CISO Insights: Voices in Cybersecurity

After years of controversy, EU member states have agreed on a revised position for the "Chat Control" regulation that drops mandatory mass scanning but introduces a framework for "voluntary" detection of private messages. Privacy advocates and security experts warn that this new "risk mitigation" approach, coupled with mandatory age verification, could still effectively force platforms to implement surveillance infrastructure and e...

Australia is launching a world-first "grand experiment" by banning social media for under-16s and mandating age verification for search engines, threatening fines of up to $49.5 million for tech giants that fail to comply. We explore the massive privacy trade-offs as millions of Australians—adults included—face requirements to submit government IDs or undergo biometric face scans just to remain logged into services like Google and ...

Discover how a veteran security consultant rebuilt a media empire from scratch following a business collapse, all while operating full-time from a solar-powered Honda Odyssey with Starlink. We explore how the CyberAdX Network leverages extreme automation to deliver 25 million annual impressions and undercut legacy publishers by 50 to 100 times in cost efficiency. This episode reveals the operational grit required to manage 11 speci...

Broadcasting 3-4 episodes weekly, this show delivers critical analysis on data breaches, compliance frameworks, and threat intelligence to a loyal audience of enterprise security practitioners. The listener base is heavily concentrated in the US market (45%), with deep penetration in major tech hubs like California and defense sectors in Virginia. With a library of over 344 episodes and reach across 103 countries, the podcast offer...

This episode explores the transformative impact of the NIS2 Directive, which mandates robust cybersecurity risk management and strict "24-72-30" incident reporting timelines for essential and important entities across the EU. We break down the critical distinctions in supervisory regimes and the expanded scope that now includes sectors ranging from energy and health to digital infrastructure and food production. Finally, we discuss...

As the tech world races through an "AI gold rush," the gap between rapid innovation and safety standards has created massive risks for organizations deploying Generative AI. This episode breaks down the new OWASP AI Maturity Assessment (AIMA), a comprehensive blueprint that acts as a "building code" to ensure AI systems are secure, reliable, and aligned with human values. We also explore critical threats from the OWASP Top 10 for L...

This episode explores the challenges financial institutions face in translating the complex legal requirements of the EU’s Digital Operational Resilience Act (DORA) into practical, daily operations. We dive into the "DORA in Control" framework developed by NOREA, which consolidates the regulation into 95 actionable controls across eight domains to simplify compliance and gap assessments. Finally, we discuss how adopting an engineer...

This episode explores how the widespread deployment of agentic AI is fundamentally redefining enterprise security by creating fully autonomous, adaptive, and scalable threats that act with growing authority to execute multi-step operations and interact with real systems. We analyze how this shift has industrialized cybercrime, allowing automated operations to orchestrate ransomware and launch hyper-personalized social engineering c...

The cybersecurity market is saturated with "AI washing," forcing CISOs to rigorously vet vendors promising "autonomous" capabilities that often lack genuine intelligence. This episode provides a battle-tested framework for demanding proof over promises, revealing critical technical red flags like claims of zero hallucinations or a lack of essential data residency guarantees. Learn how to avoid creating new liability and instead ach...

This episode explores the alarming trend of catastrophic, back-to-back outages in late 2025, including the AWS DNS failure, Microsoft’s Azure Front Door configuration cascade, and the Cloudflare collapse, all caused by configuration errors in highly concentrated edge services. We analyze how a single error in one cloud region can create a dependency avalanche that paralyzes thousands of third-party services across finance, healthca...

The cybersecurity landscape continues to evolve, demonstrating worrying trends as rapidly advancing Generative AI capabilities enable sophisticated attacker tactics, making phishing attempts much more targeted and customized. This episode explores how pervasive digital dark patterns leverage consumer cognitive biases, tricking users into sharing personal information and navigating manipulative interfaces, like pre-selected consent ...

Smart devices like Amazon's Alexa and modern smart TVs are perpetually monitoring domestic life, utilizing technologies such as Automatic Content Recognition (ACR) to harvest viewing habits and inadvertently recording private conversations through frequent, long-duration misactivations. These recorded interactions are sent to the cloud for training sophisticated AI systems through human review, a mandatory data collection process t...

Threat actors are exploiting human psychology using sophisticated techniques like AI-powered deepfakes and emotional manipulation to bypass traditional security defenses. This episode explores how nonprofits and consumer organizations are increasingly targeted by highly effective scams, including CEO impersonation fraud, Business Email Compromise (BEC), and fraudulent social media donation requests. We break down the new threat lan...

We dive into the most financially devastating threats of 2025, revealing how ransomware, which accounted for 76% of incurred losses in one portfolio, and vendor breaches continue to drive significant financial damage. The discussion explores how AI is turbocharging social engineering and credential stuffing (which caused a 250% increase in Account Takeover attacks in 202), enabling threat actors like Scattered Spider to "log in" us...

This podcast dissects adversary tactics, techniques, and procedures (TTPs), focusing on how attackers leverage social engineering and human psychological weaknesses like fear and trust to gain unauthorized access. We explore the proactive strategies of Red Teaming and Breach and Attack Simulation (BAS), which use the MITRE ATT&CK framework to emulate real-world attacks and test defensive capabilities. Tune in to understand the ...

This podcast explores the comprehensive responsibilities of modern InfoSec professionals, ranging from core security operations like vulnerability management across operating systems, network devices, and containers, to ensuring physical security and managing application development standards. Dive deep into emerging and complex domains such as AI Governance, securing training data for GenAI models, managing IoT device identities, ...

This episode explores the complex division in state mandates between general consumer privacy laws and specific children’s design codes, which often function as separate acts or amendments. We break down how compliance is determined either by broad, quantitative thresholds like annual gross revenue and high data volume, or by the specific service's intention or likelihood of being accessed by minors. Crucially, we contrast the age ...

Australia faces a heightened global cyber threat environment driven by geopolitical tensions, with malicious actors continuing to target organizations of all types and sizes, which has led to rising cybercrime costs and serious data breaches. Drawing on guidance from the Australian Signals Directorate (ASD) and the Australian Institute of Company Directors (AICD), this episode details why boards must operate with a mindset of ‘assu...