol, including cyber-attacks, online fraud, drug trafficking, and more. Join us as we unpack the intelligence-led analysis shaping the EU's fight against these evolving threats breached.company/understanding-the-evolving-threat-landscape-following-a-data-breach
:28:12
This podcast delves into the findings of Red Canary's 2025 Threat Detection Report, dissecting the major cybersecurity trends observed in 2024. We explore the surge in ransomware, increasingly sophisticated initial access techniques like "paste and run," the dramatic rise of identity attacks targeting cloud environments, persistent vulnerability exploitation, the proliferation of stealer malware on Windows and macOS, the emergence of state-sponsored insider threats, the consistent abuse of VPNs, the growing landscape of cloud attacks, and the dominance of stealers in Mac malware. Understand the implications of these trends and how organizations can shift their security strategies towards early detection and effective response across endpoints, identities, and cloud resources, moving beyond prevention to identify and mitigate threats before they cause significant harm. breached.company/learning-from-the-shadows-key-insights-from-the-red-canary-2025-threat-detection-report-for-breached-companies
:14:46
This podcast delves into the findings of Lithuania's "National Threat Assessment 2025," dissecting the primary external state actors posing the most significant risks to its national security. We examine the multifaceted threats emanating from an increasingly aggressive Russia, Belarus with its growing dependence, and an increasingly hostile China, exploring their strategies and potential impact on Lithuania and the wider region. breached.company/unpacking-the-perils-why-lithuanias-2025-security-threats-demand-your-attention
:15:42
Explore the cutting-edge intersection of artificial intelligence and red team operations in cybersecurity. We delve into how AI is revolutionizing traditional cyber offense and defense methodologies, enhancing adaptability, fostering innovation, and pushing the boundaries of cyber operations in an era of rapidly evolving digital threats, as highlighted in "AI For Red Team Operation". Join us to understand how this fusion is shaping the future of cybersecurity strategies and tactics. www.securitycareers.help/the-ai-powered-red-team-revolutionizing-cyber-operations
:15:54
Delve into the critical security vulnerabilities of Artificial Intelligence, exploring the dangerous world of prompt injection, leaking, and jailbreaking as highlighted in SANS' Critical AI Security Controls and real-world adversarial misuse of generative AI like Gemini by government-backed actors. Understand how malicious actors attempt to bypass safety controls, extract sensitive information and manipulate LLMs for nefarious purposes, drawing insights from documented cases involving Iranian, PRC, North Korean, and Russian threat actors. Learn about the offensive techniques used and the ongoing challenge of securing AI systems,
:21:54
The Digital Operational Resilience Act (DORA) is a European regulation designed to ensure the financial sector can withstand, respond to, and recover from ICT-related disruptions. This episode breaks down the key pillars of DORA, including ICT risk management, incident reporting, digital resilience testing, and third-party risk management, offering practical insights for financial institutions. Tune in to learn how DORA will impact your organization's cybersecurity strategy and what steps you need to take to achieve compliance by January 17, 2025. https://www.compliancehub.wiki/digital-operational-resilience-act-dora-a-comprehensive-guide-to-compliance/
:19:40
This podcast explores the multifaceted impact of artificial intelligence on the landscape of cybersecurity and military strategy. We delve into how AI is being leveraged for advanced cyber defense, including identifying vulnerabilities and accelerating incident response. while also examining the emerging cyberattack capabilities that AI can enable. Furthermore, we analyze the broader strategic risks and opportunities presented by the growing military use of AI, considering its implications for national security, international competition, and the future of conflict. www.myprivacy.blog/the-ai-revolution-in-cyber-and-strategy-a-double-edged-sword
:27:10
Delve into the key cybercrime trends observed in 2024 by Israel National Crime Directorate (INCD), from the pervasive use of infostealers and the rise of encryption-less ransomware to the emerging threats involving AI and decentralized technologies. We analyze how cybercriminals are adapting their tactics, the impact of law enforcement actions, and what these shifts foreshadow for the cyber threat landscape in 2025. breached.company/understanding-the-2024-cyber-threat-landscape-insights-for-our-community
:27:09
