Redefining CyberSecurity

ITSPmagazine Podcasts
  • 5,0 (4)
  • Технологии
  • Еженедельно

Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, our communities, and our society, in a secure and safe way, we must begin by operationalizing security. Executives are recognizing the importance of their investments in information security and the value it can have on business growth, brand value, partner trust, and customer loyalty. Together with executives, lines of business owners, and practitioners, we are Redefining CyberSecurity.

  1. Proof of Impact | Lens Four by Sean Martin | Read by TAPE9

    -19 ч

    Proof of Impact | Lens Four by Sean Martin | Read by TAPE9

    ⬥EPISODE NOTES⬥ Almost nothing got said on the stages at Global Citizen NOW 2026 without a number behind it. $47 million toward a $100 million education fund. 27 organizations funded. 1,500 jobs from a single restoration effort. 18 million lives reached in one campaign. The headline was the money. The tell was quieter — a pilot to verify, record, and monitor every donated dollar with AI and blockchain, from the moment it is given to the point it makes impact on the ground. Strip away the wattage — Adam Lambert and Ayra Starr opening, Hugh Jackman working the room, heads of state beside Fortune 500 CEOs — and Global Citizen NOW 2026 was a working argument about what technology is for when the objective is a social outcome rather than a shareholder return. In a sector whose standing pitch has been "trust us, the money helps," building the infrastructure to prove where every dollar goes inverts the pitch. The claim now comes with a receipt. This is the Proof of Impact pattern, and it is worth pulling apart clearly. 🔍 In this edition of Lens Four: — Why the quiet AI-and-blockchain donation-tracking pilot mattered more than the headline fundraising number — accountability built in as a feature, not bolted on as a disclaimer, with the fund's independent review chair Benedetta Audia calling it "essential to our work" — How the FIFA Global Citizen Education Fund put $47 million of a $100 million goal to work across 27 organizations, with grants of $50,000 to $150,000 and new commitments from Pharrell and the Varkey Foundation — What Solar Freeze's farm-gate solar cold storage shows about outcomes-first technology — smallholders grow roughly 30% of the world's food and receive under 1% of climate finance, and 2026 Global Citizen Prize recipient Dysmus Kisilu describes the unit as "like an Airbnb, but for vegetables" — Why energy access framed the day: around 750 million people live without electricity, 600 million in Africa — a continent holding roughly 60% of the world's renewable resources, where investment has tripled in five years — How a Bezos Earth Fund restoration effort turned roughly 150 farmers into 1,500 jobs with 80% of businesses profitable over five years — and Tom Taylor's blunt financing logic: a million is philanthropy's job, a billion is government's, a trillion needs private industry — What "The AI Powered Workforce" panel revealed — 88% AI adoption per Stanford's 2026 index, real productivity gains — and the asterisk it kept burying: 82% of small businesses know AI is critical, while roughly 75%, in PayPal's Amy Bonitatibus's words, "don't feel that we have the tools and training" — Why "democratizing" is a deliverable someone has to fund and distribute, not a property of the technology — the same wave that lets a fund trade billions on autonomous models is the one that disrupts the business that never got the training — What the Amazon campaign's 4.4 million actions, more than $1 billion in commitments, 31 million hectares protected, and 18 million lives reached prove about outcomes at scale, on Marcelo Thomé's principle that "the forest has value when it is standing" Fourth Lens: Technology is finally good enough to keep the receipts. The harder question is whether the sector will like what they show. When every dollar is traceable from gift to ground, the test stops being whether impact can be proven and becomes whether the story survives once it can no longer be rounded up. When the rounding stops, how much of the impact story survives the data? 🔗 Full article and references: https://seanmartin.com/lens-four/global-citizen-now-2026-technology-trust-outcomes 📧 Subscribe to Lens Four: https://seanmartin.com/lens-four 🎙 Redefining CyberSecurity Podcast: https://redefiningcybersecuritypodcast.com 🎧 Music Evolves Podcast: https://musicevolvespodcast.com 🌐 ITSPmagazine: https://itspmagazine.com 🎬 Studio C60: https://studioc60.com Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience across engineering, product development, marketing, and media. He is co-founder of ITSPmagazine (itspmagazine.com) and Studio C60 (studioc60.com), host of the Redefining CyberSecurity Podcast (redefiningcybersecuritypodcast.com) and Music Evolves Podcast (musicevolvespodcast.com), and co-host of On Location (itspmagazine.com/on-location) and Random and Unscripted (randomandunscripted.com). Learn more at seanmartin.com. 🔎 Keywords: Global Citizen NOW, technology for good, impact measurement, donation transparency, AI and blockchain, FIFA Global Citizen Education Fund, climate finance, Solar Freeze, energy access, Bezos Earth Fund, AI powered workforce, democratizing AI, small business AI, Amazon conservation, social impact, Sean Martin, Lens Four Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    11 мин.
  2. When Patient Records, Powerlines, and Prompts All Lead to the Same Risk | A Redefining CyberSecurity Podcast Conversation with Gil Bashe, Chair, Global Health and Purpose of FINN Partners

