🎙️ When AI writes code, builds models, and simulates threats… who checks the checker?

In this last On Location Conversation from #RSAC2025, Alex Kreilein and John Sapp Jr. join Sean Martin, CISSP to explore what trust actually means in the age of AI-generated security tooling — and how modern #AppSec teams must rethink validation, #resiliency, and #risk.

This episode cuts deep into:

Why “trust the output” is not enough in AI-driven workflows
How #AI security debt is becoming the new tech debt
Why we need #zerotrust thinking applied to models and agents
The real shift: from patching CVEs to building resilient architecture
The role of traceability, governance, and context-driven decision-making

If you’re serious about secure AI, application security, and shifting AppSec left (the right way), this conversation will challenge what you think you know — and help reframe what secure development actually looks like.

🎥 Watch the full video:
👉 https://youtu.be/kJdQz9LmT6s

🎧 Listen to the audio podcast:
👉 https://eventcoveragepodcast.com/episodes/why-we-cant-completely-trust-the-intern-even-if-its-ai-an-rsac-conference-2025-conversation-with-alex-kreilein-and-john-sapp-jr-on-location-coverage-with-sean-martin-and-marco-ciappelli

✨ Thank you to our Full Coverage Sponsors:
ThreatLocker 👉 https://itspm.ag/threatlocker-r974
Akamai Technologies 👉 https://itspm.ag/akamailbwc
BLACKCLOAK 👉 https://itspm.ag/itspbcweb
SandboxAQ 👉 https://itspm.ag/sandboxaq-j2en
Archer Integrated Risk Management 👉 https://itspm.ag/rsaarchweb
ISACA 👉 https://itspm.ag/isaca-96808
Object First 👉 https://itspm.ag/object-first-2gjl
Edera 👉 https://itspm.ag/edera-434868

🎙️ Explore more RSAC 2025 coverage:
👉 https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

🎧 Catch all of our event conversations:
👉 https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

🎤 Want to tell your Brand Story Briefing as part of our coverage?
👉 https://itspm.ag/evtcovbrf

📆 Want Sean Martin, CISSP and Marco Ciappelli to cover your event or moderate your panel?
👉 https://www.itspmagazine.com/contact-us

#RSAC2025 #cybersecurity #AppSec #AIsecurity #zerotrust #infosec #securityleadership #riskmanagement #technology #eventcoverage #secureAI #shiftleft #CISO

⚠️ SOC risk: Agentic AI needs onboarding — not blind trust 🤖🧠

AI isn’t a silver bullet. It’s a junior analyst that shows up knowing nothing about your environment. If you don’t train it, you’ll get:

🚫 False positives
📉 Overlooked incidents
🔁 Reinforced noise from bad data
⚙️ Automated dysfunction at scale

To make AI useful, leaders must:

📂 Feed it context — incident history, playbooks, and policy nuance
👥 Coach it like a team member
🧪 Test edge cases before trusting outputs
🔄 Build feedback loops to improve it over time

This isn’t about replacing people. It’s about teaching your AI to work like your people.

#CyberSecurity #AgenticAI #AIOnboarding #SOC #ThreatOps #SecurityLeadership #security #privacy #cloud #infosec

https://www.helpnetsecurity.com/2025/04/24/agentic-ai-onboarding/

CISO Chicago 2025 https://www.semanarioregionaldenoticias.com/event/ciso-chicago-2025/
-
#CISOChicago #CISOChicago2025
#Cybersecurity
#InfoSec
#CISO
#CyberSecurityEvent
#SecurityLeadership
#CyberRisk
#InfoSecLeadership
#ZeroTrust
#ThreatIntelligence
#CyberResilience
#TechSecurity
#CyberThreats
#IncidentResponse
#CyberStrategy
#BusinessContinuity
#EmergingTechSecurity
#SecurityInnovation
#CISOConference
#ChicagoCyberSecurity

Are cybersecurity ratings giving us a false sense of security? While external scans offer valuable insights, relying on them alone often misses critical internal vulnerabilities and human factors. In my experience, a more holistic approach is needed to truly understand supply chain risks.

What's worked for you in getting a comprehensive view of your security landscape?

#cybersecurity #supplychainrisk #securityleadership

Ready to take on the role of #CISO? Let us guide you through your first 100 days in this essential role with our talk track "New CISO," filled with expert insights and strategies to set you up for success.

#securityleadership #cybersecurity #CISOs

https://bfx.social/48EqXzZ

CISOs & cybersecurity leaders embrace Cyber Threat Intelligence as a pillar of an overall cybersecurity strategy. Invest in quality CTI sources, build a proactive threat intelligence program, & leverage it to strengthen your organization's defenses.

You're not just defending data; you're safeguarding the future

#Cybersecurity #CISO #ThreatIntelligence #InfoSec #CyberThreats #CyberDefense #CyberResilience #SecurityLeadership #ProtectYourBusiness #SecureDigitalFuture

https://www.udemy.com/course/building-cyber-threat-intelligence-capabilities/?couponCode=FCDFD322BD6CF54BA8C5

I wrote a blog post back in 2020 that's similar to what's happening to MGM right now. Specifically, I covered how to build a security program post-breach. If I were in charge of security at a casino right now, I would be taking a hard look at the threat model, risk assessments, defenses, and incident response.

I would also be thinking about what I covered in this blog post and the activities it takes to start moving in this direction.