Delve into the key findings of ThreatDown's 2025 State of Malware report, exploring the anticipated impact of agentic AI on cybercrime and the evolving ransomware landscape, including the emergence of smaller, more agile "dark horse" groups. We'll discuss how cybercriminals are leveraging AI to scale attacks and the shift towards Living Off The Land (LOTL) tactics for stealthier operations. We also examine the increasing threats from macOS stealers and sophisticated Android phishing malware, providing crucial insights into the challenges and defenses shaping the threat landscape in 2025. www.breached.company/decoding-the-2025-malware-landscape-a-technical-deep-dive
:20:39
This episode dissects the cyber threat landscape of 2024, drawing insights from a comprehensive analysis of malicious activities targeting Union entities and their vicinity. We explore the major trends, including the rise of cyber espionage and prepositioning the exploitation of zero-day vulnerabilities, and the techniques employed by threat actors. The discussion highlights the most targeted sectors, such as defense, transportation, and technology, and emphasizes the critical role of service providers as prime targets. We also delve into the global events that shaped the threat landscape, such as elections and conflict. breached.company/deep-dive-analyzing-the-2024-cyber-threat-landscape-and-emerging-attack-vectors
:28:35
This podcast episode explores Vietnam's new Law on Data, effective July 1, 2025, and its implications for businesses. We'll break down the law's key aspects, including scope of application, digital data definitions, data ownership rights, regulations on cross-border data transfers (especially for "important" and "core" data), and the requirements for mandatory risk assessments. We also discuss data-related products and services, the establishment of the National General Database and National Data Centre, and practical steps businesses can take to ensure compliance and mitigate risks in Vietnam's evolving digital landscape. www.compliancehub.wiki/vietnams-law-on-data-key-provisions-and-implications
:19:14
We delve into the urgent need for organizations to prepare for the era of quantum computing, which threatens to break today's standard encryption methods. We examine the "harvest now, break later" (HNDL) threat, where malicious actors are already collecting encrypted data for future decryption by quantum computers. Drawing upon information from sources like NIST and expert analysis, we discuss the development and standardization of quantum-resistant cryptographic algorithms such as CRYSTALS-Kyber (ML-KEM) and CRYSTALS-Dilithium (ML-DSA). We provide CISOs and cybersecurity professionals with key strategic considerations for a successful quantum-safe transition, including conducting a comprehensive cryptographic inventory and quantum risk assessment (QRA), prioritizing systems for migration, engaging with vendors, and fostering crypto agility. Join us as we navigate the challenges and opportunities of this critical cybersecurity revolution and help you take the necessary quantum leap to secure your future. www.securitycareers.help/the-quantum-clock-is-ticking-your-guide-to-navigating-the-post-quantum-cryptography-era (http://www.securitycareers.help/the-quantum-clock-is-ticking-your-guide-to-navigating-the-post-quantum-cryptography-era) https://quantumsecurity.ai https://risk.quantumsecurity.ai/
:09:47
Navigating the complex world of healthcare cybersecurity. Join us as we delve into the HIPAA Security Rule, its purpose in safeguarding electronic Protected Health Information (ePHI), and the latest updates addressing evolving threats like AI and quantum computing. We'll break down compliance requirements, explore the impact of the HIPAA Omnibus Rule, and discuss best practices for maintaining the confidentiality, integrity, and availability of sensitive patient data. Stay informed and secure your digital healthcare landscape. www.compliancehub.wiki/mastering-hipaa-security-rule-compliance-protecting-your-digital-healthcare-landscape
:13:37
Large Language Models (LLMs) are revolutionizing the world, powering everything from chatbots to content creation. But as with any new technology, there are security risks lurking beneath the surface. Join us as we explore the OWASP Top 10 for LLMs, a guide that exposes the most critical vulnerabilities in these powerful AI systems. We'll break down complex security threats like prompt injection attacks, data poisoning, and the dangers of insecure code generation. Discover how malicious actors can manipulate LLMs to steal sensitive information, spread misinformation, and even take control of your applications. Our expert guest, [Guest Name], will share real-world examples and practical solutions to safeguard your LLM applications. Learn how to implement robust security measures, from input validation and access control to model monitoring and incident response planning. Tune in to gain a deeper understanding of the potential risks and actionable strategies for protecting your AI systems in this era of LLMs.
