I finally got around to writing a follow-up to my previous blog post that was triggered by Patrick Opet's open letter, regarding the tradeoff organizations make: sacrificing foundational security for business velocity.

In this post, fueled by conversations I had at Identiverse, I explore how we can change that, by trying to answer the real question: Why aren’t we building secure-by-design systems, even when we know how? Spoiler: It's about incentives.

Check it out and let me know your thoughts.

https://blog.talkingidentity.com/2025/06/secure-by-design-has-an-incentive-problem.html

#SecureByDesign #RSAC2025 #CyberSecurity #ZeroTrust #Identiverse2025 #IdentitySecurity #Incentives #SaaS #Compliance #RiskManagement

I just published my Trip Report from an amazing week at B-Sides SF and #RSAC2025! Highlights, photos, and everything in between — check it out here:
https://twp.ai/4in5Xh

#AppSec #BSidesSF #RSAC #Infosec

We also discuss Dustin’s new venture, Katilyst (https://twp.ai/9PSKjV), a new startup focused on empowering engineering teams to take ownership of security in a practical, scalable way.

#RSAC2025 #SecurityChampions #Katilyst #AppSec #DevSecOps

2/2

I just published my Trip Report from an amazing week at B-Sides SF and #RSAC2025! Highlights, photos, and everything in between — check it out here:
https://twp.ai/4inQiQ

#AppSec #BSidesSF #RSAC #Infosec

We also discuss Dustin’s new venture, Katilyst (https://twp.ai/9PSkCT), a new startup focused on empowering engineering teams to take ownership of security in a practical, scalable way.

#RSAC2025 #SecurityChampions #Katilyst #AppSec #DevSecOps

2/2

Principal Analyst Todd Thiemann's RSAC report offers interesting insights on the future of cybersecurity, spotlighting secure access.

The article highlights the vital role of specialized tools for enterprises, with passbolt recognized for secure collaboration and credential sharing.

Read more here: : https://www.techtarget.com/searchsecurity/opinion/RSAC-2025-Conference-Identity-security-highlights

#RSAC2025 #Cybersecurity

Always a pleasure spending time with Rob Allen and the whole ThreatLocker team - virtually or in person (better!!!) 😬

🎙️✨ Why Simplicity Might Be the Missing Ingredient in Your #ZeroTrust Strategy | An ITSPmagazine Brand Story with Rob Allen from ThreatLocker | #RSAC2025

At #RSAC Conference 2025, the ThreatLocker booth didn’t need flashing lights or gimmicks. Just a live PowerShell attack, a rubber ducky, and a crowd watching real protection in action. That’s how you cut through the noise.

In this Brand Story episode, Sean Martin, CISSP and Marco Ciappelli talk with Rob Allen, Chief Product Officer at ThreatLocker, about why Zero Trust doesn’t need to be complicated to be effective. Instead of piling on tools, Rob explains why proactive control, vendor consolidation, and human connection are the real differentiators.

🙌 Huge thanks to #ThreatLocker for sponsoring our RSA Conference 2025 coverage and supporting meaningful conversations like this one.

🎥 Watch the episode: https://youtu.be/pPZ2VEeTdBo

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/why-simplicity-might-be-the-missing-ingredient-in-your-zero-trust-strategy-a-brand-story-with-rob-allen-from-threatlocker-an-rsac-conference-2025-post-event-brand-story

📝 Read the full article: https://www.itspmagazine.com/their-stories/from-reactive-to-proactive-building-guardrails-that-actually-protect-a-brand-story-with-rob-allen-from-threatlocker-an-on-location-rsac-conference-2025-brand-story-8m334

We’re still reflecting on RSAC 2025 — and this conversation reminded us that sometimes, the simplest solutions are the most powerful.

🔜 Next stop: Infosecurity Europe 2025 in London!
Follow our coverage as it unfolds — and if you’re a cybersecurity company attending the show, reach out to connect with us on site. Let’s keep the conversations going.

#cybersecurity, #zerotrust, #RSAC2025, #ThreatLocker, #infosec, #endpointsecurity, #brandstory, #threatprevention, #vendorconsolidation, #itspmagazine, #infosecurityeurope2025, #infosecurityeurope

🎙️✨ Why #Community Could Be the Strongest Defense in #Cybersecurity
An ITSPmagazine Brand Story with Rob Clyde from ISACA | #RSAC2025

In the rush to cover #AI, #cryptography, and quantum threats, it’s easy to forget that the cybersecurity profession is—above all else—human. That’s exactly why this conversation with Rob Clyde, Board Director at ISACA, stood out during Sean Martin, CISSP and Marco Ciappelli's post-event reflections from #RSAC Conference 2025.

This Brand Story goes beyond the headlines, diving into the real issues affecting our industry: burnout, mental health, the shrinking sense of community, and the looming threat of quantum risk. Rob shares why ISACA continues to prioritize connection, education, and support at every stage of a professional’s journey.

🙌 A big thank you to ISACA for sponsoring our RSAC 2025 coverage. Your support helped make conversations like this possible.

