In this episode, Steve Bowcut's guest is Adam Shostack. In this discussion focused on Threat Modeling in Modern Software Development, Adam, a threat modeling expert, lends a unique and compelling perspective. Adam offers a glimpse into his work at Shostack & Associates and provides a high-level overview of threat modeling. Steve and Adam discuss the primary benefits of threat modeling, and listeners are provided with an insider's view of the process. Adam talks about his new book:...

Steve Bowcut's guest for episode S4E20 is Matt Polak. Matt is the CEO and Founder of Picnic Corporation. Picnic is a cybersecurity firm providing enterprise-wide protection from social engineering. The topic for this episode is The Role of OSINT in Social Engineering and How to Manage Your Human Attack Surface. Matt explains the role of social engineering in today's cyber attacks and talks about why it is so successful. Drawing on his vast experience, he shares what information hackers look...

Our guest for Episode S4E19 is Dr. Carmit Yadin, the Founder & CEO at DeviceTotal—the industry’s first universal repository platform providing security data for devices enabling companies to assess current risks that deployed devices post and potential future risks arising from adding new devices to their networks. The topic for this fun and informative conversation is how you can automatically identify the security posture of your devices. Dr. Yadin explains how the ever-increasing...

In Episode S4E18, Thomas Pore, the Senior Director of Product for LiveAction—a leader in network security and performance visibility—talks with Steven Bowcut about some of the benefits of AI-driven anomaly detection and predictive threat intelligence. In this podcast, you'll learn how LiveAction's AI-driven anomaly detection and predictive threat intelligence can help you detect and prevent security incidents before they happen. Tom discusses the primary advantages these two technologies...

In Episode S4E17, Frederick Hirsch, an independent consultant and a co-author of the IoT Security Maturity Model (SMM) Practitioner’s Guide, speaks with the host, Steve Bowcut, about the SMM profile for Digital Twins.  Frederick explains digital twins and gives some practical examples of how they are used. Steve and Frederick explore some of the security issues related to digital twins, including how they can help solve complex security challenges. Frederick provides an excellent overview...

In Episode S4E16, our guest is Abhay Bhargav, the Founder of we45 — a focused Application Security Company, and the Chief Research Officer of AppSecEngineer — an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security, and DevSecOps. The topic Steve Bowcut and Abhay discuss is The Application Security Skills Gap. Abhay gives an informative view of the scope of the skills gap for application security and explains why he thinks the shortage of skilled...

In Episode S4E15, Steve Bowcut talks about encrypted collaboration with István Lám, the co-founder and CEO at Tresorit—a global leader in cloud encryption. István explains why staying in control of your data is important when collaborating with others and shares how Tresorit’s end-to-end encryption technology protects email and documents. He discusses Tresorit's idea of Zero Knowledge and why it's important.  About our Guest István Lám is a cryptographer, computer scientist,...

In Episode S4E14, Steve Bowcut talks about Zero Trust Network Access with two well-informed guests. On the show are two executives from the cybersecurity firm Syxsense, Mark Reed, CTO, and Dave Taylor, CMO. The term Zero Trust is sometimes misapplied or misunderstood in the security industry, so our guests thoroughly describe what the term means and how they use it in their business. Mark and Dave explain the role of a zero trust strategy in today’s endpoint protection and what it takes to...

In Episode S4E13, our guest is Tom Reilly, the President of Commend Americas. This discussion focuses on Unified Communications Solutions. We talk about what they are, how organizations use them, and what providers of these solutions should be doing to protect the networks they reside on and the data they have a stewardship to protect. The host, Steve Bowcut, asks Tom to explain the cybersecurity protocols solution providers should use to protect infrastructure and data. Tom elaborates on...

In Episode S4E12, our guest is Jim Nitterauer, Director of Information Security at Graylog. In a fun and informative conversation, BSM's Steve Bowcut and Jim discuss how organizations can move cybersecurity from a cost center to a revenue enabler.  Steve asks Jim to: Discuss some of the costs organizations face trying to protect their systems, infrastructure, and data. Explain why security isn't typically viewed as a revenue enabler like other software costs often are. Tell us why...

In Episode S4E11, our guest is Ray Steen, Chief Strategy Officer of the IT managed services firm, MainSpring. In a fascinating and informative discussion, BSM's Steve Bowcut and Ray talk about: The common vulnerabilities threat actors exploit to launch a ransomware attack. The relationship between the size of a business and the likelihood it will be a victim of Ransomware. What small businesses and SMBs can do to protect against a ransomware attack, and what should they do if they...

In Episode S4E10, our guest is Paul Nicholson, Senior Director of Product Marketing for A10 Networks. Paul gives us insight into the new 2022 A10 Networks DDoS Threat Report. We talk about what you can expect to learn from the report, the methodology used, and critical findings. Paul explains A10’s ability to precisely track the origins of DDoS weapons activity as we discuss some of the activities A10 discovered leading up to the war in Ukraine.  About our Guest Paul Nicholson brings 25...

