CISO Insights: Voices in Cybersecurity

Agentic AI systems significantly extend their capabilities by interfacing with diverse external environments through tools and function calls, including API access, code execution, databases, web browsers, and critical operational systems. However, each of these "agencies" introduces unique and severe security concerns, such as tool misuse (T2), privilege compromise (T3), unexpected remote code execution (T11), and rogue agents (T1...

As a Federal Cyber Center and Center of Excellence, the Department of Defense Cyber Crime Center (DC3) proactively builds and leverages strategic partnerships across the globe to enable insight and action in cyberspace and beyond. These vital collaborations span U.S. government entities, international allies, law enforcement agencies, the private sector, and ethical hacking communities. Through this expansive network, DC3 delivers ...

The EU's Digital Services Act (DSA) is presented as a comprehensive digital censorship law, ostensibly designed for online safety, but criticized for targeting core political speech, humor, and satire, even when not illegal. This report uncovers how European regulators leverage the DSA to compel American social media companies to change their global content moderation policies, effectively imposing EU-mandated censorship standards ...

The 21st century's quiet revolution, the Internet of Things (IoT), has woven digital systems into our physical world, promising efficiency and convenience while simultaneously creating an attack surface of unparalleled scale and complexity. This episode delves into the inherent fragility of IoT, exploring how market pressures and design compromises have led to devices that are often "insecure by design," relying on weak default set...

Traditional network perimeters have dissolved in the hyper-connected world of IoT, escalating cyber threats into pervasive cyber-physical risks with tangible real-world consequences for organizations and human safety. This podcast guides Chief Information Security Officers (CISOs) through a paradigm shift, detailing how to build a proactive, intelligence-driven security posture leveraging Zero Trust, comprehensive Device Lifecycle ...

In 2025, the global aviation industry has been rocked by an unprecedented wave of cyberattacks, compromising millions of passengers' personal data and disrupting critical infrastructure systems. This crisis is largely driven by the notorious cybercriminal group Scattered Spider, also known as UNC3944, Scatter Swine, or Muddled Libra, which employs sophisticated social engineering and Multi-Factor Authentication (MFA) bypass tactics...

Law firms are a "digital bullseye", acting as custodians of clients' "crown jewels" of confidential and strategic information, making them uniquely vulnerable to escalating cyber threats. Attackers are now leveraging AI to launch hyper-realistic attacks at an unprecedented scale, while the human element remains the primary point of failure, leading to devastating consequences like multi-faceted extortion and malpractice claims. Thi...

Traditional security awareness training (SAT) has often proven ineffective, with only 15% of participants actually changing their behavior and a significant majority of data breaches, predicted to be 90% in 2024, involving a human element. Artificial intelligence (AI) is fundamentally transforming SAT by enabling personalized learning experiences, real-time threat simulations, and behavioral analysis to address these shortcomings. ...

Cloud Security Posture Management (CSPM) is a critical component for continuously monitoring, detecting, and remediating security risks and compliance violations across cloud environments, particularly addressing misconfigurations which account for over 90% of cloud security breaches. While essential for visibility, risk assessment, and compliance in complex multi-cloud setups, CSPM primarily offers a reactive approach to issues de...

An Incident Response (IR) playbook is a comprehensive, step-by-step guide essential for organizations to proactively mitigate, detect, respond to, and recover from ransomware incidents. It serves as a single source of truth, enabling swift action to limit an incident's impact, save data, time, and money, and accelerate the return to normal business operations. Structured around key phases like Preparation, Detection and Analysis, C...

This episode explores how Enterprise Risk Management (ERM) processes evolve from foundational structures and informal approaches to sophisticated, enterprise-wide analytical frameworks. We delve into how Key Risk Indicators (KRIs) serve as crucial early warning signals, examining their varied development, monitoring, and application across three distinct organizations: Midwestern Utilities, Wimbledon Investments, and Discovery Heal...

This episode delves into the critical and direct accountability of top management and management boards for NIS2 compliance. We explore the significant legal obligations placed upon them, including the requirement to approve and oversee cybersecurity risk management measures and ensure timely incident reporting. Learn how proactive engagement by leadership is essential for building a robust cybersecurity posture and avoiding the se...

This podcast dives into the Cyber Security Readiness Goals Cross-Sector Toolkit, providing essential insights for Canadian critical infrastructure owners and operators. We explore how organizations can prioritize investments and elevate their cyber security posture by understanding the 36 readiness goals. Each episode unpacks recommended actions, associated risks like MITRE ATT&CK TTPs, and practical strategies across governanc...

This podcast provides an insightful look into the Security Information Service (BIS) of the Czech Republic, detailing its crucial efforts in safeguarding the nation's security during 2024. We explore the persistent threats posed by Russia through "Telegram agents," cyberattacks, and influence operations, and the challenges from China concerning espionage and critical infrastructure. It also highlights the BIS's extensive cooperatio...

El papel de un CISO se ha vuelto excepcionalmente complejo en los últimos diez años, especialmente con el auge del trabajo remoto y la creciente migración de datos a la nube, haciendo que los primeros 90 a 101 días en un nuevo puesto sean cruciales para establecer una base de seguridad sólida. Los nuevos CISOs enfrentan desafíos significativos como comprender infraestructuras y vulnerabilidades desconocidas, lidiar con restriccione...

Based on the 2024 UN Global Risk Report, this episode explores how global stakeholders perceive critical risks and the international community's readiness to address them. It reveals that humanity remains "dangerously unprepared" for the most important global vulnerabilities, particularly mis- and disinformation, and clusters of environmental, societal, and technological threats. The discussion highlights the urgent need for enhanc...

Cognitive warfare is a national security imperative to understand, as it focuses on influencing an opponent's reasoning, decisions, and actions to secure strategic objectives, often with less military effort. Russia is a key player in this space, using cognitive warfare to shape global decision-making, obfuscate its objectives, and preserve its regime. This podcast explores how Russia wages war and governs by attempting to make its...