The ITSPmagazine Podcast

Archer is redefining what it means to manage governance, risk, and compliance in an environment defined by constant change. Steve Schlarman, Senior Director at Archer, has spent nearly two decades helping organizations understand why their traditional GRC approaches are falling short and what it takes to close the gap. The forces challenging organizations today are well known: velocity of change, volume of change, and the uncertainty that compounds both. What makes the problem acute is timing. Annual audit cycles and quarterly risk assessments produce reports that reflect a reality that has already shifted by the time decision makers see them. The result is drift between what GRC functions can see and what leadership actually needs to know, and every gap in that visibility carries potential exposure. Schlarman explains that this reactive posture is exactly what Archer is working to change. Rather than treating risk and compliance as periodic checkboxes, the goal is to build a program that runs continuously, projecting forward as the business expands into new jurisdictions, launches new products, or encounters emerging risks. What are the compliance obligations? How does exposure shift? Archer Evolv is designed to answer those questions in real time, keeping GRC moving alongside the business rather than scrambling to catch up. Central to Archer's strategy is AI applied with intention. Rather than deploying generic agents, Archer is building what Schlarman calls AI operators: focused, guardrailed tools designed specifically to solve GRC problems. That distinction matters because the complexity of risk and compliance work demands precision, not just automation. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Steve Schlarman, Senior Director, Archer | https://www.linkedin.com/in/steveschlarman/ RESOURCES Learn more about Archer and the Archer Evolv platform: https://www.archerirm.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Steve Schlarman, Archer, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, GRC, governance risk and compliance, adaptive GRC, integrated risk management, Archer Evolv, AI in GRC, risk management, compliance automation, enterprise risk, risk and compliance strategy Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Nobody decided to build a human-optional workflow — they just kept making reasonable procurement decisions, task by task, until the human became optional across hiring, contracting, finance, and security operations. Sean Martin traces what organizations have actually assembled, where accountability lives when it goes wrong, and why the regulatory window for getting ahead of it is closing faster than most leaders realize. In this edition of Lens Four, Sean Martin looks at the agentic AI landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter. 🔍 In this episode: Why organizations are building human-optional workflows one procurement decision at a time — without ever deciding to The five-task AI hiring pipeline and five-task AI legal contracting pipeline — real tools, real companies, real outcome data 375+ agentic AI vendors claiming the space, but only ~130 delivering genuine capability — and what that gap means for buyers Why "augment, not replace" is a strategy, not a description — and what the accountability gap it creates looks like when something goes wrong The agentic orchestration platform emerging from Nintex and Microsoft — and why it splits outcomes between deliberate orgs and accumulators The regulatory window that is open right now — and why it won't stay that way Fourth Lens: The vendors knew what they were building. The buyers didn't ask the right questions. The auditors haven't arrived yet. The organizations that use the remaining window to map what they've assembled — and make explicit decisions about what requires human judgment — will be positioned when the frameworks arrive. The ones that don't will discover that the workflow they built by default is not the workflow they would have chosen under scrutiny. 📖 Read the full Lens Four analysis on seanmartin.com: https://www.seanmartin.com/lens-four/task-by-task-workflows-handing-to-ai-one-decision-at-a-time 🎧 Listen to the Redefining CyberSecurity Podcast conversation with Edward Wu of Dropzone AI at Black Hat USA 2025: https://www.itspmagazine.com/their-stories/dropzone-ai-brings-agentic-automation-to-black-hat-usa-2025-a-drop-zone-ai-pre-event-coverage-of-black-hat-usa-2025-las-vegas-brand-story-with-edward-wu-founder/ceo-at-dropzone-ai 🎧 Listen to the Redefining CyberSecurity Podcast conversation with Subo Guha of Stellar Cyber at RSAC 2025: https://www.itspmagazine.com/their-stories/simplifying-cybersecurity-operations-at-scale-automation-with-a-human-touch-a-brand-story-with-subo-guha-from-stellar-cyber-an-on-location-rsac-conference-2025-brand-story 🎧 Listen to the Redefining CyberSecurity Podcast conversation with Subo Guha of Stellar Cyber at Black Hat 2025: https://www.itspmagazine.com/their-stories/stellar-cyber-revolutionizes-soc-cybersecurity-operations-with-human-augmented-autonomous-platform-at-black-hat-2025a-stellar-cyber-event-coverage-of-black-hat-usa-2025-las-vegas 🎧 Listen to the Random and Unscripted episode — "We're Becoming Dumb and Numb" — with Sean Martin and Marco Ciappelli: https://randomandunscripted.com/episodes/were-becoming-dumb-and-numb-why-black-hat-2025s-ai-hype-is-killing-cybersecurity-and-our-ability-to-think-random-and-unscripted-weekly-update-with-sean-martin-and-marco-ciappelli | 🎬 Watch on YouTube 🔔 Subscribe to the Future of Cybersecurity newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to Lens Four on seanmartin.com and "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity Sincerely, Sean Martin and TAPE9 Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website. 