Redefining CyberSecurity
Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, our communities, and our society, in a secure and safe way, we must begin by operationalizing security. Executives are recognizing the importance of their investments in information security...
10
When AI Touches Everything: Operationalizing the Five Most Dangerous New Attack Techniques at RSAC 2026 | A Redefining CyberSecurity Podcast Conversation with Ed Skoudis, President of SANS Technology Institute and Founder & CEO of Counter Hack
<h3>Show Notes</h3> <p>For ten years, Ed Skoudis has curated one of the most anticipated sessions at RSA Conference: SANS' "Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders." The session has always been a hit -- standing room only on the main stage -- but this year, Ed says something has changed. Not one or two topics with an AI component. All five.</p> <p>Ed is deliberate about how the session comes together. He starts with people, not topics. He builds the panel around SANS instructors who bring front-line insight, and he starts the process...
When Cyber Meets Physical: Building Executive and Employee Protection Programs That Actually Work | A Redefining CyberSecurity Podcast Conversation with Roland Cloutier, Principal of The Business Protection Group
<p>⬥EPISODE NOTES⬥</p> <p>The conversation that led to this episode started with a LinkedIn post -- and it quickly surfaced a challenge that security leaders across industries are wrestling with but rarely talk about openly: who is actually responsible for protecting the people inside an organization, not just the systems they use?</p> <p>Roland Cloutier has sat in some of the most demanding security leadership seats in the world -- Global CSO at TikTok/ByteDance, a decade as Global CSO at ADP, and VP and CSO at EMC -- and he now advises CISOs and CSOs through The...
Adapting to the Speed of Risk: Why GRC Programs Must Move with the Business | A Brand Highlight Conversation with Steve Schlarman, Senior Director of Archer
<p>Archer is redefining what it means to manage governance, risk, and compliance in an environment defined by constant change. Steve Schlarman, Senior Director at Archer, has spent nearly two decades helping organizations understand why their traditional GRC approaches are falling short and what it takes to close the gap.</p> <p>The forces challenging organizations today are well known: velocity of change, volume of change, and the uncertainty that compounds both. What makes the problem acute is timing. Annual audit cycles and quarterly risk assessments produce reports that reflect a reality that has already shifted by the time decision...
Task by Task: The Workflows We're Handing to AI — One Decision at a Time | Lens Four by Sean Martin | Read by TAPE9
<p>Nobody decided to build a human-optional workflow — they just kept making reasonable procurement decisions, task by task, until the human became optional across hiring, contracting, finance, and security operations. Sean Martin traces what organizations have actually assembled, where accountability lives when it goes wrong, and why the regulatory window for getting ahead of it is closing faster than most leaders realize.</p> <p>In this edition of Lens Four, Sean Martin looks at the agentic AI landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.</p> <p>🔍 In this episode:</p> Why organizations are building...
The 72-Minute Gap: What the Breaches, the Vendors, and the Messaging Are Actually Telling Us | Lens Four by Sean Martin | Read by TAPE9
<p>Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means.</p> <p>In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.</p> <p>🔍 In this episode:</p> Why identity-driven attacks now account for 65% of initial access and what that means for security programs The CISO who replaced the entire SOC with AI-driven automation — and the math behind the decision 375 AI securi...
SOC Automation and the AI-Driven Future of Cybersecurity Defense | A Redefining CyberSecurity Podcast Conversation with Richard Stiennon, Chief Research Analyst of IT-Harvest
<p>⬥EPISODE NOTES⬥</p> <p>The security operations center has always been a battleground of volume, velocity, and human endurance. Analysts have long faced the impossible math of too many alerts, too few hours, and too much at stake. For years, the industry promised automation would change that equation -- but the technology was never quite ready to deliver. That moment, according to Richard Stiennon, has now arrived.</p> <p>Stiennon, Chief Research Analyst at IT-Harvest, has spent two decades tracking every corner of the cybersecurity vendor landscape. His data now shows more than 61 net-new SOC automation vendors -- companies that...
Speaking Security with a Business Accent: Why Being Right Isn't Enough If Nobody Listens | A Redefining CyberSecurity Podcast Conversation with Josh Mason
<p>⬥EPISODE NOTES⬥</p> <p>What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands.</p> <p>Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where miss...
The Autonomous SOC Is No Longer a Dream | A Brand Highlight Conversation with Subo Guha, Senior Vice President of Product Management of Stellar Cyber
<p>What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.</p><p>How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls...
The New Identity Risk AI Agents Bring to the Enterprise | A Brand Highlight Conversation with Ido Shlomo, Co-Founder & CTO of Token Security
<p>What happens when AI agents inherit access to enterprise systems but nobody governs their identities? Ido Shlomo, Co-Founder and CTO of Token Security, joins the conversation to unpack a rapidly growing challenge that many organizations face but few have addressed. As businesses accelerate AI adoption, agents are being deployed to fetch data from CRMs, process emails, and execute actions across platforms. The problem is that these agents often operate with persistent access, no clear ownership, and little visibility into what they can reach.</p><p>How should security teams approach AI agent identity governance? Shlomo explains that the first...
KEVology: How Exploit Scores and Timelines Shape Real Security Decisions | A Brand Highlight Conversation with Tod Beardsley, Vice President of Security Research of runZero
<p>The CISA Known Exploited Vulnerabilities (KEV) catalog is one of the most referenced resources in vulnerability management, but how well do security teams actually understand what it tells them? In this Brand Highlight, Tod Beardsley, Vice President of Security Research at runZero and former CISA section chief who helped manage the KEV on a daily basis, breaks down what the catalog is designed to do and, just as importantly, what it is not.</p><p>What is the KEV catalog and who is it really for? The KEV is mandated by Binding Operational Directive 22-01 (BOD 22-01), which tasks...
