TechSpective Podcast Episode 144

 

Are you ready for the quantum revolution?

In the latest episode of the TechSpective Podcast, I diver into the fascinating world of post-quantum cryptography (PQC) with Ted Shorter, CTO of Keyfactor. Together, we unpack the urgency, complexity, and far-reaching implications of the transition to quantum-resistant cryptographic standards.

The Challenges of Transition

Transitioning to PQC is no small feat. Ted highlighted that this shift is more complex than past cryptographic changes, such as moving from SHA-1 to SHA-2. Organizations must inventory their systems, assess dependencies on vulnerable algorithms, and adopt a mindset of crypto-agility. Legacy systems, IoT devices, and critical infrastructure add layers of difficulty, as many of these technologies lack the flexibility for rapid updates.

Highlights from the Conversation

Quantum Computers Explained: Unlike faster versions of today’s computers, quantum machines are a unique breed, designed to excel in certain tasks—like breaking widely used cryptographic algorithms such as RSA and ECC.

The Clock is Ticking: With organizations like NIST and NSA pushing for quantum-resilient cryptography by 2030, businesses must act now to avoid being caught unprepared.

Why It Matters: From national security to corporate IP, data encrypted today could be vulnerable tomorrow. The “harvest now, decrypt later” approach underscores the need for immediate action.

Crypto-Agility is Key: Embracing flexibility in cryptographic systems ensures organizations can adapt to new standards as they emerge, reducing risks associated with legacy systems.

Compliance to the Rescue: While quantum computing may still feel distant to some, compliance mandates are forcing industries to tackle the issue head-on.

An Invitation to Learn More

Looking for deeper insights? Keyfactor’s Tech Days 2025 conference in March will feature an impressive lineup of speakers and sessions dedicated to PQC, security innovation, and more. Held in sunny Miami, this event is the perfect opportunity to engage with experts and peers while soaking in some rays (and perhaps a piña colada).

Don’t miss this compelling conversation—available now on the TechSpective Podcast. Tune in to stay ahead of the quantum curve and future-proof your cybersecurity strategy.

TechSpective Podcast Episode 143

 

The latest episode of the TechSpective Podcast brings a dynamic and insightful conversation with Gianna Whitver, co-founder and CEO of the Cybersecurity Marketing Society. Gianna sheds light on the unique challenges of cybersecurity marketing, the role of artificial intelligence in the industry, and exciting developments for CyberMarketingCon.

The Origins of the Cybersecurity Marketing Society

Gianna begins by sharing the inspiring backstory of how the Cybersecurity Marketing Society was born. In 2020, she and her co-founder Maria recognized the struggles that many marketers face when transitioning into cybersecurity—a space loaded with jargon, acronyms, and a deeply technical audience. What started as a private Slack group of 10 friends has now grown into a vibrant community with over 3,500 members representing 1,000 companies. The Society provides marketers with a platform to share insights, resources, and strategies to overcome the complexities of the cybersecurity industry.

Gianna highlights how the Society fosters collaboration and mentorship, especially for marketers coming from non-technical backgrounds. With a focus on community building and professional development, the Society has become a hub where members can navigate the nuances of marketing to security professionals, who are often skeptical and highly discerning due to the nature of their roles.

Navigating the Challenges of Cybersecurity Marketing

One of the key themes of our conversation is the difficulty of breaking through the noise in cybersecurity marketing. Gianna discusses the critical balance between technical expertise and storytelling—an approach that resonates deeply with the highly specific needs of security buyers. As she explains, “A security engineer on your marketing team is like a secret weapon,” providing valuable insights that can be paired with marketing expertise to create compelling and targeted campaigns.

We also touch on how cybersecurity marketing has evolved over the years and discuss the tendency for companies to slash marketing budgets during economic downturns, a move we both agree is short-sighted. Marketing, we argue, is a long-term investment in brand building, trust, and audience connection—essential for maintaining relevance in a competitive market.

AI: Friend or Foe for Marketers?

A major topic of discussion is the growing role of artificial intelligence in marketing. We explore both the benefits and drawbacks of AI tools like ChatGPT, MidJourney, and others. While AI has been a game-changer for small marketing teams, enabling them to produce more content efficiently, it has also led to what Gianna calls a “sea of sameness.” Marketers who rely too heavily on AI without adding a human touch risk producing generic, formulaic content that fails to stand out.