🔎 Keywords agentic AI, workflow automation, task-specific AI agents, AI hiring tools, resume screening automation, HireVue, Paradox Olivia, legal AI, Harvey AI, LegalOn, contract review automation, agentic SOC, Dropzone AI, Stellar Cyber, Token Security, AI agent identity, RSAC 2026, Nintex, Microsoft Copilot Studio, agentic orchestration platform, human accountability in AI, agentwashing, AI augmentation vs replacement, AI governance, enterprise AI adoption, Gartner agentic AI, Forrester AI forecast, AI decision accountability, AI regulatory compliance, AI workforce impact Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Third-party risk is no longer a background concern for healthcare organizations -- it is a frontline challenge. Jason Kor, Principal at HITRUST, works on the company's third-party risk management team, helping enterprises understand the security risk embedded in their supply chains. The numbers tell a stark story: according to Security Scorecard, 99% of the world's 2,000 largest companies are actively connected to a vendor that has experienced a breach in the past 18 months. And Verizon's Data Breach Investigations Report shows that the share of breaches tied to a third party has doubled year over year. HITRUST exists precisely to help organizations move from awareness to action. HITRUST will be at HIMSS 2026 in Las Vegas, March 9-12, at Booth 11307. Stop playing whack-a-mole with vendor risk -- step into the VR challenge and win prizes. For organizations already holding a HITRUST certification, the team has something else waiting: a trophy recognizing the commitment to independent, external audits and rigorous security standards. For those exploring certification for the first time, the booth is a chance to understand how HITRUST compares to alternatives like SOC 2 questionnaires -- and why scalability and risk reduction make it the stronger choice for supply chain assurance. Kor puts it plainly: the audits are time-consuming and expensive because they are effective. And at the end of the process, someone reads that report and makes real business decisions based on what it contains. Two major themes converge at this year's event: supply chain risk and AI. HITRUST has already launched an AI security assessment offering, and new CSF releases are on the horizon, including a report center feature enabling online review of assessments for anti-fraud and continuous monitoring purposes. On Tuesday, March 10, 2026, from 11:10 AM to 11:30 AM, Kor will deliver a 20-minute session titled "Understanding AI Security Risk -- The New Blind Spot in TPRM and Supply Chain Resilience." The session addresses a rapidly evolving challenge: as organizations build their own generative AI tooling -- or work with third parties that have integrated AI into their products -- questions around data sovereignty, input handling, and model provenance become critical, especially in healthcare where electronic health information is at stake. Also on the HIMSS 2026 agenda from HITRUST: Ryan Patrick, Executive Vice President of TPRM Customer Solutions, joins John P. Houston of UPMC and Chuck Christian of Franciscan Health for a Brunch Briefing titled "Building Secure, Compliant, and Resilient Healthcare Systems Together" on Tuesday, March 10, 2026, from 10:30 AM to 11:45 AM at Level 1, Casanova 505. The session offers practical strategies, frameworks, and real-world lessons for organizations looking to reduce risk, enhance protection, and advance trust in an evolving threat and regulatory landscape. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Jason Kor, Principal, HITRUSThttps://www.linkedin.com/in/securityconsultantcissp/ RESOURCES HITRUST: https://hitrustalliance.net Jason Kor Session -- Understanding AI Security Risk -- The New Blind Spot in TPRM and Supply Chain Resilience (Tuesday, March 10, 2026, 11:10 AM - 11:30 AM): https://app.himssconference.com/event/himss-2026/planning/UGxhbm5pbmdfNDMyMTMxOA== Building Secure, Compliant, and Resilient Healthcare Systems Together -- Brunch Briefing (Tuesday, March 10, 2026, 10:30 AM - 11:45 AM): https://app.himssconference.com/event/himss-2026/planning/UGxhbm5pbmdfNDMzNzQwMQ== HIMSS 2026 Global Health Conference and Exhibition: https://www.itspmagazine.com/cybersecurity-technology-society-events/himss-global-health-conference-amp-exhibition-2026 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Jason Kor, HITRUST, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, third-party risk management, TPRM, supply chain risk, healthcare cybersecurity, HIMSS 2026, AI security, generative AI risk, HITRUST CSF, cybersecurity certification, data sovereignty, electronic health information, vendor risk management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means. In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter. 🔍 In this episode: Why identity-driven attacks now account for 65% of initial access and what that means for security programs The CISO who replaced the entire SOC with AI-driven automation — and the math behind the decision 375 AI security vendors, 58 focused on SOC automation, and over $1.3 billion in funding reshaping the market Why "resilience" without a timeframe is just damage control The board-CISO communication gap that's pulling budgets in the wrong direction Sean's Take: When attackers operate in minutes and defenders plan in quarters, the gap isn't technology — it's assumptions. The organizations closing the 72-minute gap aren't hiring faster. They're rethinking what humans are for and what machines should own. Catch the full companion article on Lens Four at seanmartin.com for the complete three-lens analysis with all references and data sources. For CISOs and security leaders: Can your program detect, investigate, and contain a threat in 72 minutes — or are you still measuring in days?For vendors and product teams: Is your platform solving the operational problem CISOs have today, or selling a vision their program can't execute on?For marketing and go-to-market teams: Are you connecting your messaging to measurable outcomes — or hiding behind buzzwords like "resilience" and "platform"? 