    -3 дн.

    When Patient Records, Powerlines, and Prompts All Lead to the Same Risk | A Redefining CyberSecurity Podcast Conversation with Gil Bashe, Chair, Global Health and Purpose of FINN Partners

    ⬥EPISODE NOTES⬥ The healthcare system is, by some measures, the most targeted sector in cybersecurity. Patient records get lifted, hospitals get held for ransom, and the supposed protections often look more like antiquated friction than modern defense. Gil Bashe, Chair of Global Health and Purpose at FINN Partners, joins Sean Martin to explore why the systems meant to protect people's most sensitive information are, in many cases, the same systems holding back better care. A former combat medic, agency CEO, private equity operator, and now author of Healing the Sick Care System: Why People Matter, Gil Bashe brings a rare composite view of how information, technology, and human judgment collide in healthcare. The conversation moves quickly from ransomware and HIPAA-covered entities into the harder questions about AI. With an estimated 80 percent of doctors already using OpenAI tools to assist with diagnosis or treatment patterns, the line between "in the zone" and "precision" information has become a clinical safety issue. Gil Bashe reframes hallucinations as what they really are in his world: wrong facts. And wrong facts, fed back into a system that increasingly trusts the output, create a feedback loop that no one is accountable for. The machine doesn't sleep, doesn't worry, doesn't carry responsibility. The humans on either side of it do. That accountability gap is where the cybersecurity audience comes in. Gil Bashe draws a direct parallel between great coders and great clinicians: both work inside-out and outside-in, interviewing the people who use the system and the people the system serves. He argues that the cybersecurity professional protecting an EMT's routing system, a hospital's power grid, or an MRI data pipeline is saving lives on the same continuum as the paramedic. The skillset is different. The stakes are not. Sean Martin and Gil Bashe also press on the leadership question raised by AI. If clinicians are freed up by 15 percent of their day, what does the system ask them to do with that time? See two more patients on the conveyor belt of sick care, or actually treat the underlying cause of disease? With 18.7 percent of U.S. GDP going to healthcare and 35 percent of that consumed by administration, the answer is not technical. It is a leadership decision about what the technology is for. This conversation asks cybersecurity practitioners, CISOs, and technology leaders to widen the frame. Protecting data is the floor. Protecting the human relationships, the clinical judgment, and the dignity of the patient on the other end of the system is the work. ⬥GUEST⬥ Gil Bashe, Chair, Global Health and Purpose at FINN Partners | On LinkedIn: https://www.linkedin.com/in/gilbashe/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ Healing the Sick Care System: Why People Matter (book by Gil Bashe) | https://www.finnpartners.com/news-insights/healing-the-sick-care-system-why-people-matter/ FINN Partners | https://www.finnpartners.com/ The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ Redefining CyberSecurity Podcast | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq The Future of Cybersecurity Newsletter | https://itspm.ag/future-of-cybersecurity Connect with Sean Martin | https://www.seanmartin.com/ ⬥KEYWORDS⬥ gil bashe, finn partners, sean martin, healthcare cybersecurity, hospital ransomware, ai in medicine, chatgpt clinical use, patient data protection, hipaa business associates, health information leadership, sick care system, non-communicable diseases, human leadership in ai, medical misinformation, prompt accountability, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    32 мин.
  3. The Vendor You Cannot Name | Lens Four by Sean Martin | Read by TAPE9

