In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today’s financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization. Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security conf...
Jun 02, 2025•11 min•Ep. 2414
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Aram Hovsepyan, an active contributor to the OWASP SAMM project, brings a critical perspective to how the industry approaches security metrics, especially in vulnerability management. His message is clear: the way we collect and use metrics needs a serious rethink if we want to make real progress in reducing risk. Too often, organizations rely on readily available tool-generated metrics—like vulnerability counts—without pa...
May 31, 2025•16 min•Ep. 2413
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Starr Brown, Director of Open Source Projects and Programs at OWASP, unpacks the real engine behind the organization’s impact: the projects and the people driving them forward. With over 130 active projects, OWASP continues to expand its open source contributions to improve software security across the board. While the OWASP Top 10 remains its most recognized initiative, Starr points out that it’s just one among many. Othe...
May 30, 2025•9 min•Ep. 2412
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sarah-Jane Madden brings a unique lens to application security, shaped by her journey from developer to security leader and CSO. Speaking at OWASP AppSec Global, she tackles one of today’s most pressing concerns: how AI is reshaping software engineering—and how we must respond without compromising core values like quality and security. Madden emphasizes that AI is only the latest in a series of major disruptions, comparing...
May 30, 2025•15 min•Ep. 2411
When it comes to data protection, the word “immutability” often feels like it belongs in the realm of enterprise giants with complex infrastructure and massive budgets. But during this RSAC Conference conversation, Sterling Wilson, Field CTO at Object First, makes a strong case that immutability should be, and can be, for everyone. Wilson brings a grounded perspective shaped by his experience on the floor at RSAC, where Object First made its debut as a sponsor. The energy, he notes, was contagio...
May 30, 2025•15 min•Ep. 2410
From Cassette Tapes and Phrasebooks to AI Real-Time Translations — Machines Can Now Speak for Us, But We’re Losing the Art of Understanding Each Other May 21, 2025 A new transmission from Musing On Society and Technology Newsletter, by Marco Ciappelli There’s this thing I’ve dreamed about since I was a kid. No, it wasn’t flying cars. Or robot butlers (although I wouldn’t mind one to fold the laundry). It was this: having a real conversation with someone — anyone — in their own language, and actu...
May 30, 2025•7 min•Ep. 2409
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Josh Grossman, co-leader of the OWASP Application Security Verification Standard (ASVS) project, shares key updates and strategic thinking behind the release of ASVS version 5. This release, years in the making, reflects a renewed focus on making the standard more approachable, practical, and actionable for development teams and security leaders alike. ASVS is designed to provide a comprehensive and verifiable set of secur...
May 29, 2025•14 min•Ep. 2408
Jim Manico’s passion for secure coding has always been rooted in deeply technical practices—methods that matter most to developers writing code day in and day out. At OWASP Global AppSec EU 2025 Conference in Barcelona, Manico brings that same precision and care to a broader conversation around the intersection of application security and artificial intelligence. While many are still just beginning to assess how AI impacts application development, Manico has been preparing for this moment for ye...
May 29, 2025•18 min•Ep. 2407
The introduction of the Cyber Resilience Act (CRA) marks a major shift for the software industry: for the first time, manufacturers are being held accountable for the cybersecurity of their products. Olle E. Johansson, a long-time open source developer and contributor to the Asterisk PBX project, explains how this new regulation reshapes the role of software creators and introduces the need for transparency across the entire supply chain. In this episode, Johansson breaks down the complexity of ...
May 29, 2025•14 min•Ep. 2406
During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements. Spyros emphasizes that true progress in se...
May 29, 2025•17 min•Ep. 2405
⬥ GUESTS ⬥ Frida Torkelsen , PhD | AI Solution Architect at Newcode.ai | On LinkedIn: https://www.linkedin.com/in/frida-h-torkelsen/ Maged Helmy , PhD | Assoc. Professor - AI at University of South-Eastern Norway and Founder & CEO of Newcode.ai | On LinkedIn: https://www.linkedin.com/in/magedhelmy/ ⬥ HOST ⬥ Host: Sean Martin , Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com ⬥ E...
May 26, 2025•44 min•Ep. 2404
During the upcoming OWASP Global AppSec EU in Barcelona, Kate Labunets, a cybersecurity researcher focused on human factors and usable security, takes the stage to confront a disconnect that too often holds the industry back: the gap between academic research and real-world cybersecurity practice. In her keynote, “Outside the Ivory Tower: Connecting Practice and Science,” Kate invites practitioners to reconsider their relationship with academic research—not as something removed from their daily ...
May 26, 2025•20 min•Ep. 2403
As InfoSecurity Europe prepares to welcome cybersecurity professionals from across the globe, Rob Allen, Chief Product Officer at ThreatLocker, shares why this moment—and this location—matters. Allen doesn’t frame the conversation around hype or headlines. Instead, he focuses on a universal truth: organizations want to sleep better at night knowing their environments are secure. ThreatLocker’s mission is grounded in achieving Zero Trust in a simple, operationally feasible way. But more than that...
May 22, 2025•23 min•Ep. 2402
In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security. At the heart of the discussion is the question: Can my AI be hacked? Peter’s answer is a firm “...
May 22, 2025•24 min•Ep. 2401
As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment...
May 22, 2025•25 min•Ep. 2400
At RSAC Conference 2025, the conversation with Rob Allen, Chief Product Officer at ThreatLocker, centered on something deceptively simple: making cybersecurity effective by making it manageable. During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught...