🎥 Watch the episode: https://youtu.be/iw6MAwP8VA4
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/why-community-could-be-the-strongest-defense-in-cybersecurity-a-brand-story-with-rob-clyde-from-isaca-an-rsac-conference-2025-post-event-brand-story
📝 Read the full article: https://www.itspmagazine.com/their-stories/from-certification-to-confidence-the-future-of-cybersecurity-starts-with-the-first-job-a-brand-story-with-jamie-norton-from-isaca-an-on-location-rsac-conference-2025-brand-story-aarlh

We’re still looking back at #RSAC2025 — and we’re also getting ready for Infosecurity Europe. Stay tuned.

#infosecurity #infosec #ISACA #quantum #mentalhealth #community #technology #brandstory #itspmagazine #infosecurityeurope2025 #tech #education

As we look ahead to Infosecurity Europe, we’re also taking a moment to look back — just a bit more — on what made #RSAC2025 such a powerful event.

🎙️ In this Brand Story conversation recorded on the show floor, I met once more with Steve Schlarman, to hear the Archer Integrated Risk Management perspective on the current state and future direction of #risk, #compliance, and #AI in #cybersecurity.

💡 From regulatory complexity and AI-driven policy generation to the challenge of translating risk data into business decisions — this episode is packed with grounded insights and real-world applications.

▶️ Watch the video: https://youtu.be/7c6kKbwlfgE

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/why-ai-needs-context-not-just-hype-a-conversation-with-steve-schlarman-senior-director-product-management-at-archer-an-rsac-conference-2025-post-event-brand-story

📝 Read the article: https://www.itspmagazine.com/their-stories/from-overhead-to-advantage-turning-compliance-into-a-strategic-asset-a-brand-story-with-steve-schlarman-from-archer-an-on-location-rsac-conference-2025-brand-story

🙏 And once again — a huge thank you to Archer for sponsoring our #RSAC 2025 coverage and helping us bring conversations like this to life.

🎧 Missed any of our RSAC 2025 episodes? Catch them all here: https://www.itspmagazine.com/rsac25

🎯 Want to meet us at Infosecurity Europe and tell your story with ITSPmagazine? 👉 https://www.itspmagazine.com/infosec25 or just DM me (Marco Ciappelli) or Sean Martin, CISSP

#RSAC2025 #Cybersecurity #BrandStory #ITSPmagazine #InfosecurityEurope #GRC #RiskManagement #AI #Compliance #CyberRisk #EventCoverage #Archer #SteveSchlarman #MarcoCiappelli

A panel at #RSAC2025 prompted me to examine more closely the legal risks CISOs face based on their conversations about cyber incidents.

Check out my latest CSO piece that offers four ways CISOs can limit the legal liability of their communications.

Many thanks to SolarWinds' Tim Brown for sharing insight based on his experience.
https://www.csoonline.com/article/3988361/4-ways-to-safeguard-ciso-communications-from-legal-liabilities.html

At the recent #RSAC2025 conference, LMG Security's @sherridavidoff and @MDurrin drew packed crowds with their sessions on how hackers use AI to exploit stolen source code and a hands-on tabletop lab exploring deepfake cyber extortion.

We’ve received a lot of inquiries about these sessions! If you couldn’t attend RSA and you're interested in these topics, we also offer custom training and tabletop exercises to help your team prepare for the next generation of AI-powered cyber threats.

Contact us to learn more: https://www.lmgsecurity.com/contact-us/

#Cybersecurity #AIsecurity #AI #TabletopExercises #CISO #Infosec #RiskManagement #IT #Deepfake #CIO #DFIR #ITsecurity

JPMorganChase CISO Patrick Opet’s open letter at #RSAC2025 called out the security debt in SaaS + cloud. The message: we’re trading foundational security for speed, and it’s catching up to us.
My take: It's not a standards problem. It’s a will problem.
#identity #Infosec #SaaS #ZeroTrust #Security
https://blog.talkingidentity.com/2025/05/the-innovation-we-need-is-strategic-not-technical.html

This Newsletter Is About #RSAC... But Our Heads Are Already in London

From San Francisco to London, via Barcelona: Stories Told, Stories Coming...

We just wrapped another incredible RSA Conference — and yes, this newsletter is all about that. But if you know us (and many of you do), our minds are already across the pond.

Because you know what’s coming next.

That’s right. Infosecurity Europe 2025. London. ExCeL.

And us — Sean Martin, CISSP and Marco Ciappelli — with our mics, cameras, and a ton of curiosity.

We’ve been media partners for #InfosecurityEurope since 2017, and every year we do our thing: record in and around the venue, wander the city, capture the vibe. Whether it’s the Thames, Big Ben, Abbey Road, St. Paul’s, the National Gallery, or Carnaby Street — we’ll be there, filming on location and sharing it with you.

And of course, we’ll also be deep in the #cybersecurity conversations shaping Europe — with podcast interviews, video briefings, and candid chats that explore where tech and society meet.