    11 мая

    The Vendor You Cannot Name | Lens Four by Sean Martin | Read by TAPE9

    ⬥EPISODE NOTES⬥ The most dangerous sentence in cybersecurity disclosure right now is "no evidence of unauthorized access to our network." It is technically true. It is also operationally hollow. The customer whose data is on a leak site does not care which network it left from. The plaintiff in Bexar County does not care. The regulator about to receive a federal incident report under a 72-hour clock that starts at suspicion, not confirmation, will not care. In April 2026, two U.S. banks disclosed an incident at the same unnamed third-party vendor. Six class action lawsuits followed in two weeks. The vendor still has not been publicly named. The plaintiffs sued the banks anyway. In a separate situation, an alleged Adobe breach surfaced through a threat actor's claims about a third-party business process outsourcing firm -- and as of the coverage reviewed for this analysis, no public confirmation or denial from Adobe had surfaced. This is the Common Point of Failure pattern, and it is arriving with enough frequency that it deserves to be named clearly. 🔍 In this edition of Lens Four: — Why "no evidence of unauthorized access to our network" leaves the data, the contract, and the customer out of the picture — and why that omission is doing real damage as regulators, plaintiffs, and customers all collapse the distinction between "our network" and "their network" — How the proposed CIRCIA rule's "reasonable belief" trigger changes the operating math when the suspected source is a third party: the 72-hour clock starts when the SOC analyst flags, not when the legal team confirms — What the NYDFS October 21 2025 industry letter on third-party service providers tells covered entities to do — and how the regulator's prescriptive guidance becomes the de facto checklist for audits, examinations, and enforcement — Why the cyber insurance market, per Woodruff Sawyer's annual Cyber Looking Ahead Guide, is now functioning as a verification mechanism — and why the underwriter and the regulator are now the ones shaping what gets bought, not the threat — Verizon's own analysis of its 2025 Data Breach Investigations Report — drawing on more than 22,000 incidents — found the share of breaches involving a third party doubled year over year, from 15% to 30% — Three things the network sentence leaves out: the data (where it lived, how it was stored, what controls applied), the operating model (how a vendor came to have enough access to produce customer harm), and the chain of accountability (the contractual relationship between named brand and unnamed vendor) — Why the vendor concentration the industry has been selling as "consolidation" for two decades is also the thing concentrating blast radius — and why discovery in the class actions, not voluntary disclosure, is the most likely path to actually naming the vendors — Two CISO conversations the Fourth Lens draws on: Tim Brown on what carries a security leader through the worst day of their career (trust built before the trust was needed, context, perspective, communication), and Joe Sullivan on building cyber teams the way fire departments are built — one team on the go, one on standby, one resting — The Fourth Lens: the program reality is that the named brand is accountable for things happening at a vendor it cannot directly control; the market reality is that the regulator and the insurer have already written the checklist; the messaging reality is that the disclosure language has not caught up to either Fourth Lens: The vendor whose name you do not know is the vendor whose risk you cannot manage. The fix is not in the disclosure language. It is in the operating model the disclosure language is currently helping to obscure. The next twelve to eighteen months — through the first CIRCIA enforcement action, the first court-ordered discovery that names a CPOF vendor, and whatever the next shared-vendor breach turns out to be — will start writing the answer to what a security program is actually for when the breach happens somewhere you cannot reach. 🔗 Full article and references: https://seanmartin.com/lens-four/the-vendor-you-cannot-name 📧 Subscribe to Lens Four: https://seanmartin.com/lens-four 🎙 Redefining CyberSecurity Podcast: https://redefiningcybersecuritypodcast.com 🎧 Music Evolves Podcast: https://musicevolvespodcast.com 🌐 ITSPmagazine: https://itspmagazine.com 🎬 Studio C60: https://studioc60.com Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience across engineering, product development, marketing, and media. He is co-founder of ITSPmagazine (itspmagazine.com) and Studio C60 (studioc60.com), host of the Redefining CyberSecurity Podcast (redefiningcybersecuritypodcast.com) and Music Evolves Podcast (musicevolvespodcast.com), and co-host of On Location (itspmagazine.com/on-location) and Random and Unscripted (randomandunscripted.com). Learn more at seanmartin.com. 🔎 Keywords: Common Point of Failure, third-party risk, vendor breach, breach disclosure, CIRCIA, NYDFS, cyber insurance, CISO accountability, supply chain security, Tim Brown, Joe Sullivan, operational resilience, Sean Martin, Lens Four Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    12 мин.
  4. Who's Managing Your Agent Workforce? (And Whose Budget Are They On?) | Lens Four by Sean Martin | Read by TAPE9