:27:42
Join us as we delve into the critical realm of risk management for General-Purpose AI (GPAI) and foundation models. Drawing insights from the UC Berkeley Center for Long-Term Cybersecurity's profile, we explore the unique risks associated with these increasingly multi-purpose AI systems, from their large-scale impact and potential for misuse to the challenges posed by emergent behaviors We examine frameworks and best practices for identifying, analyzing, and mitigating these risks, aligning with standards like the NIST AI Risk Management Framework and considering the implications of emerging regulations This podcast is essential listening for developers, policymakers, and anyone seeking to understand and responsibly navigate the rapidly evolving landscape of advanced AI.
:16:03
This podcast delves into the growing privacy vulnerabilities and cybersecurity risks inherent in the deeply interconnected systems of modern smart cities. We explore the challenges of data protection, the expanding attack surface created by IoT devices, and the governance and regulatory gaps that can leave urban environments vulnerable to exploitation. Join us as we examine the threats and discuss potential solutions for building more secure and privacy-respecting smart urban futures. www.secureiotoffice.world/the-intelligent-workspace-leveraging-iot-for-a-smarter-office (http://www.secureiotoffice.world/the-intelligent-workspace-leveraging-iot-for-a-smarter-office) www.secureiot.house/securing-your-connected-sanctuary-navigating-privacy-and-cyber-threats-in-your-smart-home (http://www.secureiot.house/securing-your-connected-sanctuary-navigating-privacy-and-cyber-threats-in-your-smart-home)
:28:27
In this episode, we delve into the alarming rise of edge device exploitation in 2024 from the Check Point Threat Intel report, where cybercriminals and nation-states alike targeted routers, firewalls, and VPN appliances to gain initial access, establish ORBs for covert operations, and leverage a surge in zero-day vulnerabilities. We explore the tactics of groups like Raptor Train and Magnet Goblin, the challenges of patching these critical devices, and the implications for network security in the evolving threat landscape. breached.company/edge-wars-unpacking-the-escalating-exploitation-of-network-perimeters-in-2024
:33:41
Explore the dynamic world of artificial intelligence through a global lens, examining key trends identified in India and Africa. We delve into the balance between AI innovation and regulatory frameworks. Discover how AI is being applied for public sector transformation in India, addressing accessibility and leveraging multilingual capabilities. We also critically analyze the concept of trustworthy AI from African perspectives, considering ethical implications, data justice, and the need for Afrocentric approaches that prioritize local values and community benefits over global tech interests. Join us as we navigate the complexities of AI development and deployment across diverse cultural and societal landscapes, discussing challenges like bias, governance, and the crucial pursuit of responsible and trustworthy AI for all. https://www.compliancehub.wiki/navigating-the-ai-landscape-compliance-considerations-in-india-and-africa
:21:58
This podcast delves into the NIST Privacy Framework 1.1, a voluntary tool developed to help organizations identify and manage privacy risk while fostering innovation and protecting individuals' privacy. We explore its three core components: Core, Organizational Profiles, and Tiers, and how they enable organizations to understand, assess, prioritize, and communicate their privacy activities. Learn how to use this framework to build customer trust, meet compliance obligations, and facilitate dialogue about privacy practices. www.compliancehub.wiki/navigating-the-complex-world-of-privacy-with-the-nist-privacy-framework-1-1
:17:00
This podcast we are exploring the critical cybersecurity challenges facing today's interconnected urban environments. We delve into the evolving threats arising from smart city infrastructure and the Internet of Things (IoT), including ransomware attacks on critical infrastructure, the expanded attack surface created by interconnected devices, and strategies for building cyber resilience. Join us as we discuss best practices for municipalities, the importance of public trust, and the role of AI in both cyberattacks and defense. Stay informed and learn how we can collectively protect the future of our smart cities. www.securitycareers.help/navigating-the-cyber-threat-landscape-of-smart-cities (http://www.securitycareers.help/navigating-the-cyber-threat-landscape-of-smart-cities) https://cybersafe.city https://risk.secureiotoffice.world https://risk.secureiot.house
:14:37