#CasinoSecurity #CyberSecurity #Infosec #Ransomware #Breach #CISO #CIO #ThreatModel #SecurityLeadership #incidentresponse #informationsecurity

https://www.sans.org/blog/building-an-information-security-program-post-breach-part-i/

S3 Ep142: Putting the X in X-Ops - How to get all your corporate "Ops" teams working together, with cybersecurity correctnes... https://nakedsecurity.sophos.com/2023/07/06/s3-ep142-putting-the-x-in-x-ops/ #nakedsecuritypodcast #securityleadership #cybercrime #malware #podcast #privacy #hacking #devops #secops #x-ops #it

Serious Security: Vital cybersecurity lessons from the holiday season - Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and ... https://nakedsecurity.sophos.com/2023/01/04/serious-security-vital-cybersecurity-lessons-from-the-holiday-season/ #securityleadership #machinelearning #vulnerability #cryptography #cybercrime #dataloss #malware #podcast #linux

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond - The problem with anniversaries is that there's an almost infinite number of them every da... https://nakedsecurity.sophos.com/2022/12/30/naked-security-33-1-3-cybersecurity-predictions-for-2023-and-beyond/ #securityleadership #securitythreats #cybersecurity #vulnerability #morrisworm #mdr #nyd #nye

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text] - Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcri... https://nakedsecurity.sophos.com/2022/12/29/s3-ep115-true-crime-stories-a-day-in-the-life-of-a-cybercrime-fighter-audio-text/ #nakedsecuritypodcast #securityleadership #petermackenzie #ransomware #cybercrime #dataloss #malware #podcast #hacking #mdr

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text] - Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fa... https://nakedsecurity.sophos.com/2022/12/22/s3-ep114-preventing-cyberthreats-stop-them-before-they-stop-you-audio-text/ #securityleadership #threatprevention #securitysosweek #fraserhoward #cybercrime #sophoslabs #malware #podcast #sosweek

CISO Lens would like to share some positive news as the work year comes to a close for many. Every year, CISO Lens has acknowledged an individual (sometimes two) whose leadership made a notable contribution to our community and/or the wider security industry.
We have a policy of not ‘outing’ members, but sometimes members out themselves. This member has previously outed themselves, and that’s why we’re able to make this acknowledgement public.
Richard Johnson, the Group CISO at Westpac, has been one of the cornerstones of the CISO Lens community since we started eight years ago. And, while CISO Lens was created to draw people together to share experiences and better practices, Richard was already doing that years before we started.
The single most visible demonstration of leadership is when the people around a leader also step up. Through the years, Richard has developed the security leadership team at Westpac into the most stable, most enduring, most outward reaching and collaborative security team in Australia. All of Australia’s big four banks have extraordinary people, and Westpac’s is still acknowledged across the community for its constancy and enviable bench strength. That is one visible manifestation of Richard’s leadership.
Through Log4j, a year (and a lifetime!) ago, Richard’s team mobilised. As all great security teams do, Westpac ISG ensured they had their own metaphorical oxygen mask on, and then they reached out to assist others. This is how the security community works, and Westpac ISG was a force of nature in the face of an industry-wide challenge. It wasn’t just one or two people from Westpac ISG, it was a platoon of expertise, sharing, participating, reviewing, researching. Through our community’s response to Log4j, Westpac ISG was the linchpin.
People don’t rise to the level of their aspirations, they fall to the level of their training; and Westpac ISG - in that crucial moment – demonstrated what they were already capable of, and this was a testament to Richard’s leadership both for Westpac but also for the region.
We are delighted to acknowledge Richard Johnson as the CISO Lens Most Valuable Player for 2022.

#securityleadership #leadership #community #people #security #team #australia #leader #ciso #training #securityindustry #collaborationovercompetition #collaboration

Nadia Yousef (our New Zealand country manager) has produced an Incident Response Template and we're publishing it in the hope that it will help someone through having a bad day and prevent it from being a worse day.
#securityleadership #incidentresponse #template
https://www.cisolens.com/reports#h.a769cex3vkl

S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text] - Latest episode - security expert John Shier explains what the real-life cybercrime storie... https://nakedsecurity.sophos.com/2022/11/24/s3-ep110-spotlight-on-cyberthreats-an-expert-speaks-audio-text/ #securityleadership #securitythreats #cyberthreats #threatreport #law&order #johnshier #podcast #shier #mdr #xdr

Interested in cybersecurity? Join us for Security SOS Week 2022! - Four one-on-one interviews with experts who are passionate about sharing their expertise ... https://nakedsecurity.sophos.com/2022/09/21/interested-in-cybersecurity-join-us-for-security-sos-week-2022/ #securityleadership #securityevents #malware #sosweek #event

S3 Ep100.5: Uber breach – an expert speaks [Audio + Text] - Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't hav... https://nakedsecurity.sophos.com/2022/09/17/s3-ep100-5-uber-breach-an-expert-speaks-audio-text/ #securityleadership #dataloss #podcast

How to deal with dates and times without any timezone tantrums… - Heartfelt encouragement to embrace RFC 3339 - find out why! https://nakedsecurity.sophos.com/2022/09/09/hoe-to-deal-with-dates-and-times-without-any-timezone-tantrums/ #securityleadership #uncategorized #timezone #rfc3339

Traffic Light Protocol for cybersecurity responders gets a revamp - Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity... https://nakedsecurity.sophos.com/2022/08/05/traffic-light-protocol-for-cybersecurity-responders-gets-a-revamp/ #securityleadership #cybersecurity #research #mdr #mtr #tlp

How to celebrate SysAdmin Day! - I've just popped in to wish you all/The best SysAdmin Day! https://nakedsecurity.sophos.com/2022/07/29/how-to-celebrate-sysadmin-day/ #securityleadership ##sysadminday #sysadminday #saad