    21 апр.

    Who's Managing Your Agent Workforce? (And Whose Budget Are They On?) | Lens Four by Sean Martin | Read by TAPE9

    Every major enterprise platform this quarter — Salesforce Headless 360, Workday Agent System of Record, Microsoft Copilot Studio, SAP Joule, Oracle agentic, ServiceNow Moveworks, IBM watsonx Orchestrate — is pitching a control plane for your AI agents. But none of them is solving the real problem: who inside your organization actually owns the agent workforce, and who's steering it at the speed agents now act? In this edition of Lens Four, 🔍 In this episode: — Why Workday's line — "Organizations wouldn't hire thousands of employees without an HR system to manage them. The same discipline is now required for AI agents" — exposes the HR-procurement collision everyone is about to run into — Gartner's forecast: by the end of 2026, 40% of enterprise applications will be integrated with task-specific AI agents, up from less than 5% in 2025 — Why Jensen Huang's CES 2025 line — "IT is the HR department of agentic AI in the future" — is half-right, half-wrong, and why Josh Bersin's reframe (HR teams will be the managers and caretakers of AI agents) gets closer — Bain and IDC agreeing that per-seat pricing is ending: by 2028, 70% of software vendors will refactor pricing around consumption, outcomes, or organizational capability — and what that means for the CEO's agenda — The contingent workforce market is real money ($171.5B in 2021, projected to $465.2B by 2031 per Allied Market Research) — and why the contingent-labor playbook is the closest analogy for agents — Aaron Levie's "tokenmaxxing" as the strategic-prioritization problem nobody is ready for — Why the three vendor vocabularies (employee, contractor, software) are all task vocabularies — and why the agent era needs a judgment vocabulary instead — The Fourth Lens: the collision between HR and procurement can go two ways (meteor or dressing), but the real steering question lives upstairs with the CEO, COO, and line-of-business leaders Fourth Lens: The forced consolidation coming over the next twelve to eighteen months solves the plumbing. It doesn't solve the operating model. The organizations that win the next decade of enterprise work will build both the function downstairs that runs the agent roster and the leadership cadence upstairs that sets direction at machine speed. 🔗 Full article and references: seanmartin.com/lens-four/whos-managing-your-agent-workforce 📧 Subscribe to Lens Four: seanmartin.com/lens-four 🎙 Redefining CyberSecurity Podcast: redefiningcybersecuritypodcast.com 🎧 Music Evolves Podcast: musicevolvespodcast.com 🌐 ITSPmagazine: itspmagazine.com 🎬 Studio C60: studioc60.com Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience across engineering, product development, marketing, and media. He is co-founder of ITSPmagazine (itspmagazine.com) and Studio C60 (studioc60.com), host of the Redefining CyberSecurity Podcast (redefiningcybersecuritypodcast.com) and Music Evolves Podcast (musicevolvespodcast.com), and co-host of On Location (itspmagazine.com/on-location) and Random and Unscripted (randomandunscripted.com). Learn more at seanmartin.com. 🔎 Keywords: AI agents, agentic AI, digital workforce, Salesforce Headless 360, Agentforce, AgentExchange, Workday Agent System of Record, ASOR, Salesforce TDX 2026, Aaron Levie, Marc Benioff, Joe Inzerillo, Jensen Huang, Josh Bersin, Jorge Amar, Kate Leggett, Gartner AI agents forecast, IDC FutureScape 2026, Forrester agentic AI, Bain SaaS pricing, Deloitte workforce planning, KPMG total workforce planning, McKinsey hybrid workforce, Futurum sameness, Model Context Protocol, MCP, contingent workforce, ManpowerGroup TAPFIN, Allied Market Research, outcome-based pricing, consumption-based pricing, per-seat obsolescence, tokenmaxxing, CapEx vs OpEx AI, systemic HR, superagents, digital employees, HR-procurement collision, total talent management, workforce orchestration, CEO strategic intent, line-of-business leadership, employee vs contractor classification, Sean Martin, Lens Four Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    31 мин.
  5. DriveThru Hacking: When Your Dashcam Becomes the Attack Vector | A Redefining CyberSecurity Podcast Conversation with Alina Tan and George Chen