We’ll keep you in the loop every step of the way.

But let's talk some more about #RSAC2025 ... click below, read, share - you know what to do! 😊

https://www.linkedin.com/pulse/newsletter-rsac-our-heads-already-london-itspmagazine-savpc/

#infosec #tech #infosecurity #technology #society #appsec #owasp

Monday news from ITSPmagazine 🙂 #happymonday!

Join Marc Manzano, Sean Martin, CISSP and me on this week SandboxAQ Webinar!

After an incredible conversation with Marc on the #RSAC floor in San Francisco — where Sean and I used every second of our time and still had more to explore — I knew the #Sandbox Story couldn’t stop there.

If you missed that on-location episode from #RSAC2025, catch it here:

👉 Security at the Edge of Change – A Brand Story with Marc Manzano from SandboxAQ

https://www.itspmagazine.com/their-stories/security-at-the-edge-of-change-preparing-for-the-cryptographic-and-ai-tipping-point-a-brand-story-with-marc-manzano-from-sandboxaq-an-on-location-rsac-conference-2025-brand-story

Now, we’re keeping the momentum going with a live ITSPmagazine webinar you don’t want to miss — and I won’t either. 🤘😬

🔐 How To Detect And Mitigate Non-Human Identity And Cryptographic Vulnerabilities | An ITSPmagazine Webinar with SandboxAQ

Join Marc, Sean, and me as we dig deeper into how SandboxAQ is tackling one of today’s most urgent security challenges.

Unmanaged cryptographic assets and non-human identities have left security teams blind to critical risks. These gaps have fueled vulnerabilities, breaches, compliance challenges, and operational drag across enterprise environments.

By attending, you’ll:

🔸 Gain visibility into cryptographic assets and non-human identities like API keys, certificates, and service accounts

🔸 See how #AQtiveGuard enables automated discovery, threat detection, and root cause analysis without disrupting workflows

🔸 Learn how to future-proof your security with Post-Quantum Cryptography readiness and AI-powered #SecOps

📌 Learn more:

👉 https://www.itspmagazine.com/itspmagazine-webinar-calendar/how-to-detect-and-mitigate-non-human-identity-and-crytographic-vulnerabilities-an-itspmagazine-webinar-with-sandboxaq

📅 REGISTER NOW:

Can’t attend the live webinar? All registrants get exclusive access with a link to rewatch the recording.

👉 https://www.crowdcast.io/c/how-to-detect-and-mitigate-non-human-identity-and-crytographic-vulnerabilities-an-itspmagazine-webinar-with-sandboxaq

Share the news and join us!

See you live on Thursday!

#infosec

#cybersecurity

#technology

#tech

#infosecurity

#AIsecurity

#postquantum

#cryptography

#identitymanagement

#webinar

Michael Matchett with Small World Big Data and Seth Goldhammer of #Graylog had a chance to talk about unified log management, #SIEM, and API security at #RSAC. 📺 Watch as they get into the details of:

🔎 API endpoint discovery
👍 How to ensure that users are using AI in a responsible manner
📊 Graylog data management capabilities and leveraging a secondary data lake
⚠️ The Graylog asset risk model
🚫 Eliminating tradeoffs so that you can collect ALL the data and turn on ALL the threat detections
🔮 What's coming next for #cybersecurity and #AI

https://www.truthinit.com/index.php/video/3675/graylog-your-logs-are-talking-are-you-listening/# #RSA #RSAC2025 #APIsecurity

Every vendor I saw using obviously AI generated art in their presentations at #rsac2025 goes to the round filing basket.

I just published my Trip Report from an amazing week at B-Sides SF and #RSAC2025! Highlights, photos, and everything in between — check it out here:
https://shehackspurple.ca/2025/05/09/rsac2025/

#AppSec #BSidesSF #RSAC #Infosec

Photos from the Roundtable discussion on "ROI Driven Cyber Defense" at @AdversaryVillage in the RSAC Sandbox.
Bryson 🦄 Bort, SCYTHE
Ajit Hatti, PureID
ken kato, Kindo
Sebastian Cesario, BforeAI | The PreCrime™ Company
John Carse, SquareX
@rsaconference #AdversaryVillage #RSAC2025

Snaps from threat actor and ransomware emulation hands-on activity led by Abhijith B R
@AdversaryVillage Sandbox at #RSAC 2025
@rsaconference #AdversaryVillage #RSAC2025

Snaps from the panel discussion on 'Building Cyber Defenses to Withstand Sophisticated Cyber Adversaries' at @rsaconference 2025.
ken kato, Chief Security Officer at Kindo (WhiteRabbitNeo)
Vivek Ramachandran, Founder and CEO at SquareX
Jonathan Baker, Director at Center for Threat-Informed Defense, MITRE
Abhijith B R, Founder of Adversary Village, Head of Offensive Security Consulting at BreachSimRange
@rsaconference Sandbox at RSAC 2025
#RSAC2025 #ManyVoicesOneCommunity #AdversaryVillage