In this episode, we sit down with Federico Torreti, Senior Director of Product for AI & ML at Oracle, as he discusses the company’s latest partnership with xAI to bring the Grok 3 model to Oracle Cloud Infrastructure (OCI). Federico explores the importance of offering curated model choice to enterprises, emphasizing that there is no one-size-fits-all approach to AI solutions. He highlights the challenges organizations face in evaluating AI models, managing decision fatigue, and moving from experimentation to production. The conversation also covers the critical role of data security, privacy, and sovereignty when implementing AI, as well as Oracle’s differentiated approach to embedding AI across its entire technology stack.

Federico Torreti leads the vision, strategy, and delivery of generative AI services, enabling enterprises to build, deploy, and scale large language model applications on Oracle’s cloud platform. Prior to Oracle, he spent over 20 years at Amazon Web Services, Eaton Corporation, and Rolls-Royce, leading AI product teams and launching corporate ventures.

In this episode, we sit down with Kate Healy, Founder of Empowered Cyber, as she shares her insights on how to successfully engage and sell to CISOs. Kate highlights the challenges salespeople face in a market where traditional tactics, such as cold calls, unsolicited emails, and LinkedIn pitches, often fall flat and can damage long-term relationships. She emphasizes the importance of building genuine trust, creating value, and truly understanding a CISO’s unique challenges rather than launching straight into product pitches. Kate also discusses how effective sales strategies in Australia hinge on relationship-building and mutual respect, and offers practical advice on leveraging existing customer introductions, participating in industry events, and communicating with authenticity and transparency. She strongly advocates for marketing, PR, and sales teams to align more closely and for both sides, vendor and client, to treat each other with empathy, honesty, and a human-centric approach.

Awarded Australia’s Most Outstanding in IT Security 2024, Fellow of AISA, and Graduate Australian Institute of Company Directors, Kate is a distinguished cyber security executive with over 25 years global experience. She has served in influential roles including Interim CISO The Lottery Corporation, Head of Security Google Cloud ANZ, Head of Risk, Wholesale Banking, Standard Chartered Bank and has been a volunteer Board Director. This diverse experience positions her uniquely, having been both an operator and a vendor, she understands the industry from both sides. Kate brings not only deep expertise but also a passion for making this knowledge accessible to everyone through her company Empowered Cyber.

In this episode, we sit down with Jadee Hanson, Chief Information Security Officer at Vanta, as she explores whether compliance is simply a minimum standard or a strategic enabler in cybersecurity governance. Jadee shares insights on how compliance, when approached with transparency and accountability, can build customer trust and drive business success. She discusses the shift from outdated, manual audit practices to a model of continuous, automated compliance monitoring, emphasizing the efficiency and assurance provided by real-time controls. Jadee also highlights the importance of going beyond compliance “checkboxes,” advocating for proactive security measures, such as bug bounty programs and responsible disclosure processes, that strengthen organizational resilience.

In this episode, we sit down with Courtney Guss, Director of Crisis Response at Sempris, as she sheds light on why a crisis plan alone won’t always save organizations in moments of disruption. Courtney unpacks surprising research showing that despite 97% of organizations regularly planning and training for crises, 76% still suffer significant impacts during incidents. She discusses how misaligned training, outdated and irrelevant scenarios, and a “checkbox” mentality frequently undermine preparedness. Courtney emphasizes the need for organizations to tailor crisis exercises to their specific business context, practice more frequently in smaller, relevant groups, and prioritize adaptability with backup plans when things go awry. She also highlights the importance of having accessible contact information and robust communication channels, as well as clearly defined decision triggers and justifications for pivoting during an incident.

Courtney Guss, Semperis, Director of Crisis Management 

Courtney Guss brings over 20 years of experience in cybersecurity, crisis response, and business resilience. She began her career in the insurance and risk management sector, working with FEMA and the NFIP, where she developed a strong foundation in emergency preparedness and crisis communications before transitioning into cybersecurity leadership roles. 