📖 Read the full Lens Four analysis on seanmartin.com: https://www.seanmartin.com/lens-four/72-minute-gap-breaches-vendors-messaging 🎬 Watch the companion video summary — "Why Hackers Beat Your Security in Just 72 Minutes": https://youtu.be/EjsADm7faJ0 🎧 Listen to the Redefining CyberSecurity Podcast conversation with Richard Stiennon on SOC automation: https://redefiningcybersecuritypodcast.com/episodes/soc-automation-and-the-ai-driven-future-of-cybersecurity-defense-a-redefining-cybersecurity-podcast-conversation-with-richard-stiennon-chief-research-analyst-of-it-harvest 🎬 Watch the video version of the Richard Stiennon conversation: https://youtu.be/si_fS4H-d3w 🔔 Subscribe to the Future of Cybersecurity newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence. Enjoy, think, share with others, and subscribe to Lens Four on seanmartin.com and "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity Sincerely, Sean Martin and TAPE9 Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️ Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location To learn more about Sean, visit his personal website. 🔎 Keywords 72-minute gap, ai-driven cyberattacks, soc automation, unit 42, incident response, identity-driven attacks, credential theft, iam misconfigurations, cisa workforce, agentic ai, palo alto networks, crowdstrike, google wiz acquisition, cybersecurity spending, platform consolidation, ai security vendors, it-harvest, richard stiennon, gartner cybersecurity trends 2026, forrester predictions, clawjacked, enterprise management associates, board-ciso communication, cybersecurity resilience, managed security services, cyber insurance, redefining cybersecurity podcast, lens four, sean martin, tape9 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ The security operations center has always been a battleground of volume, velocity, and human endurance. Analysts have long faced the impossible math of too many alerts, too few hours, and too much at stake. For years, the industry promised automation would change that equation -- but the technology was never quite ready to deliver. That moment, according to Richard Stiennon, has now arrived. Stiennon, Chief Research Analyst at IT-Harvest, has spent two decades tracking every corner of the cybersecurity vendor landscape. His data now shows more than 61 net-new SOC automation vendors -- companies that did not exist a few years ago -- built from the ground up to replace the work of tier-one, tier-two, and tier-three analysts. Some of these vendors launched in January 2024 and reached $1 million in ARR by April. By the end of 2025, several were reporting $3 million ARR. These are not incremental improvements. They represent a structural shift in how security operations can be run. What makes this generation of SOC automation different from earlier SIEM and SOAR tooling is scope and autonomy. The value proposition is blunt: 100% alert triage, 24 hours a day, 7 days a week -- with automated case building, threat investigation, and response actions including machine isolation and reimaging. Stiennon points to a CISO he met, speaking under Chatham House rules, who disclosed that a large enterprise had already eliminated its entire human SOC team. He predicts that disclosure will go public before long. The conversation also explores the business context question that security leaders frequently wrestle with: are these AI-driven SOC tools operating with a narrow cyber mandate, potentially optimizing for security metrics at the expense of business continuity? Stiennon pushes back on that concern, arguing that large language models are already trained on the full breadth of human knowledge -- they understand business context at a level that exceeds most organizations' internal documentation. The more pressing risk, he suggests, is not that AI will act outside business intent, but that organizations will move too slowly to benefit. Waiting six months for a proof-of-concept report while spending a million dollars on human SOC operations is not due diligence -- it is opportunity cost. The conversation also touches on data privacy in AI-driven security, the role of federated learning and fully homomorphic encryption for compliance-sensitive environments, and what security leaders can do today to evaluate and accelerate their own adoption timeline. Stiennon will be at RSA Conference 2026 with his new book, Guardians of the Machine Age: Why AI Security Will Define Digital Defense, continuing to make the case for a field that is moving faster than most organizations are prepared to acknowledge. ⬥GUEST⬥ Richard Stiennon, Chief Research Analyst at IT-Harvest | Website: https://it-harvest.com/ On LinkedIn: https://www.linkedin.com/in/stiennon/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ IT-Harvest | https://it-harvest.com/ Richard Stiennon on LinkedIn | https://www.linkedin.com/in/stiennon/ Guardians of the Machine Age: Why AI Security Will Define Digital Defense (Richard Stiennon) | Available via IT-Harvest and major booksellers RSAC Conference 2026 Coverage on ITSPmagazine | https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On Podcast: https://www.seanmartin.com/redefining-cybersecurity-podcast On YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Newsletter: https://itspm.ag/future-of-cybersecurity Contact Sean: https://www.seanmartin.com/ ⬥KEYWORDS⬥ richard stiennon, it-harvest, sean martin, soc automation, ai security, security operations center, threat detection, autonomous response, alert triage, security operations, cybersecurity vendors, ai agents, large language models, federated learning, siem, soar, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands. Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where mission-first thinking wasn't optional, it was survival. As a safety officer, he studied aircraft mishaps, analyzed black box recordings, and learned that risk awareness doesn't mean risk paralysis. The same philosophy, he argues, applies to cybersecurity: teams can acknowledge risk without letting fear of failure prevent them from supporting the mission. Drawing from books like Dale Carnegie's How to Win Friends and Influence People, The Phoenix Project, and The Goal, Josh Mason structured his own book as a narrative, telling the story of a CIO who transforms a disconnected security team into one that communicates effectively with colleagues, leadership, the board, and eventually beyond the organization. A recurring theme in this conversation is the danger of perfection as the enemy of progress. Josh Mason uses the Iron Man analogy of building an imperfect prototype, flying it, learning from the failure, and iterating, to argue that security teams need to embrace a similar mindset. DevOps teams have already adopted this approach, and security can learn from it. Inaction for perfection's sake, he warns, isn't going to get anyone anywhere. The conversation also examines whether the cybersecurity industry does enough to learn from its own incidents. Unlike aviation, where the FAA and NTSB mandate rigorous post-incident analysis, cybersecurity lacks a centralized authority enforcing that same discipline. Organizations like MITRE, Verizon, and Mandiant publish valuable trend reports, and the data is there for those willing to use it, but it ultimately comes down to individual responsibility and leadership within each organization. For anyone who has ever felt technically right but strategically sidelined, this conversation offers a practical lens on bridging the gap between what security teams know and what the business needs to hear. ⬥GUEST⬥ Josh Mason, Author of Speaks Security with a Business Accent | Air Force Veteran, Cybersecurity Professional, and Founder of Noob Village | Website: https://www.mason-sc.com | On LinkedIn: https://www.linkedin.com/in/joshuacmason/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ Speaks Security with a Business Accent by Josh Mason | https://www.mason-sc.com The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq 📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/ Contact Sean Martin to request to be a guest on an episode of Redefining CyberSecurity: https://www.seanmartin.com/contact ⬥KEYWORDS⬥ josh mason, sean martin, speaks security with a business accent, cybersecurity communication, business alignment, penetration testing, risk management, air force cybersecurity, security leadership, mission-driven security, stakeholder communication, security storytelling, noob village, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

New Book: Climate Capital — Investing in the Tools for a Regenerative Future | An Interview with Tom Chi | An Analog Brain In A Digital Age With Marco Ciappelli What if the economy isn't broken — just badly designed? Tom Chi, Google X founding member, inventor of 77 patents, and venture capitalist at At One Ventures, joined me on An Analog Brain In A Digital Age to discuss his new book Climate Capital: Investing in the Tools for a Regenerative Future. From the streets of Florence to the strip malls of Silicon Valley, from the mechanics of attention capture to the physics of ecological economics, this conversation goes far beyond climate. It's about how we design the systems we live inside — and whether we have the will to redesign them before it's too late. 📺 Watch | 🎙️ Listen | marcociappelli.com Article Body Tom Chi has worked on things that changed the world. Microsoft Office. Web search. The self-driving car. Google Glass. He'll tell you himself that not all of them were hits, and he's fine with that — that's what it means to be an inventor. But what he's working on now is different in scale from anything before. Not a product. Not a platform. A redesign of the global economy. His new book, Climate Capital: Investing in the Tools for a Regenerative Future, starts from a premise that sounds radical until you think about it for more than a few minutes: economics is a design discipline. And right now, it's poorly designed. Not maliciously — poorly. We built systems optimized for short-term capital extraction, and we're living with the consequences. The question Tom is asking is whether we can redesign them before those consequences become irreversible. He didn't get there through ideology. He got there through Florence. Tom was auditing sustainable MBA courses alongside his partner when he was invited to a conference in Italy. He landed, got a day off, wandered the streets — and something clicked. The entire city is built from sustainable materials. And it's one of the most beautiful places on earth. That moment demolished an assumption he didn't even know he was carrying: that sustainable living means downgrading. Florence is a 2,000-year-old counterexample to every joke about Birkenstocks and cold showers. We knew how to do this. We just forgot. Which brings us to the first big thread of our conversation: the pattern of forgetting. We talked about this in the context of technology, not history. Specifically, how the shift from software you paid for to software supported by advertising quietly changed everything. When you pay for a tool, the goal is to make it better. When the tool is supported by advertisers, the goal is to keep you inside it as long as possible. Clippy used to annoy us because it interrupted our train of thought. Now interrupting our train of thought is the entire business model. Tom