Explore the dynamic landscape of digital forensics in the face of rapidly evolving technologies. We delve into the impact of trends like IoT, 5G networks, AI-driven attacks, advanced file systems (APFS, NTFS), cloud integration, and sophisticated anti-forensic techniques across Mac OS, network infrastructures, and Windows platforms. Join us as we unravel the challenges and emerging solutions for investigators striving to uncover digital evidence in an increasingly complex world. www.hackernoob.tips/digital-forensics-on-the-edge-navigating-emerging-technologies-across-platforms
:25:36
This podcast dives into the critical world of vulnerability disclosure programs (VDPs), exploring how organizations and security researchers work together to identify and address security weaknesses. We'll examine the core principles that underpin effective VDPs, including establishing clear reporting channels and defined scopes, the importance of timely responses and good-faith engagement, and the crucial role of safe harbor provisions. We'll also delve into modern best practices such as automation in triage, integration with security workflows, adherence to coordinated vulnerability disclosure (CVD) norms, and the benefits of transparency in building community trust. Join us to understand how VDPs are becoming a strategic necessity for cyber resilience, fostering a collaborative security ecosystem. www.hackernoob.tips/diving-deep-a-researchers-guide-to-navigating-vulnerability-disclosure-programs (http://www.hackernoob.tips/diving-deep-a-researchers-guide-to-navigating-vulnerability-disclosure-programs) www.securitycareers.help/establishing-a-vulnerability-disclosure-program-a-cisos-perspective (http://www.securitycareers.help/establishing-a-vulnerability-disclosure-program-a-cisos-perspective) https://irmaturityassessment.com (https://irmaturityassessment.com/) https://cyberinsurancecalc.com
:23:18
Dive into the alarming world of secrets sprawl, exploring the growing number of exposed API keys, passwords, and other sensitive credentials across development environments, collaboration tools, and cloud platforms. Based on the latest data analysis from GitGuardian's "The State of Secrets Sprawl 2025" report, we uncover the primary risk categories and attack vectors, the cascade effect of minor leaks, and the critical timelines that make rapid remediation essential. We'll also discuss the challenges organizations face, from the limitations of secrets managers and the dangers of excessive permissions to the persistent problem of unfixed exposed credentials and the overlooked risks in collaboration tools. Join us to understand the real-world impact of secrets sprawl and learn strategies for effective management and mitigation. www.securitycareers.help/the-state-of-secrets-sprawl-a-critical-risk-imperative-for-cisos (http://www.securitycareers.help/the-state-of-secrets-sprawl-a-critical-risk-imperative-for-cisos) www.compliancehub.wiki/secrets-sprawl-a-compliance-nightmare-leading-to-potential-privacy-fines (http://www.compliancehub.wiki/secrets-sprawl-a-compliance-nightmare-leading-to-potential-privacy-fines)
:23:55
Is your attack surface spiraling out of control with multi-cloud, SaaS, and third-party integrations? Join us as we delve into how AI-powered automation is becoming critical for modern Attack Surface Management (ASM). We'll explore the challenges organizations face in achieving comprehensive visibility and how AI provides viable solutions for enhanced asset discovery, proactive threat detection, intelligent risk prioritization, and faster incident response. Learn how AI acts as a force multiplier in cybersecurity, enabling a shift from reactive to proactive defense against evolving cyber threats. www.securitycareers.help/why-ai-powered-attack-surface-management-is-your-new-strategic-imperative (http://www.securitycareers.help/why-ai-powered-attack-surface-management-is-your-new-strategic-imperative) https://risk.quantumsecurity.ai/ https://airiskassess.com/
:18:08
Dive deep into the rapidly evolving landscape of AI-powered cyberattacks with insights from cutting-edge research, including the framework for evaluating AI cyber capabilities developed by Google DeepMind. Explore how AI is shifting the balance between offense and defense in cybersecurity, potentially lowering the cost and complexity of sophisticated attacks while demanding new strategies for protection. Join us as we unpack the key findings, potential future threats, and essential considerations for safeguarding your digital world in the age of increasingly capable AI adversaries. breached.company/the-ai-cyberattack-horizon-understanding-the-emerging-threat https://airiskassess.com https://globalcompliancemap.com
:18:17