The conversation also delves into how AI might replace certain jobs in marketing while simultaneously creating new opportunities. I share my vision of AI evolving as a collaborative tool—allowing marketers to spend less time on mundane tasks and more on creative, strategic initiatives. Both agree that developing a unique brand voice and storytelling approach will become even more critical as AI becomes more pervasive.

Why You Should Tune In

Whether you’re a seasoned cybersecurity marketer or someone new to the field, this podcast episode is packed with actionable insights. From leveraging AI effectively to breaking through skepticism in security audiences, we cover a wide range of topics relevant to today’s marketing landscape.

Listen to the TechSpective Podcast now and discover how you can elevate your marketing game in this challenging yet rewarding industry.

TechSpective Podcast Episode 142

 

Ajit Sancheti, General Manager of NG-SIEM at CrowdStrike recently joined me for an episode of the TechSpective Podcast. With years of experience in cybersecurity and as a co-founder of Preempt Security, Ajit brings a unique perspective on how the Security Operations Center (SOC) is evolving to meet today’s challenges—and what lies ahead for the industry.

We covered a lot of ground in this episode, focusing on the growing pressures facing SOC teams and how CrowdStrike is leading a transformation to make analysts’ lives easier, more productive, and more focused on meaningful security tasks. One of the biggest challenges SOC analysts face today is what’s known as “Swivel Chair Syndrome”—the need to bounce between multiple screens, tools, and platforms just to assess and respond to threats. Ajit shared how this repetitive, fragmented work takes a toll, not just in terms of efficiency, but on the morale and long-term retention of cybersecurity professionals.

So, what’s the solution? Ajit dives into CrowdStrike’s innovative approach, from leveraging AI to simplify workflows to implementing automation that frees up analysts to focus on the big picture. Rather than replacing analysts, CrowdStrike is using AI to reduce mundane, repetitive tasks so that the human talent in the SOC can focus on higher-level strategic thinking. It’s all part of an effort to reimagine the SOC as a place where analysts can do their best work without burning out—a vision that is resonating across the cybersecurity industry.

Ajit also shares his thoughts on the future of the SOC, where AI and human expertise come together to create a more resilient and proactive security operation. This episode offers fresh insights for anyone interested in how cybersecurity is adapting to a more dynamic, cloud-based, and hybrid working world—and what it takes to stay ahead in an environment where attackers are moving faster than ever.

For a fascinating look at the future of cybersecurity, listen to this episode of the TechSpective Podcast. Whether you’re a SOC analyst, a cybersecurity leader, or simply interested in the evolving role of AI in security, this conversation with Ajit Sancheti offers valuable takeaways on what’s next for the industry.

TechSpective Podcast Episode 141

 

I had the pleasure of speaking with Devansh Sharma, Senior Security and Compliance Product Owner at Adobe, about a game-changing approach to security and compliance: Adobe’s Common Controls Framework (CCF). If you’ve ever been overwhelmed by the complexity of navigating multiple regulatory standards—PCI, HIPAA, SOX, you name it—this episode is packed with insights you won’t want to miss.

What is Adobe’s Common Controls Framework (CCF)?

CCF is Adobe’s answer to the growing complexity of managing compliance. Devansh explains how CCF simplifies and unifies security and compliance controls into a single, cohesive framework. Instead of treating each regulatory requirement separately, Adobe created a Venn diagram of overlapping standards and boiled it down to the essentials. This approach allows Adobe to meet over 4,300 different security control requirements while reducing the actual number of controls to just over 300.

In essence, Adobe is ensuring that by meeting the strictest standard in the bunch, they automatically cover all other requirements. This level of efficiency is invaluable in today’s complex regulatory landscape, especially as organizations scale and acquire new products.

Security Should Drive Compliance

One of the central themes Devansh stresses in our conversation is that compliance should not just be about checking boxes. Rather, it should be security-first, with compliance as a natural byproduct of strong security practices. If an organization focuses on securing its systems, compliance will follow. However, the reverse isn’t true—merely being compliant doesn’t mean you’re secure.

By embedding security into the core of Adobe’s CCF, the company ensures that it isn’t just meeting regulatory requirements, but genuinely reducing risks.