has a phrase for what's happening at scale: cognitive despoiling. We spent the 20th century strip mining the physical resources of the planet. We're spending the 21st century strip mining the cognitive resources of humanity. There's a finite number of coherent thoughts this civilization can produce. And we're burning through them — with misinformation, amygdala triggers, and dopamine loops — the same way we burned through forests and waterways. The damage is invisible because it's underwater, like ocean trawling. But it's real. And it compounds across generations. This is where I had to push back a little. Because I grew up in Florence. I made the jump to digital. I love my vinyls and I love my streaming library. I'm part of the contradiction he's describing. And I asked him: given all this, where do you even start? His answer is the most practical thing I've heard in a long time. Start with physical businesses. The ones actually causing most of the damage — to water, soil, air, biodiversity. And here's the part that almost nobody is talking about: 90% of the cost structure of a physical business already aligns ecological and economic goals. Fewer raw materials used means lower feedstock costs and less extraction. Less energy consumed means lower processing costs and fewer emissions. Shorter supply chains mean lower logistics costs and fewer transport emissions. The economy and the ecology are already pointing the same direction on 90% of what matters. The 5% that isn't aligned — pollution — is what the lobbyists fight about. So that's what dominates the news. And that's why we think this is harder than it is. Tom's firm, At One Ventures, is built around this insight. They invest in what he calls the triad: disruptive deep tech that delivers radically better unit economics and radically better environmental outcomes at the same time. Their portfolio companies don't sell sustainability. They sell efficiency. The ecological benefit is baked in by design. The customers buy it because it's cheaper and better. The planet wins as a side effect. That's the book. Part toolkit, part framework, part demonstration that the future we need is already technically possible. The Four C's — critical thinking, creativity, compassion, community — are the human skills that will matter most as AI and robotics take over the rest. And the Three Epochs of Ecological Technology are the roadmap from the economy we have to the one that could actually last. I don't know if we'll get there in time. Neither does Tom. But I left this conversation thinking something I don't think often enough: the design problem is solvable. We just have to decide we want to solve it. Climate Capital is out now from Wiley. Link below. And if this is the kind of conversation you come here for — subscribe to the newsletter at marcociappelli.com. — Marco Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly | 🌎 LAX🛸FLR 🌍 ____________ About Marco Marco Ciappelli is Co-Founder & CMO of ITSPmagazine, Co-Founder & Creative Director of Studio C60, Branding & Marketing Advisor, Personal Branding Coach, Journalist, Writer, and Host of An Analog Brain In A Digital Age podcast. Born in Florence, Italy, and based in Los Angeles, he explores the intersection of technology, society, storytelling, and creativity — with an analog brain, in a digital age. 🌎 marcociappelli.com    ___________ About the Guest About the Guest Tom Chi is a lifelong technologist, inventor, and Google X founding member who contributed to Google Glass, the Waymo self-driving car, and Project Loon. He holds degrees in electrical engineering from Cornell University, is a named inventor on 77 patents, and has held executive roles at Microsoft, Yahoo, and Google. After Google, he mentored 200+ entrepreneurs on global development challenges before professionalizing his investment work at Hack VC and Crosslink Capital. He is now Managing Partner at At One Ventures, a venture firm with a mission to help humanity become a net positive to nature. Climate Capital: Investing in the Tools for a Regenerative Future (Wiley, February 2026) is his first book. 🔗 tomchi.com   Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Host | Matthew S Williams For more podcast Stories from Space with Matthew S Williams, visit: https://itspmagazine.com/stories-from-space-podcast ______________________Episode Notes Asteroid Mining: The Promise, the Problems, and the Philosophy Asteroid mining is one of those ideas that cycles in and out of public fascination — generating enormous excitement, then fading when people realize it won't happen within the next news cycle. But the concept never truly disappears, and for good reason. Near-Earth asteroids, numbering in the millions, contain staggering quantities of precious metals, rare earth elements, and water ice. Ironically, those same materials — iron, gold, platinum, nickel, and dozens of others — were originally delivered to Earth by asteroids during the Late Heavy Bombardment period some four billion years ago. We're essentially talking about going back to the source. The three main asteroid types — carbonaceous (C-type), silicate (S-type), and metallic (M-type) — each offer distinct resources. Beyond metals, the abundance of water ice in the solar system could relieve pressure on Earth's increasingly stressed freshwater supply and fuel deep-space missions. Philosophically, the implications are profound. Thomas More and Nietzsche both wrestled with why scarcity drives human value systems. Flood the market with space-borne metals and the entire economic architecture built on scarcity begins to crumble. Orwell saw it too — abundance erodes hierarchy. The first trillionaires born from asteroid mining might find their wealth meaningless almost immediately after making it. But the darker scenarios deserve equal attention. Redistributing consumption off-world doesn't eliminate it. Space debris, environmental degradation beyond Earth, and the very real risk of exploitative labor structures in off-world operations — echoes of colonialism and indentured servitude — are not science fiction. They're logical extensions of human patterns. The enthusiasm may ebb and flow, but asteroid mining remains an inevitable chapter in humanity's story. The real question is what kind of story we choose to write around it. ______________________ Resources   ______________________ For more podcast Stories from Space with Matthew S Williams, visit: https://itspmagazine.com/stories-from-space-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