Explore how artificial intelligence is transforming the core of organizational collaboration. We delve into the groundbreaking research from "The Cybernetic Teammate" study, revealing how AI-powered tools are impacting team performance, breaking down expertise silos, and even influencing social engagement in the workplace. Discover how individual AI users are matching and sometimes exceeding the output of traditional teams, and what this means for the future of work and organizational design. www.securitycareers.help/the-rise-of-the-cybernetic-teammate-how-ai-is-redefining-collaboration-in-the-modern-workplace (http://www.securitycareers.help/the-rise-of-the-cybernetic-teammate-how-ai-is-redefining-collaboration-in-the-modern-workplace) Thank you to our sponsor: https://cyberagent.exchange
:21:02
Are you struggling to understand and manage your organization's data security risks? Based on the latest insights, we delve into the key challenges hindering effective data protection, including gaps in risk understanding, the critical misalignment between management and staff on security strategies, the limitations of existing security tools, and the shift from reactive compliance to proactive, risk-based approaches. Join us as we unpack these issues and explore the path towards a stronger data security posture. www.securitycareers.help/bridging-the-gaps-in-the-cloud-why-understanding-and-alignment-are-key-to-effective-data-security-risk-management (http://www.securitycareers.help/bridging-the-gaps-in-the-cloud-why-understanding-and-alignment-are-key-to-effective-data-security-risk-management)
:13:06
Explore the exciting future of cryptocurrency payments through the lens of cybersecurity and privacy. We delve into the potential benefits and significant risks, offering insights into best practices and the crucial role of regulation in this evolving landscape. • www.myprivacy.blog/navigating-the-crypto-landscape-an-in-depth-look-at-privacy-in-the-future-of-payments (http://www.myprivacy.blog/navigating-the-crypto-landscape-an-in-depth-look-at-privacy-in-the-future-of-payments) • www.compliancehub.wiki/navigating-the-crossroads-compliance-and-privacy-in-the-cryptocurrency-realm (http://www.compliancehub.wiki/navigating-the-crossroads-compliance-and-privacy-in-the-cryptocurrency-realm)
:16:15
Delve into the principles and practical applications of Zero Trust Architecture (ZTA), a modern cybersecurity paradigm that moves away from traditional perimeter-based security by embracing the core tenet of "never trust, always verify". Learn about the key components, tenets, and benefits of ZTA, as well as strategies for implementation in today's complex and distributed IT environments, including cloud, remote users, and diverse devices. https://www.zerotrustciso.com www.securitycareers.help/building-a-career-in-a-zero-trust-world-understanding-the-foundational-principles-of-modern-cybersecurity (http://www.securitycareers.help/building-a-career-in-a-zero-trust-world-understanding-the-foundational-principles-of-modern-cybersecurity)
:22:44
Join us as we delve into the key findings of the FBI's 2024 Internet Crime Complaint Center (IC3) Annual Report. This year marks the 25th anniversary of IC3, which serves as the primary destination for the public to report cyber-enabled crime and fraud. The report reveals a staggering new record for losses reported to IC3, totaling $16.6 billion in 2024. This represents a 33 percent increase from 2023. We'll explore the most impactful crime types by reported loss, including Investment fraud ($6.57 billion), Business Email Compromise ($2.77 billion), and Tech Support scams ($1.46 billion), which are collectively responsible for the bulk of reported losses. A major factor contributing to these losses is the increasing use of cryptocurrency, which served as a descriptor in 149,686 complaints and was associated with $9.3 billion in losses in 2024, a 66% increase in losses. We'll also examine the significant impact on different age groups, noting that individuals over the age of 60 suffered the most losses ($4.885 billion) and submitted the most complaints (147,127). For this age group, Investment fraud ($1.834 billion) and Tech Support scams ($982 million) resulted in the highest reported losses, and cryptocurrency was referenced in 33,369 complaints with over $2.8 billion in losses. The episode will also touch upon the IC3's core functions including collection, analysis, public awareness, and referrals, its role in partnering with law enforcement and the private sector, and notable efforts like the IC3 Recovery Asset Team which assists in freezing funds for victims of fraudulent transactions, demonstrating a 66% success rate in 2024, and Operation Level Up, which successfully notified victims of cryptocurrency investment fraud, resulting in estimated savings breached.company/the-2024-ic3-report-record-cybercrime-losses-highlight-escalating-digital-threats