Courtney has led cyber crisis management initiatives for a wide range of organizations, including global enterprises, government agencies, and Fortune 500 companies. She previously served as a senior consultant at IBM Security, where she specialized in cyber risk quantification using the FAIR framework and advised clients on regulatory compliance, incident response, and stakeholder management. 

Her work has included developing and running executive-level tabletop exercises, supporting ransomware recovery efforts, advising organizations on SEC, DORA, CCOP, and CIRCIA reporting obligations, and orchestrating cross-functional response plans to major incidents. Courtney is passionate about turning chaos into order and equipping teams with the clarity, tools, and playbooks they need to act decisively under pressure. 

KBI.Media is proud to announce a landmark partnership between KBKast, the flagship security podcast for leadership, and Vanta, the leading trust management platform.

In a dynamic and rapidly evolving media landscape, companies like Vanta are exploring innovative platforms to amplify their presence and impact. This partnership enables KBKast to:

With Vanta’s involvement, KBKast will introduce:

In this episode, we sit down with Graeme Neilson, Founder and Chief Research Officer at Siege, as he unpacks why the security industry often ignores the halting problem—a foundational concept in computer science that explains why software will always contain bugs and vulnerabilities. Graeme challenges the efficacy of awareness training programs, arguing that fundamental flaws in protocols like email and the complexity of software itself, not user behaviour, are the real culprits behind persistent cyber risks. The discussion explores the ongoing frustrations around password management and multifactor authentication, the dangers of concentrating credentials in cloud-based password managers, and the risks introduced by abstracted and AI-generated code. Graeme also emphasises that the true security challenge lies in managing identity—both human and machine—as digital systems become more pervasive and embedded in our daily lives, advocating for a move towards treating cybersecurity issues more like safety concerns in other industries.

Graeme was born in Scotland, learnt cracking, reverse engineering and security from the Internet. Emigrated to NZ in early 2000’s and was one of the founders of Aura Information Security (pen testing company and RedShield (web defence company). He has presented original offensive security research at many international conferences including Blackhat, H2HC, Troopers, Ruxcon and Kiwicon. Now he is head of research for Siege Ltd, an NZ based company specialising in testing denial of service and bot mitigations.

In this episode, we sit down with Kavitha Mariappan, Chief Transformation Officer at Rubrik, as she unpacks data protection and the critical importance of cyber resilience. Kavitha challenges the industry’s tendency to hyper-focus on prevention and detection, advocating instead for a holistic approach that integrates resilience and recovery as boardroom imperatives. She shares insights from Rubrik Zero Labs on the real-world challenges organizations face when recovering from ransomware attacks, and highlights the often-overlooked need to make backup, recovery, and risk mitigation a core part of business continuity and security strategy. The conversation covers the business impact of breaches—including monetary loss, reputational risk, and regulatory implications—while emphasizing the growing complexity of identity management in the age of AI and the need for interoperability between security domains. Kavitha also stresses the role of executive leadership in driving change and the importance of public-private collaboration to shape standards and frameworks for a secure digital future.

Kavitha Mariappan, Chief Transformation Officer, Rubrik

Kavitha leads Rubrik’s efforts to accelerate enterprise transformation and deepen executive engagement, with a focus on expanding Rubrik’s footprint across the Global 2000 and public sector decision-makers. She partners across the GTM organization, shaping Rubrik’s CXO narrative, championing value economics, and unlocking new revenue streams. Prior to Rubrik, Kavitha was EVP of Customer Experience & Transformation at Zscaler, where she built and scaled the company’s CXO and Transformation Practice. She holds a B.Eng. in Communication Engineering from the Royal Melbourne Institute of Technology, Australia, and an M.S. in Cybersecurity Risk and Strategy from NYU School of Law and Tandon School of Engineering.