There is a question that sounds almost embarrassingly simple. After a vulnerability is discovered in a piece of widely used software — something like Log4Shell, which shook the security world and left hundreds of thousands of organizations exposed overnight — the question organizations scrambled to answer was this: where is this code, and what does it touch? Most couldn't answer it. Not the Fortune 500 companies. Not the government agencies. Not the critical infrastructure operators. Not the hospitals or the banks or the utilities. They had built and bought mountains of software over years and decades, and when the moment came to understand what was actually inside it, they were effectively blind. That gap is exactly what Daniel Bardenstein set out to close when he co-founded Manifest Cyber in 2023. And in a conversation on ITSPmagazine's Brand Highlight series, he made a case for technology transparency that is hard to argue with — not because it's technically complex, but because the analogy he draws is so strikingly obvious once you hear it. "If you want to buy a house, you get to go inside the house, do the home inspection," he said. "You want to buy food from the grocery store — you can look at the ingredients. Even our clothes tell you what they're made of, how to care for them, and where they're from." But software? The technology running hospital MRI machines, weapon systems, financial infrastructure, water delivery? No transparency required. No ingredient label. No inspection rights. Just trust. That trust, as Log4Shell demonstrated, is a vulnerability in itself. Bardenstein came to this problem with credentials that few founders in the space can claim. Before starting Manifest, he spent four and a half years in the US government leading large-scale cyber programs and serving as technology strategy lead at CISA — the Cybersecurity and Infrastructure Security Agency. He saw firsthand how defenders are perpetually at a disadvantage, operating without the basic visibility they need to do their jobs. His mission became building the tools to change that. The problem, he's quick to point out, has not improved in the years since Log4Shell. Software supply chain attacks have multiplied — XZ Utils, NPM Polyfill, and others following the same pattern: trusted software becomes the attack vector, and it spreads fast. Meanwhile, most security teams are still operating with SCA tools that generate noisy, overwhelming alerts and vendor risk programs built on Excel spreadsheets and questionnaires rather than actual empirical data about the security of what they're buying. "Security teams have a false sense of security," Bardenstein said. The gap between what organizations think they know and what they actually know about their software supply chains remains dangerously wide. Manifest Cyber addresses this across the full lifecycle. For organizations that build software, the platform maps every open source dependency, assesses it for risk, and ensures developers can write more secure code without losing velocity. For organizations that buy software — which is everyone — it finds risks before procurement, then continuously monitors every third party component so that when something breaks, they know the blast radius in seconds, not weeks. The timing matters. Regulation is catching up to the problem. The EU AI Act, the Cyber Resilience Act, and a growing body of global policy are beginning to demand exactly the kind of software supply chain transparency that Manifest is built to provide. Organizations that wait to build this capability will find themselves scrambling to comply — those that build it in now will have it as a competitive advantage. The ingredient label for software has always been missing. Manifest Cyber is writing it. ________________________________________________________________ Marco Ciappelli interviews Daniel Bardenstein, CEO & Co-Founder of Manifest Cyber, for ITSPmagazine's Brand Highlight series. HOST Marco Ciappelli — Co-Founder & CMO, ITSPmagazine | Journalist, Writer & Branding Advisor 🌐 https://www.marcociappelli.com 🌐 https://www.itspmagazine.com GUEST Daniel Bardenstein, CEO and Co-Founder of Manifest Cyber https://www.linkedin.com/in/bardenstein RESOURCES Manifest Cyber: https://www.manifestcyber.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Manifest Cyber, software supply chain security, SBOM, Log4Shell, open source vulnerability, technology transparency, Daniel Bardenstein, CISA, software composition analysis, third party risk, EU Cyber Resilience Act, AppSec Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