    15 апр.

    DriveThru Hacking: When Your Dashcam Becomes the Attack Vector | A Redefining CyberSecurity Podcast Conversation with Alina Tan and George Chen

    ⬥EPISODE NOTES⬥ What if the device quietly recording your daily commute could be turned against you in the time it takes to order a burger? That is not a hypothetical -- it is a demonstrated reality. Alina Tan, Security Architect and Co-Founder of HE&T Security Labs, and George Chen, Security Architect for a large global company, have spent years dissecting the attack surface of connected vehicle peripherals. Their research -- presented at SecTor and Black Hat Asia 2025 -- introduces a novel attack technique they call "DriveThru Hacking": an automated method for compromising dashcams through Wi-Fi within a standard drive-through window. The attack is unsettling in its simplicity. Most dashcams ship with default or easily guessable credentials, and many manufacturers do not even allow users to change them. Within a six-minute exposure window, Alina and George's tool -- DriveThru Hacker -- can discover, connect to, and exfiltrate video, audio, and GPS data from a target dashcam, then use an LLM to stitch together a timeline of the owner's home, workplace, daily routes, and private conversations. The result is a shockingly detailed picture of someone's life, assembled entirely from a device most people never think to secure. The research goes further than individual privacy. George walks through how 4G/5G-connected dashcams dramatically expand the attack surface beyond physical proximity -- opening doors to remote credential stuffing, API privilege escalation, and web-based attacks on cloud-connected accounts. More alarming still, Alina and George demonstrate how compromised dashcams can be converted into a mobile botnet -- a network of roaming, internet-connected nodes whose reach is not bounded by geography. Unlike static IoT devices, these infected cameras move through cities, near sensitive installations, and into places that are deliberately obscured from public maps. The conversation also digs into the broader ecosystem: the infotainment network and CAN bus segmentation (or lack thereof), over-the-air firmware update security, the challenge of detection and response when dashcams have no audit logs whatsoever, and what responsible disclosure looked like when contacting over a dozen manufacturers -- most of whom had no dedicated security inbox and some of whom had no contact information at all. Alina and George close with practical hardening recommendations for both consumers and manufacturers, and a look at what intrusion prevention for embedded devices might look like as this research continues. The connected car conversation has long focused on the vehicle itself. This episode makes the case that the accessories attached to it deserve equal scrutiny -- and that the window to act, like the drive-through line, is shorter than most realize. ⬥GUESTS⬥ Alina Tan, Security Architect and Co-Founder at HE&T Security Labs | Website: https://www.heatsecuritylabs.com/ George Chen, Security Architect for a large global company | On LinkedIn: https://www.linkedin.com/in/geoc/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ HE&T Security Labs | https://www.heatsecuritylabs.com/ DriveThru Hacking Session (Black Hat Asia 2025) | https://blackhat.com/asia-25/sponsored-sessions/schedule/index.html#drivethru-hacking-45214 The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ Redefining CyberSecurity Podcast | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq The Future of Cybersecurity Newsletter | https://itspm.ag/future-of-cybersecurity Connect with Sean Martin | https://www.seanmartin.com/ ⬥KEYWORDS⬥ alina tan, george chen, he&t security labs, sean martin, dashcam security, connected vehicle cybersecurity, iot security, vehicle privacy, drivethru hacking, wi-fi hacking, mobile botnet, automotive cybersecurity, firmware security, over-the-air updates, credential stuffing, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    31 мин.
  6. You're Still Reading the Advisory. The Attacker Already Left. | Lens Four by Sean Martin | Read by TAPE9