In this bonus episode, KB sits down with Sunny Rao, SVP, Asia Pacific at JFrog, Craig Wilson, Principal Cloud Platform Engineer at Iress, and Tal Zarfati, Architect Lead at JFrog Security. Together they discuss how to strengthen software supply chain security, modernising infrastructure through cloud migration to overcome legacy constraints, and the CISA-MITRE CVE funding scare.

Sunny Rao, SVP, Asia Pacific at JFrog

Sunny Rao is SVP, Asia Pacific at JFrog and brings almost three decades of business management experience in information technology and enterprise software. Rao has vast experience and deep expertise in the global expansion of emerging technologies and is passionate about helping customers and partners enhance, secure, and accelerate their entire software supply chain with JFrog.

Craig Wilson, Cloud Platform Principal Engineer at Iress

Craig Wilson is a Cloud Platform Principal Engineer at Iress, where he focuses on cloud architecture and developer tools, and champions ‘shift-left’ practices to implement secure software delivery platforms.

Tal Zarfati, Architect Lead, JFrog Security

Tal Zarfati is the Architect Lead at JFrog Security, bringing over 20 years of expertise in software engineering and cybersecurity. With a strong background in leading R&D teams focused on Supply Chain security, he has since spearheaded the development of core SCA and SBOM capabilities and owned the JFrog OSS Catalog product, leading multiple teams to bring it to life.

In this episode, we sit down with Paul O’Rourke, Chief Risk Officer at TabCorp, as he explores the evolving function of the Chief Risk Officer (CRO) and what it means for organizations today. Paul highlights the growing necessity for CROs to possess deep technology and cyber risk skills, emphasizing that these competencies are rapidly becoming non-negotiable in tech-reliant industries. He reflects on the historical divide between business and tech risk functions, the importance of alignment and integrated approaches such as fusion centers, and how risk professionals must now balance traditional domains with new challenges like cybercrime, AI, and rapidly emerging threats.

Paul O’Rourke commenced as Chief Risk Officer in June 2024.

Paul brings a great depth of experience in risk management, including with respect to cybersecurity and technology risk management.

Prior to joining Tabcorp, Paul was Managing Director and Partner of Boston Consulting Group where he led their Global Cyber and Digital Risk practice, and was also the Australian Risk Leader.

He was previously the Global and Asia Pacific Cybersecurity Leader at PwC, and was Chief Information Security Officer of ANZ Bank Limited.

Paul holds a Bachelor of Commerce (Economics) and is a Graduate Member of AICD.

In this episode, we sit down with Chuck Herrin, Field CISO and Customer Advocate at F5, as he unpacks the evolving threat landscape around APIs and AI in today’s organizations. Chuck explores how APIs have transformed from simple plumbing into the primary attack surface, often outpacing defenders due to historic silos between security and development teams. He highlights the acceleration of vulnerabilities and the widening gap created by tech debt, skill shortages, and the relentless push for innovation. Chuck also discusses the enormous pressure businesses face to adopt AI rapidly, often at the expense of security, and emphasizes the importance of leadership, board-level engagement, and foundational policy shifts to balance speed and safety.

Chuck Herrin is the Field CISO of F5. Prior to F5, Chuck was the CTO of Wib, an API security firm that created the second generation of API security solutions designed from the ground up to provide end to end visibility, testing, and context to discover, test, and secure all APIs across a customer ecosystem. Prior to Wib, Chuck spent 19+ years as a CISO in financial services and banking, including SVP and Head of IT Security, Risk, and Compliance for all of AIG’s consumer-facing divisions and EVP and CISO of Texas Capital Bank prior to being named “Most Trusted Bank in America” by Newsweek in 2022.

A lifelong learner, Chuck holds a litany of industry certifications gathered over the last 25 years, as well as a bachelor’s degree in biology from Lenoir Rhyne University. When not traveling to events and customer locations, Chuck is based out of his ranch in North Dallas.