Redefining CyberSecurity
Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, our communities, and our society, in a secure and safe way, we must begin by operationalizing security. Executives are recognizing the importance of their investments in information security...
10
The Hidden Risk Inside Your Build Pipeline: When Open Source Becomes an Attack Vector | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin
<p>⬥EPISODE NOTES⬥</p><p>Modern application development depends on open source packages moving at extraordinary speed. Paul McCarty, Offensive Security Specialist focused on software supply chain threats, explains why that speed has quietly reshaped risk across development pipelines, developer laptops, and CI environments.</p><p>JavaScript dominates modern software delivery, and the npm registry has become the largest package ecosystem in the world. Millions of packages, thousands of daily updates, and deeply nested dependency chainsഴ് often exceeding a thousand indirect dependencies per application. That scale creates opportunity, not only for innovation, but for adversaries who understand how developers actually build so...
Rethinking Public Health Workflows Through Automation and Governance: Why Data Modernization May Be The Key | A Conversation with Jim St. Clair | Redefining CyberSecurity with Sean Martin
<p>⬥EPISODE NOTES⬥</p><p>Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.</p><p>Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and...
AI, Quantum, and the Changing Role of Cybersecurity | ISC2 Security Congress 2025 Coverage with Jon France, Chief Information Security Officer at ISC2 | On Location with Sean Martin and Marco Ciappelli
<p>What Security Congress Reveals About the State of Cybersecurity</p><p>This discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today. </p><p>Themes That Stand Out</p><p>AI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how...
A Practical Look at Incident Handling: How a Sunday Night Bug Bounty Email Triggered a Full Investigation | A Screenly Brand Spotlight Conversation with Co-founder of Screenly, Viktor Petersson
<p>This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validate the strength of their culture and workflows.</p><p>Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting...
Inside the Economics That Shape Modern Cybersecurity Innovations: How the Cybersecurity Startup Engine Really Works | A Conversation with Investor and Author, Ross Haleliuk | Redefining CyberSecurity with Sean Martin
<p>⬥EPISODE NOTES⬥</p><p>Understanding the Startup Engine Behind Cybersecurity</p><p>This episode brings Sean Martin together with Ross Haleliuk, author, investor, product leader, and creator of Venture Insecurity, for a candid look at the forces shaping cybersecurity startups today. Ross shares how his decade of product leadership and long involvement in the security community give him a unique perspective on what drives founders, what creates market gaps, and why new companies keep entering a space already full of tools.</p><p>Why Security Produces So Many Products</p><p>Ross explains that the large number of security tool...
Beg Bounty: The New Wave of Unrequested Bug Claims and What They Mean | A Conversation with Casey Ellis | Redefining CyberSecurity with Sean Martin
<p>⬥EPISODE NOTES⬥</p><p>Understanding Beg Bounties and Their Growing Impact</p><p>This episode examines an issue that many organizations have begun to notice, yet often do not know how to interpret. Sean Martin is joined by Casey Ellis, Founder of Bugcrowd and Co-Founder of disclose.io, to break down what a “beg bounty” is, why it is increasing, and how security leaders should think about it in the context of responsible vulnerability handling.</p><p>Bug Bounty vs. Beg Bounty</p><p>Casey explains the core principles of a traditional bug bounty program. At its core, a bug boun...
Building a Real Security Culture: Why Most AppSec Champion Programs Fall Short | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 5 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9
<p>Most organizations have security champions. Few have a real security culture.</p><p>In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.</p><p>🔍 In this episode:</p>Why compliance training doesn’t build cultureThe data showing champion programs lack leadership and incentive alignmentHow developers, AppSec teams, and business leaders each contribute to the gapInsights from OWASP, ENISA, and Forrester on what’s missing<p>Sean’s Take:</p><p>When security culture is treated as a checkbox...
Bridging the Cybersecurity Divide Between the Haves and Have-Nots: Lessons from Australia’s CISO Community | A Conversation with Andrew Morgan | Redefining CyberSecurity with Sean Martin
<p>⬥GUEST⬥</p><p>Andrew Morgan, Chief Information Security Officer | On LinkedIn: https://www.linkedin.com/in/andrewmorgancism/</p><p>⬥HOST⬥</p><p>Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com</p><p>⬥EPISODE NOTES⬥</p><p>The cybersecurity community has long recognized an uncomfortable truth: the gap between well-resourced enterprises and underfunded organizations keeps widening. This divide isn’t just about money; it’s about survivability. When a small business, school, or healthcare provider is hit with a major breach, the likelihood of permanent clo...
How to Stay Resilient When Cybercrime Becomes Your Competition | A Conversation with Author and Former FBI Agent, Eric O'Niell | Redefining CyberSecurity with Sean Martin
<p>⬥GUEST⬥</p><p>Eric O'Neill, Keynote Speaker, Cybersecurity Expert, Spy Hunter, Bestselling Author. Attorney | On Linkedin: https://www.linkedin.com/in/eric-m-oneill/</p><p>⬥HOST⬥</p><p>Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com</p><p>⬥EPISODE NOTES⬥</p><p>In this episode of the Redefining CyberSecurity Podcast, host Sean Martin reconnects with Eric O’Neill, National Security Strategist at NeXasure and former FBI counterintelligence operative. Together, they explore how cybercrime has matured into a global economy—and why organizations of every size must...
CI/CD Pipeline Security: Why Attackers Breach Your Software Pipeline and Own Your Build Before Production | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 4 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9
<p>Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.</p><p>This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.</p><p>🔍 In this episode:</p>A 188% surge in malicious open-source packages (Sonatype 2025)30% of 2024 cyberattacks traced to suppliers (Financial Times 2025)47% of organizations unable to assess pipeline risk (ENISA 2023)CISA labels build systems “high-value targets” (2025)<p>Sean’s Take:</p><p>The pipeline is production. Integrity beats visibility. Security must flow through delivery.</p><p>Catch the full companion article in the Future of Cybersecuri...