    14 апр.

    You're Still Reading the Advisory. The Attacker Already Left. | Lens Four by Sean Martin | Read by TAPE9

    When Anthropic announced Project Glasswing, the headline was the capability: an AI model that found a 27-year-old flaw in OpenBSD and a 17-year-old remote code execution vulnerability in FreeBSD — fully autonomously, no human in the loop after the initial prompt. But the story underneath the capability is a structural one about who gets early intelligence, who sets the disclosure timeline, and what happens to every organization that wasn't in the room. In this edition of Lens Four, Sean Martin examines Project Glasswing through three lenses: the intelligence asymmetry it creates for security programs, what it reveals about the broken assumptions underneath CVE, CVSS, and NIST, and why the equity framing in Glasswing's messaging doesn't survive contact with the data. 🔍 In this episode: Why the 12 Glasswing partners are operating with fundamentally different intelligence than everyone else — not eventually, but today The precise claim: patches flow downstream to everyone, but self-scanning access, pre-public intelligence, and disclosure timeline influence stay inside the coalition How Mythos chains five CVEs into a novel exploit in under 24 hours — and why CVSS has no score for that Why NIST's draft Cyber AI Profile was built before anyone outside Anthropic knew what Mythos could do Casey Ellis of Bugcrowd on the terrain Glasswing can't reach: forgotten firmware, end-of-life routers, the places the industry stopped looking Ed Skoudis of SANS on what it means that AI will surpass all human vulnerability researchers combined within months The Anthropic-DoD standoff and the geopolitical dimension of a Western-only coalition The CSA, SANS, and OWASP joint briefing: 250 CISOs saying the frameworks are already inadequate Fourth Lens: The CVE system was built on human-speed assumptions. CVSS was built on single-flaw assumptions. NIST frameworks were built on governance-speed assumptions. Every one of them was already under pressure. Now they're under pressure from a model that broke them at machine speed. The question worth asking: when the next model crosses this threshold, will the answer to "who gets the defense first" still be determined by who was already at the table? 🔗 Full article and references 🎙 Redefining CyberSecurity Podcast 📧 Subscribe to Lens Four Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience. He is co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and Music Evolves Podcast, and co-host of On Location and Random and Unscripted. 🎙 Keywords: Project Glasswing, Claude Mythos, Anthropic, AI vulnerability discovery, zero-day vulnerabilities, intelligence asymmetry, CVE, CVSS, NIST IR 8596, responsible disclosure, cyber inequity, CrowdStrike 2026 Global Threat Report, WEF Global Cybersecurity Outlook 2026, open-source security, critical infrastructure, autonomous exploit chaining, breakout time, nation-state cyber threats, AI safety, AI governance, CISO, patch management, Casey Ellis, Bugcrowd, Ed Skoudis, SANS Technology Institute, Cloud Security Alliance, OWASP, Sean Martin, ITSPmagazine, Lens Four Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    16 мин.
  7. You Shot the Arrow. The Bow Went With It. | Lens Four by Sean Martin | Read by TAPE9

    8 апр.