Automation and AI Powering the Future

It wouldn’t be an Adobe conversation without touching on the future of AI. Adobe is increasingly incorporating automation into compliance testing, reducing the need for manual processes and ensuring continuous, real-time compliance. Devansh gives us a glimpse of where the industry is headed with automation tools that scan cloud configurations and alert teams to security gaps across thousands of accounts—all without human intervention.

Imagine automating 100% of compliance checks instead of relying on a sample-based approach. AI and machine learning are not only set to revolutionize Adobe’s internal processes but could also be a game-changer for how other organizations approach security and compliance.

Tackling Emerging Threats

While the CCF helps Adobe manage compliance and security, Devansh highlights emerging threats that every organization should be preparing for, including supply chain vulnerabilities and AI-driven phishing attacks. As the world becomes more interconnected, it’s not enough to focus only on internal security. Protecting your organization means ensuring the security of vendors and third parties as well.

Why This Matters: Scaling Security and Building Trust

A particularly compelling part of the conversation is how Adobe’s CCF fosters transparency and builds trust with customers. By open-sourcing the CCF and continuously engaging with customers and external auditors, Adobe demonstrates its commitment to proactive compliance. Customers and partners can see exactly how Adobe is protecting their data and complying with global regulations.

Adobe’s proactive approach also helps reduce “compliance fatigue” within the organization. By embedding compliance within the SDLC (Software Development Lifecycle), product teams aren’t bogged down by the complexities of meeting different regulations—they build compliant products from the start.

Want to Learn More?

If you’re looking for ways to simplify your organization’s compliance or if you’re curious about how AI and automation are transforming security, this episode is a must-listen. Devansh Sharma offers unique insights into how ...

TechSpective Podcast Episode 140

 

I recently sat down with Jason Fruge, CISO-in-residence at XM Cyber, for an engaging discussion about one of the most critical shifts happening in cybersecurity today: Continuous Threat Exposure Management (CTEM). If you’ve been frustrated by the limitations of traditional vulnerability management, this episode is for you.

Moving Beyond Legacy Vulnerability Management

Jason explains how CTEM revolutionizes the outdated "patch and pray" approach. Instead of relying on periodic scans and CVSS scores, which often miss the bigger picture, CTEM introduces a dynamic, continuous model that tracks how vulnerabilities interact across systems, networks, and users. It’s no longer about simply patching the most severe vulnerabilities—it’s about understanding how they create exposure and potential attack paths.

XM Cyber: Leading the Way in CTEM

While many vendors may claim to offer CTEM solutions, few deliver on the complete promise. XM Cyber, as Jason explains, is one of the few platforms that maps to all five stages of CTEM—from identifying exposures to validating potential attack paths, and even mobilizing security teams with actionable insights.

Unlike other tools that only address one aspect of the CTEM process or force organizations to piece together incomplete solutions, XM Cyber provides a holistic approach. Their innovative use of a digital twin creates a safe testing environment where real-time pen testing can occur without impacting live systems, ensuring security teams have up-to-the-minute intelligence on their exposure.

Why It Matters

Jason highlights how XM Cyber stands apart by not just offering visibility into vulnerabilities but showing the exact "choke points" in your network—areas that, if exploited, could cause the most damage. This allows security teams to prioritize fixes that drastically reduce overall risk, without getting bogged down in low-impact vulnerabilities.

With XM Cyber, organizations have a powerful tool that integrates seamlessly with existing security infrastructure. Its AI-powered capabilities enhance threat detection, providing intuitive, data-rich prompts that guide security teams to the most critical issues—saving time and preventing security fatigue.

Tune In for More Insights

Whether you’re a security leader looking to optimize your vulnerability management or simply want to stay ahead of evolving cybersecurity trends, this episode provides deep insights into the future of CTEM. We also discuss the growing role of AI in security and how XM Cyber’s forward-thinking approach is shaping the next generation of threat exposure management.

Don’t miss out—listen to the full episode now and discover how XM Cyber can help your organization stay ahead of the game.

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.

TechSpective Podcast Episode 139

 

In the latest TechSpective Podcast, I had the pleasure of speaking with Wilson Tang, a Machine Learning Engineer on Adobe’s threat hunting team. Our conversation delved into one of the most exciting and critical areas of technology today—how artificial intelligence (AI) and machine learning (ML) are reshaping cybersecurity.