In Episode S4E9, our guest is Ben Rowe, Cloud & Security Architect for Arcules. We discuss System and Organization Controls (SOC) level 2 type 2 certification in video-as-a-service (VaaS) and other cloud-based security systems providers. Ben gives us a high-level overview of what the SOC audit covers, and we dive into why physical security SaaS providers need to pursue SOC 2 attestation. He explains the process for achieving SOC 2 Type 2.  About our Guest Ben Rowe serves as the Cloud...

In Episode S4E8 Steve Bowcut, Editor at Brilliance Security Magazine, and John Rezzonico, CEO at Edge 360, discuss what it means to build a Video Management System using modern IT processes and solutions. They examine why VMS solutions have historically been slow to adopt advanced IT practices. John provides an explanation of the benefits of containerization and why physical security video system users should look for a fully containerized VMS. About our Guest As CEO at Edge360, John is...

Our topic for Episode S4E7 is Understanding and Communicating Cyber Risk. Our guest is Greg Spicer, CRO and Co-Founder of Ostrich Cyber-Risk.  BSM's editor, Steve Bowcut, asks Greg to: Discuss the importance of prioritizing mitigation and remediation efforts. Explain some crucial elements of risk scoring; what should be considered in the scoring process? Explain how the concept of “proximity-blindness” impacts risk analysis. Discuss some of the challenges security teams face when...

The topic for Episode S4E6 is supply chain security and what to expect in the next year. Our guest is Farshad Abasi, Founder and Chief Security Officer of Forward Security. In a fun and interesting conversation, Farshad and Steve Bowcut cover: What supply chain attacks are and how they happen, including some examples Why supply chain attacks are such a serious threat What the industry can expect regarding supply chain attacks in the next year What preventative measures...

In Episode S4E5, we have as our guests two individuals who are distinguished by their work with the Industry IoT Consortium (IIC). Bassam Zarkout—Executive Vice President IGnPower Inc. and the Chief Editor of the Industrial IoT Artificial Intelligence Framework (IIAIF). Wael Diab—Chair IIC Industrial AI Task Group and Secretary IIC Steering Committee. About the IIC Since its founding in 2014, the IIC has helped build a technical foundation for the Industrial IoT. They work to help...

In Episode S4E4, we have two guests. We talk with Jonatan Altszul, CEO at BitTrap and Ariel Futoransky, BitTrap’s CTO. Our topic is A Novel Approach to Security Bug Bounties. BitTrap helps companies find breaches faster by installing wallets with risk-adjusted bounties. When an attacker cashes a wallet, they notify the company of the breach so they can take remediation actions to patch it. Some of the topics we cover include: Why bug bounties are necessary What works and what can be...

In this episode, our guest is Slava Bronfman, CEO and Co-founder at Cybellum and we talk about product supply chain security. Cybellum provides a product security platform, enabling teams to manage security across the entire product lifecycle - from highly detailed SBOMs to automatic vulnerability management, ongoing incident response, and continuous monitoring. We touch on:  Cybersecurity risks, such as open-source or supply chain software Some things product manufacturers can do to...

In Episode S4E2 our guest is David Vincent, VP of Product Strategy and the chief security evangelist at Appsian Security. Our topic is Automated Controls for Compliance - How and Why. Appsian provides ERP security below the network layer. David shares his insights about: Challenges associated with manually maintaining compliance. How automated controls can affect compliance. Leading practices for effective Data Security & Privacy Compliance. And more. David Vincent has...

In Episode S4E1 our guest is Purandar Das, CEO and Co-Founder at Sotero. We discuss the future of ransomware and explore some recent trends in data security.  We touch on topics such as: Anomaly detection at the data level Machine-learning in ransomware protection Possible future trends for ransomware Sotero offers the first field-level, universal data protection platform allowing you to consolidate all your data instances, applications, and security products into one...

In Episode S3E14 our guest is Jeff Macre - a Cybersecurity Project Manager at 1898 & Co. and we discuss the critical labor shortage, or skills gap, current in the areas of IT and OT cybersecurity.  1898 & Co. is part of Kansas City, Missouri-based engineering firm Burns & McDonnell - one of countries largest engineering firms - and Jeff is responsible for leading successful projects that bring real value to Burns & Mac clients. During his career, Jeff has successfully led...

In Episode S3E13, our guest is Corey Nachreiner, Chief Security Officer at WatchGuard Technologies. Corey is a front-line cybersecurity expert for nearly two decades; he regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles. Corey is the primary contributor to the Secplicity Community, which provides daily videos and content on the latest security threats, news,...

Episode S3E12 features an informative conversation with Slava Bronfman, the Co-founder and CEO at Cybellum. Cybellum is a global leader providing integrated cyber solutions for the leading device manufactures, including automobiles. We discuss the cybersecurity risks associated with the automotive industry and what can be done to mitigate those risks.  In his role as CEO at Cybellum, Slava is responsible for the business, sales, and marketing operations, working with manufacturers and...

In Episode S3E11 our guest is Dr. Bill Anderson, President of CIS Mobile. Dr. Anderson is a security industry executive with extensive leadership experience founding, funding, and operating security software companies. He has previously served as Vice President, Technology Investments at Allied Minds where he managed a portfolio of information security, quantum, and semiconductor design companies. Bill has held executive roles in product management and marketing at several public and private...