    You Shot the Arrow. The Bow Went With It. | Lens Four by Sean Martin | Read by TAPE9

    The marketing problem in cybersecurity isn't a character problem. It's a system problem. In this edition of Lens Four, Sean Martin examines how the credibility debt accumulates, what it costs the security leaders trying to make good decisions, and what vendors, buyers, and the market need to do differently. 🔍 In this episode: A Forrester analyst — on location at a major industry conference — looked around at six hundred booths and wondered whether every vendor had used the same AI model to produce their marketing. That's not a style critique. That's a signal failure Security leaders confirm the same frustration independently: the less a vendor's message connects to the job, the less likely it connects to the business — and the CISO can't translate what the vendor never gave them Two security leaders describe their organizations viewing security as a compliance function — stay compliant, stay out of the news, keep the infrastructure running — not as part of how the business grows Marco Ciappelli on the observation that hasn't changed since 2012: they're still selling the box — this year the box has an AI badge on it How lead generation metrics create a systematic incentive to overclaim — not because the people doing it don't know better, but because the system doesn't reward them for knowing better One vendor instructed their booth team that AI had to be part of every conversation — regardless of whether the person in front of them had asked about AI, needed AI, or would ever use AI Theresa Lanowitz on the binary the market created: full throttle AI or full stop — and why neither is the correct approach Joe Carson on the differentiation collapse: everybody says they can help you secure your AI agents, but there's not a whole lot of differentiation The arrow and the bow: why releasing both at once means you can't shoot again — the next real message has nothing to travel on The boy who cried wolf didn't fail on the first cry — he failed on the last one The Task by Task parallel: credibility comes back the same way it left — one honest message at a time, one proof point instead of a promise, one use case that actually sounds like the buyer's environment Fourth Lens: The industry is spending down the credibility budget that the next real innovation will need. Every overclaim today is a withdrawal from the account that tomorrow's legitimate warning depends on. The path back works the same way the debt accumulated — not through a grand repositioning, but incrementally: one honest message at a time, one specific outcome instead of a superlative, one proof point instead of a promise. Start small. Aim toward an outcome. Build from there. 🎙️ Conversations referenced in this article: Madelein van der Hout, Senior Analyst, Forrester — On Location RSAC Conference 2026 Theresa Lanowitz, Cybersecurity Evangelist and Thought Leader — On Location RSAC Conference 2026 Joe Carson, Chief Security Evangelist and Advisory CISO — On Location RSAC Conference 2026 🔗 Full article and references: seanmartin.com/lens-four/you-shot-the-arrow-the-bow-went-with-it 🌐 RSAC 2026 coverage: itspmagazine.com/rsac26 Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com. Subscribe to Lens Four — Where business, innovation, and messaging come into focus. 🎯 Keywords: cybersecurity marketing, vendor messaging, credibility debt, agentic AI hype, go-to-market strategy, CISO communication, security program investment, technology overclaiming, lead generation metrics, security outcomes vs. features, cybersecurity industry narrative, signal vs. noise, buyer trust erosion, Zero Trust messaging, SIEM evolution, SOAR overpromise, XDR consolidation, agentic AI claims, security vendor differentiation, cybersecurity branding, Madelein van der Hout, Forrester, Theresa Lanowitz, Joe Carson, Marco Ciappelli, ITSPmagazine, Studio C60, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, TAPE9 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    15 мин.
  8. Order of Operations: The Foundation Risk Healthcare AI Is Running Past | Lens Four by Sean Martin | Read by TAPE9

    22 мар.