:14:03
Explore the rapidly evolving landscape where artificial intelligence intersects with criminality and societal risks. Drawing on expert research, this podcast delves into the transformative potential of AI-enabled crime, from sophisticated financial fraud using deepfakes to the generation of child sexual abuse material, and the challenges this poses for law enforcement. We also examine the critical need for robust AI incident reporting mechanisms, as proposed with standardized key components for documenting AI-related harms and near misses. Join us as we unpack the threats, the defenses, and the policy reforms necessary to navigate this complex new frontier. breached.company/navigating-the-ai-frontier-confronting-ai-enabled-crime-through-robust-incident-reporting https://airiskassess.com https://cisomarketplace.services
:21:18
Explore the escalating threats posed by artificial intelligence incidents, sophisticated disinformation campaigns like the Doppelgänger network targeting nations from France to Israel, and the cyber espionage activities of threat actors such as UAC-0050 and UAC-0006 as revealed by Intrinsec's analysis. We delve into the tactics, infrastructure, and narratives employed in these digital battlegrounds, drawing insights directly from recent intelligence reports. Understand the key components of AI incident reporting, the disinformation narratives amplified across different countries, and the evolving techniques of cyber intrusion sets targeting critical infrastructure and institutions. Join us as we unpack the complex landscape of AI risks, influence operations, and cyber warfare. breached.company/the-unseen-frontlines-navigating-the-intertwined-threats-of-ai-incidents-disinformation-and-cyber-espionage
:23:02
This podcast delves into the critical aspects of data privacy laws like GDPR and the Connecticut Data Privacy Law, alongside the essential Payment Card Industry Data Security Standard (PCI DSS) compliance for e-commerce success. We explore how retailers can craft clear privacy policies, manage user consent effectively, and implement stringent security measures to protect customer data and ensure secure online transactions in the evolving digital landscape. Join us for insights on building customer trust through adherence to regulations and best practices in digital retail security. www.compliancehub.wiki/navigating-the-complexities-of-compliance-in-digital-retail-a-comprehensive-guide
:16:24
A comprehensive exploration of AI regulations across different jurisdictions, including the EU, US, China, UK, Canada, and Japan. We discuss key themes in AI regulation, practical considerations for businesses, and the future of AI governance.
60 minutes
A deep dive into the General Data Protection Regulation (GDPR), exploring its key concepts, compliance requirements, and practical implementation steps. This episode provides actionable insights for organizations navigating EU data privacy regulations.
50 minutes
A comprehensive exploration of HIPAA and HITECH regulations, their evolution in the digital age, and their impact on healthcare data protection. This episode covers everything from compliance requirements to practical implementation strategies.
55 minutes
An in-depth exploration of U.S. state data privacy laws, examining the complex regulatory landscape, consumer rights, and business obligations across different states. We break down key themes and provide practical guidance for compliance.
45 minutes
Security Directories
Access comprehensive directories of cybersecurity resources and professionals
Cybersecurity Tools Directory
A comprehensive directory of cybersecurity tools and resources for security professionals
Cyber Scout Directory
Find and connect with cybersecurity professionals, experts, and service providers
Cybersecurity Tools
Explore our suite of free tools designed to help you assess and improve your security posture
Data Breach Cost Calculator
Calculate the potential financial impact of a data breach on your organization
Fine My Data
Understand potential data protection fines and compliance requirements
Data Privacy Tool
Evaluate and improve your organization's data privacy practices
Security Assessment Scoping
Plan and scope your security assessments effectively
AI Security Tools
Leverage the power of artificial intelligence to enhance your cybersecurity capabilities
CybersecurityGPT
Advanced AI-powered cybersecurity assistant for threat analysis and security recommendations
Cyber Agent
AI-driven platform for automated security operations and threat response
Stay Updated
Subscribe to our newsletter for the latest episodes and cybersecurity insights.