Wilson brings a unique perspective, having transitioned from traditional software engineering to focus on ML applications in security. Throughout the podcast, we explored how Adobe leverages ML to detect and mitigate threats that traditional, rules-based methods might miss. One standout example is Adobe's use of anomaly detection in identifying suspicious logins by establishing baseline behaviors for each user—an approach far more scalable and flexible than older security techniques.

We also touch on the growing significance of large language models (LLMs), like ChatGPT, in cybersecurity. While these models have generated a lot of hype, Wilson emphasizes their best use cases, such as process improvements and AI assistance, while warning against over-relying on them for complex decision-making tasks. The conversation also highlights the environmental challenges posed by AI's energy consumption, a hot topic in tech circles today.

For anyone curious about the future of cybersecurity, AI, and ML, this episode offers valuable insights from someone at the forefront of this evolving field. We discuss not just what’s happening now but also where technology is headed—including the potential game-changing role of quantum computing in the years to come.

Tune in to this episode of the TechSpective podcast to hear how Adobe is using cutting-edge ML technologies to stay ahead of cyber threats, and what Wilson sees on the horizon for AI in cybersecurity. Whether you're a security professional or just interested in the intersection of AI and cybersecurity, this episode is a must-listen. The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.

Don’t miss out—click below to listen and join the conversation!

TechSpective Podcast Episode 138

 

Cloud environments have transformed the way organizations operate, but they’ve also introduced new challenges for cybersecurity teams. In the latest episode of the TechSpective Podcast, I sit down with Eyal Fisher, CPO of Sweet Security, to dive deep into the evolving landscape of cloud security and the innovative solutions needed to stay ahead of threats.

Tackling Cloud Security’s Unique Challenges

Cloud environments are massive, dynamic, and present a much larger attack surface than traditional on-premises setups. This complexity makes real-time threat detection particularly difficult. As Eyal Fisher explains, traditional security tools designed for endpoints or on-prem environments struggle to scale effectively in the cloud. The key is understanding the unique nature of cloud infrastructure and using technologies that are purpose-built for it.

eBPF and Runtime Detection

One of the highlights of the conversation is how Sweet Security leverages eBPF (Extended Berkeley Packet Filter) technology to gather deep insights into cloud environments without complex deployment processes. Eyal emphasizes that detecting threats in runtime — while the cloud environment is active — is crucial to pinpointing real risks amidst the noise generated by everyday operations.

Addressing Non-Human Identities

Another critical issue is the explosion of non-human identities in cloud environments. These include APIs, machine-to-machine interactions, and service-to-service communications. Traditional identity security methods, like multi-factor authentication, focus on human users and miss the majority of risks. Eyal outlines how Sweet Security’s runtime approach helps prioritize non-human identities that need immediate attention based on actual behavior.

AI and the Future of Cybersecurity

AI is transforming the cybersecurity industry, and Sweet Security is at the forefront of using AI and Large Language Models (LLMs) to improve cloud defenses. Fisher shares how AI helps their solution analyze environments, reduce response times, and even assist SOC teams in investigating incidents more effectively.

A Holistic Approach to Cloud Defense

What sets Sweet Security apart is their all-layer defense strategy. Unlike other solutions that focus on either the infrastructure, cloud, or application layer, Sweet covers all three. This comprehensive approach ensures threats can be detected no matter where they originate — from the application layer down to the cloud infrastructure.

Tune in to the full episode to learn more about how runtime detection, non-human identity security, and AI are reshaping the way organizations approach cloud security. The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.

TechSpective Podcast Episode 137

 

I recently had the pleasure of sitting down with Sven Krasser, Chief Scientist and SVP of AI and R&D at CrowdStrike, to dive into the fascinating ways artificial intelligence (AI) is reshaping the cybersecurity landscape. If you're interested in how AI is empowering defenders while also being a tool for attackers, this episode is a must-listen.

The Evolution of AI in Cybersecurity

AI and machine learning have been crucial components in cybersecurity for years, but with the advent of generative AI, like ChatGPT, the game has changed. According to Sven, generative AI has allowed organizations to accelerate workflows, streamline documentation, and provide intelligence analysts with unprecedented access to large data sets. Tools like CrowdStrike’s Charlotte AI are at the forefront of this transformation, enabling security teams to quickly analyze complex attack graphs and detect emerging threats faster than ever before.