May 21, 2025•17 min•Ep. 2399
At RSAC 2025, the most urgent signals weren’t necessarily the loudest. As ISACA board member and cybersecurity veteran Rob Clyde joins Sean Martin and Marco Ciappelli for a post-conference recap, it’s clear that conversations about the future of the profession—and its people—mattered just as much as discussions on AI and cryptography. More Than a Job: Why Community Matters Rob Clyde shares his long-standing involvement with ISACA and reflects on the powerful role that professional associations p...
May 21, 2025•24 min•Ep. 2398
In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance. Not All AI Is Created Equal: The Archer Approach RSAC 2025 was buzzing with innovation, but for Steve Schla...
May 21, 2025•8 min•Ep. 2397
Guest: Guest: Jeremy Lasman Website: https://www.jeremylasman.com LinkedIn: https://www.linkedin.com/in/jeremylasman _____________________________ Host: Marco Ciappelli , Co-Founder at ITSPmagazine [ @ITSPmagazine ] and Host of Redefining Society & Technology Podcast Visit Marco's website 👉 https://www.marcociappelli.com _____________________________ This Episode’s Sponsors BlackCloak 👉 https://itspm.ag/itspbcweb _____________________________ Show Notes Blog: In this thought-provoking epis...
May 20, 2025•42 min•Ep. 2396
The Out of Tune Instruments On the bank of a stream, where a great many colorful little fish swam, lived a small family: mamma, babbo, and their seven children — four boys and three girls. Their house was a bit far from the town of Strumentopoli, but being close to the stream and next to the Great Forest made it a wonderful place to live. Mamma lovingly tended the vegetable garden. Babbo, on the other hand, was a woodworker who crafted musical instruments from the finest trunks, chosen among the...
May 18, 2025•9 min•Ep. 2395
At OWASP AppSec Global in Barcelona, the focus is clear: building secure software with and for the community. But it’s not just about code or compliance. As Avi Douglen, OWASP Foundation board member, describes it, this gathering is a “hot tub” experience in contrast to the overwhelming scale of mega conferences. It’s warm, immersive, and welcoming—designed for people who want to contribute, connect, and create. OWASP is more than just another security organization. It’s a community-driven found...
May 15, 2025•23 min•Ep. 2394
Small and medium-sized enterprises (SMEs) continue to be at a disadvantage when it comes to cybersecurity—not because the risks are unclear, but because the means to address them remain out of reach for many. In this episode, Professor Steven Furnell of the University of Nottingham highlights the real barriers SMEs face and shares the thinking behind a new approach: creating cybersecurity communities of support. The research behind this project, supported by the University and its partners, expl...
May 15, 2025•24 min•Ep. 2393
The Future Is a Place We Visit, But Never Stay May 9, 2025 A Post-RSAC 2025 Reflection on the Kinda Funny and Pretty Weird Ways Society, Technology, and Cybersecurity Intersect, Interact, and Often Simply Ignore Each Other. By Marco Ciappelli | Musing on Society and Technology Here we are — once again, back from RSAC. Back from the future. Or at least the version of the future that fits inside a conference badge, a branded tote bag, and a hotel bill that makes you wonder if your wallet just got ...
May 10, 2025•8 min•Ep. 2392
When artificial intelligence can generate code, write tests, and even simulate threat models, how do we still ensure security? That’s the question John Sapp Jr. and Alex Kreilein examine in this energizing conversation about trust, risk management, and the future of application security. The conversation opens with a critical concern: not just how to adopt AI securely, but how to use it responsibly. Alex underscores the importance of asking a simple question often overlooked—why do you trust thi...
May 08, 2025•15 min•Ep. 2391
In this episode of On Location at RSAC Conference 2025, Phillip Miller—Chief Information Security Officer and founder of Corporal—offers a candid and practical look at the current realities of cybersecurity leadership, innovation ecosystems, and the business-first mindset required to drive effective security outcomes. With a unique background that blends enterprise cybersecurity leadership and hands-on work on his Virginia farm, Miller brings a grounded perspective to the CISO role. Over the pas...
May 07, 2025•26 min•Ep. 2390
Fred Wilmot, CEO and co-founder of Detecteam, and Sebastien Tricaud, CTO and co-founder, bring a candid and critical take on cybersecurity’s detection and response problem. Drawing on their collective experience—from roles at Splunk, Devo, and time spent in defense and offensive operations—they raise a core question: does any of the content, detections, or tooling security teams deploy actually work? The Detecteam founders challenge the industry’s obsession with metrics like mean time to detect ...
May 07, 2025•22 min•Ep. 2389
In this episode, Subo Guha, Senior Vice President of Product Management at Stellar Cyber, shares how the company is reshaping cybersecurity operations for managed service providers (MSPs) and their customers. Stellar Cyber’s mission is to simplify security without compromising depth—making advanced cybersecurity capabilities accessible to organizations without enterprise-level resources. Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint ...
May 07, 2025•20 min•Ep. 2388
Organizations are demanding more from their IT management platforms—not just toolsets, but tailored systems that meet specific business and security objectives. Vivin Sathyan, Senior Technology Evangelist at ManageEngine, shares how the company is responding with an integrated approach that connects IT, security, and business outcomes. ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service ...
May 07, 2025•20 min•Ep. 2387
Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn’t on commoditized services—it’s on wha...
May 06, 2025•28 min•Ep. 2386
Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes’ original design. Emily outl...
May 06, 2025•30 min•Ep. 2385