New Book: Lost in Time — Our Forgotten and Vanishing Knowledge | An Interview with Jack R. Bialik | An Analog Brain In A Digital Age With Marco Ciappelli There's a particular arrogance embedded in how we talk about progress. We speak about innovation as if it moves in one direction only — forward, upward, smarter, faster. But what if the line isn't straight? What if it loops, doubles back, and occasionally vanishes entirely? That's the uncomfortable question at the center of my conversation with Jack R. Bialik. His book Lost in Time: Our Forgotten and Vanishing Knowledge doesn't read like a history lesson. It reads like a case file — evidence, example by example, that the civilization we assume is the most advanced in human history is also, in some critical ways, deeply amnesiac. Take cataract surgery. We learned it in the 1700s, right? Except we didn't. Indians were performing it in 800 BC. The ancient Egyptians and Babylonians had diagrams of the procedure dating back to 2,400 BCE. The knowledge existed, worked, and then — somewhere in the chaos of collapsing empires and burning libraries — it vanished. We didn't progress past it. We forgot it, and then reinvented it from scratch, centuries later, convinced we were doing something new. Or the Baghdad Battery: clay pots, 2,000 years old, that when filled with acid can generate 1.1 volts of electricity. We don't know what they used them for. We don't know who figured it out. We just know it worked, it existed, and then it didn't anymore. This is what Bialik calls the pattern of loss — and it's not random. It follows catastrophe: the Library of Alexandria, the systematic destruction of Mayan records, the slow erosion of oral traditions as writing systems took over. Knowledge disappears when the systems that carry it collapse. And here's where the conversation gets uncomfortably relevant: we are building those systems right now, and we are not thinking about how long they'll last. The curator at the Computer History Museum told Bialik that to preserve the data from early IBM PCs and Macintosh computers, they had to print it on paper. The floppy drives had become brittle. The formats were unreadable. The digital archive was failing — and the only solution was to go analog. A vinyl record from the 1920s still plays. A CD from the 1980s may not survive another decade. I've been thinking about this since we recorded. My brain is analog — that's not just a podcast title, it's a philosophy. I grew up in Florence, surrounded by things that had survived centuries because they were made to last: stone, fresco, manuscript. Then I jumped on the digital train like everyone else, seduced by infinite libraries on my phone, music on demand, knowledge at my fingertips. But what Bialik is pointing out is that fingertips are fragile. And so are hard drives. The deeper issue isn't storage format. It's the distinction Bialik draws between knowledge and wisdom. Knowledge is the data — the cataract surgery technique, the battery design, the pyramid engineering. Wisdom is knowing why it matters, when to use it, and what the consequences might be. We've gotten extraordinarily good at accumulating knowledge. We are considerably worse at transmitting wisdom. And wisdom, Bialik argues, doesn't live in databases. It lives in the space between people — in stories, in teaching, in the slow transmission of judgment across generations. That's why oral tradition survived when everything else failed. Not because it was more sophisticated, but because it was more human. It didn't require a device to run on. I don't know how to solve the digital longevity problem. Neither does Bialik — not yet. But I think the first step is admitting we have one. That's actually one of the quietest, most powerful arguments in the book: be humble. We don't know everything. We never did. And some of the things we've lost might be exactly what we need right now. The question isn't just what we've forgotten. It's what we're forgetting today, while we're too busy scrolling to notice. Grab Lost in Time: Our Forgotten and Vanishing Knowledge — link below — and spend some time with a perspective that goes very, very far back. Which is maybe the only way to see very, very far forward.   And if this kind of conversation is what you come here for, subscribe to the newsletter at marcociappelli.com.  More of this. Less noise. — Marco Ciappelli Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly | 🌎 LAX🛸FLR 🌍   ____________ About Marco Marco Ciappelli is Co-Founder & CMO of ITSPmagazine, Co-Founder & Creative Director of Studio C60, Branding & Marketing Advisor, Personal Branding Coach, Journalist, Writer, and Host of An Analog Brain In A Digital Age podcast. Born in Florence, Italy, and based in Los Angeles, he explores the intersection of technology, society, storytelling, and creativity — with an analog brain, in a digital age. 🌎 marcociappelli.com  ___________ About the Guest Jack R. Bialik is a technology expert and author with a 40-year career spanning electrical engineering, project management, F-15 fighter simulation for the U.S. Air Force, Nokia, Motorola, and the Department of Homeland Security. Lost in Time: Our Forgotten and Vanishing Knowledge is the result of years of research into the technologies, wisdom, and innovations that vanished from our collective memory — and what that means for our digital future. 🌎 jrbialik.com Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTSubo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedInRESOURCESLearn more about Stellar Cyber: https://stellarcyber.aiAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSSubo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Ben Ikwuagwu is a vocalist, performer, and entrepreneur who has spent over 15 years navigating the live events world. That firsthand experience, combined with a degree in operations and years working in corporate America, gives him a unique vantage point on what makes the industry run and where it breaks down. Now, as CEO & Co-Founder of Soundcheck Live, he is channeling both worlds into a single platform designed to simplify how live event professionals manage their work.What does an all-in-one operations platform for live events actually do? Soundcheck Live focuses on four core pillars: booking, scheduling, payments, and coordination. Ikwuagwu explains that every event, regardless of size, comes down to these four elements. The platform provides a centralized dashboard where teams can manage gig details, client communication, and payment information without juggling spreadsheets, text threads, and scattered documents.How is Soundcheck Live building differently? From day one, the team has built the product around its users. Pilots with bands, production companies, and venues shaped the tool from the ground up. With advances in AI, the feedback loop has accelerated dramatically. Focus group insights that once took weeks to implement now translate into working features in hours, giving users the feeling that the platform is being custom-built for their specific workflows.