    Order of Operations: The Foundation Risk Healthcare AI Is Running Past | Lens Four by Sean Martin | Read by TAPE9

    Healthcare's AI ambition and its data infrastructure are moving at different speeds. In this edition of Lens Four, Sean Martin examines what happens when those speeds collide — and who is accountable when the sequence is wrong. 🔍 In this episode: 82% of health systems have limited or no AI governance in place, while deployments proceed — Digital Medicine Society 58% of frontline clinical staff are using unsanctioned AI tools — not out of recklessness, but because approved alternatives don't exist — Wolters Kluwer The vendor trust gap: trusted vendors are shipping AI capabilities into integrated products after contracts are signed, after integrations are built, after due diligence has closed — and most health systems have no mechanism to detect it Jason Kor of HITRUST on what procurement processes aren't built to catch — recorded for the Redefining CyberSecurity Podcast The Stryker attack: a nation-state operation that disrupted hospitals through their supplier — not their own systems Ryan Patrick of HITRUST on why availability of services now sits in the same risk tier as confidentiality of data Who actually owns the patient's data — the provider, the insurer, the vendor, the device manufacturer, the government program, or the patient? TEFCA — the Trusted Exchange Framework and Common Agreement — moves data nationally across eleven Qualified Health Information Networks. It does not move the ownership rights with it The CMS agenda: $1.7 trillion, 160 million Americans, and a policy clock that does not wait for the identity infrastructure to catch up The vocabulary of transformation — what "pilot to production" and "scale" are selecting for, and what they are leaving out Zero Trust reframed as the infrastructure condition that makes trustworthy AI deployment possible — not just a ransomware defense Fourth Lens: Healthcare's AI ambition and its data infrastructure are moving at different speeds — and the patient is where those speeds collide. The program layer is making sequence choices. The market layer is accelerating pressure. The messaging layer is optimizing for ambition. None of it is an argument against innovation. All of it is an argument for discipline — A-to-Z, every dependency, ambiguity, and fragility along the way. 🎙️ Podcast conversations referenced in this article: Jason Kor, HITRUST — Brand Spotlight Ryan Patrick, HITRUST — HIMSS Recap 🔗 Full article and references: seanmartin.com/lens-four 🌐 HIMSS26 coverage: itspmagazine.com Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com. Subscribe to Lens Four — Where business, innovation, and messaging come into focus. 🎯 Keywords: healthcare AI governance, order of operations AI, data foundation healthcare, vendor trust gap, patient data ownership, TEFCA, health information exchange, QHINs, Shadow AI healthcare, third-party risk management, supply chain resilience healthcare, Zero Trust healthcare, CMS interoperability framework, CIA triad healthcare, data integrity AI, identity management healthcare, HITRUST, Jason Kor, Ryan Patrick, Wolters Kluwer, Digital Medicine Society, DiMe, Google for Health, Jon McNeill, John Halamka, Mayo Clinic Platform, Sumbul Ahmad Desai, Apple Health, Daymond John, Dr. Mehmet Oz, Amy Gleason, Kim Brandt, DOGE healthcare, Stryker cyberattack, nation-state healthcare attack, HIMSS26, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, ITSPmagazine Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    20 мин.
См. все (600)

Оценки и отзывы

5
из 5
Оценок: 4

Об этом подкасте

Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, our communities, and our society, in a secure and safe way, we must begin by operationalizing security. Executives are recognizing the importance of their investments in information security and the value it can have on business growth, brand value, partner trust, and customer loyalty. Together with executives, lines of business owners, and practitioners, we are Redefining CyberSecurity.

Информация

  • Канал
    ITSPmagazine Podcasts
  • Автор
    Sean Martin, ITSPmagazine
  • Годы выхода
    2022 - 2026
  • Выпуски
    600
  • Ограничения
    Без ненормативной лексики
  • Авторские права
    © Copyright 2015-2025 ITSPmagazine, Inc. All Rights Reserved
  • Сайт подкаста
    Redefining CyberSecurity

Еще от провайдера «ITSPmagazine Podcasts»

Вам может также понравиться