Democratizing Cybersecurity with AI

One of the most exciting aspects of AI discussed in this episode is how it democratizes access to cybersecurity expertise. With tools like Charlotte AI, even junior analysts can operate at higher efficiency levels by interacting with these advanced systems in natural language. This removes the need for deep technical knowledge of complex query languages, making cybersecurity tools accessible to a broader range of users.

The Double-Edged Sword of AI

Of course, with great power comes great responsibility. Sven also discussed the double-edged sword of AI in cybersecurity. While it’s helping defenders stay ahead, it’s also being exploited by attackers. AI is making it easier for bad actors to craft more convincing phishing attacks or find vulnerabilities in systems. However, Sven remains optimistic, noting that AI provides defenders with more significant advantages by enabling them to process vast amounts of data quickly and respond to threats in real-time.

What’s Next?

As AI continues to evolve, CrowdStrike is staying at the cutting edge of innovation. Sven highlighted the importance of security by design in AI platforms, ensuring that systems like Charlotte AI are not only powerful but also safe, secure, and compliant. He’s hopeful about the future, sharing that AI will help defenders stay ahead of the increasingly sophisticated threats posed by cyber adversaries.

If you’re curious about how AI is reshaping cybersecurity and what the future holds, be sure to check out this episode. You’ll walk away with a greater understanding of how AI is empowering defenders and why the future of cybersecurity is one of cautious optimism.

Tune in to the full episode to learn more about the design choices and challenges specific to cybersecurity and best practices for integrating GenAI into security frameworks. The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.

TechSpective Podcast Episode 136

 

There’s one area that often flies under the radar, yet poses a critical cybersecurity threat to organizations: non-human identities. These programmatic access credentials—like API keys and service accounts—are the invisible lifeblood of today’s automated systems, yet they are also a major vulnerability.

In this episode of the TechSpective Podcast, Itzik Alvas, co-founder and CEO of Entro Security, joins me to delve into the hidden world of non-human identity management. Drawing from his extensive experience, including multiple real-world breaches, Itzik sheds light on why these identities are often overlooked, how they can be exploited, and what organizations can do to protect themselves.

But it’s not just about identifying the problem. Itzik also shares innovative strategies and tools that Entro Security is deploying to help companies get a handle on their non-human identity sprawl, and how these solutions are becoming essential as businesses increasingly rely on automation, AI, and microservices.

Curious about what non-human identities are and why they’re such a big deal? Want to learn how to protect your organization from the hidden dangers lurking in your infrastructure? Tune in to this eye-opening conversation—it’s one you won’t want to miss.

Tune in to the full episode to learn more about how Entro Security and how to solve the challenge of managing secrets and non-human identities. The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.

TechSpective Podcast Episode 135

 

In the latest episode of the TechSpective Podcast, I had the pleasure of sitting down with Guy Guzner, co-founder and CEO of Savvy Security. With nearly three decades of experience in cybersecurity, Guy shares his insights into the rapidly evolving landscape of digital threats, particularly in the context of SaaS (Software as a Service) applications.

The conversation dives deep into the challenges that modern organizations face as they navigate the complex world of SaaS sprawl. As businesses increasingly rely on SaaS solutions to drive productivity and innovation, the risks associated with identity management and security grow exponentially. Guy explains how identity has become the new perimeter in this cloud-first world, and why traditional security approaches are no longer sufficient to protect sensitive data and critical systems.

One of the key themes of the episode is the balance between security and user experience. Guy and I discuss how security tools can either empower or hinder users, and why it's crucial for security solutions to be both effective and seamless. We also touch on the importance of automation and visibility in managing the sprawling IT environments that are now the norm for many organizations.

If you're interested in the future of cybersecurity and how to stay ahead in a constantly changing threat landscape, this episode is a must-listen. Guy brings a wealth of knowledge to the table, offering practical insights and forward-thinking strategies that will resonate with anyone involved in protecting their organization's digital assets.

Tune in to the full episode to learn more about how Savvy Security is tackling these challenges head-on and what steps you can take to secure your SaaS environment effectively. The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.