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTBen Ikwuagwu, CEO & Co-Founder of Soundcheck LiveOn LinkedIn: https://www.linkedin.com/in/benjaminikwuagwu/RESOURCESSoundcheck Live (Website): https://soundchecklive.io/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSBen Ikwuagwu, Soundcheck Live, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, live events, gig management, event operations, live music, booking platform, freelancer tools, event technology, live entertainment, artist management, talent agencies Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

There's a particular kind of clarity you get when you talk to someone who spends their days breaking into things for a living. Not with malice — with purpose. John Steigerwald, known to most in the industry simply as "Stigs," co-founded White Knight Labs in 2016 with a mission that sounds almost disarmingly simple: build the best penetration testing team anyone has ever seen, and actually deliver results. Nearly a decade later, the company has grown to 40 people, gone international, and is busier than ever. The question worth asking is: why?The uncomfortable answer, according to Stigs, is that the fundamental problems haven't changed. At all."Honestly, it's still 2015," he said during our most recent conversation on ITSPmagazine's Brand Story series. Not as a metaphor. As a diagnosis. The same misconfigurations, the same weak identity policies, the same unlocked back doors that red teamers were exploiting a decade ago are still wide open today. The apps built in a COVID-era frenzy — pushed out fast, tested never — are now running critical business infrastructure. And the organizations using them are only finding out when something breaks.What's changed is the surface area. Cloud, AI, Microsoft 365, vibe-coded production apps — each new layer of technology gets adopted at speed, and each one arrives carrying the same original sin: no one turned on the basics. Stigs used Microsoft 365 as a pointed example. Millions of businesses are running on it with DMARC turned off, default configurations untouched, Copilot layered on top, and not a single CIS Benchmark policy applied. "Every client is vulnerable," he said. "Not just 10% of clients. Every client."That's a striking statement. It's also, if you've been paying attention to breach headlines, not a surprising one.The AI angle adds a new and almost darkly comedic wrinkle. Vibe coding — the practice of using AI tools like Cursor or Claude to generate production-ready code at speed — has given entry-level developers intermediate-level output. Which sounds great, until you realize that the AI models many of them leaned on were trained on outdated, sometimes vulnerable data. Stigs described visiting multiple clients with nearly identical security weaknesses, all tracing back to the same ChatGPT-generated setup instructions. "You and your neighbor did the same thing," he told one client. That's not just a funny anecdote. It's a warning about what happens when an entire industry bootstraps its infrastructure from the same flawed source.And yet, Stigs isn't anti-AI. He uses it every day. He just sees it with the clarity of someone who also finds the holes it leaves behind. His prediction for the near future: a massive wave of secure code review requests, as companies start reckoning with the vibe-coded backlog they've been quietly accumulating. AppSec is about to have a very good year.Looking forward, White Knight Labs is watching the growing intersection of private sector expertise and government infrastructure testing with particular interest. Critical infrastructure in America, long overdue for rigorous physical and embedded testing, is starting to receive that attention. Stigs and his team are already in the room.What makes White Knight Labs different isn't just technical skill — it's the ability to communicate what they find in language that actually lands. In an industry full of reports that gather dust, that matters. The best penetration test in the world is useless if no one acts on it.The door is open. It's been open for years. The question is who you call to finally lock it.To learn more about White Knight Labs, visit their website or reach out directly. Listen to the full conversation on ITSPmagazine.GUESTJohn StigerwaltFounder at White Knight Labs | Red Team Operations Leaderhttps://www.linkedin.com/in/john-stigerwalt-90a9b4110/RESOURCESWhite Knight Labs:  https://whiteknightlabs.com_____________________________________________________________Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What happens when AI agents inherit access to enterprise systems but nobody governs their identities? Ido Shlomo, Co-Founder and CTO of Token Security, joins the conversation to unpack a rapidly growing challenge that many organizations face but few have addressed. As businesses accelerate AI adoption, agents are being deployed to fetch data from CRMs, process emails, and execute actions across platforms. The problem is that these agents often operate with persistent access, no clear ownership, and little visibility into what they can reach.How should security teams approach AI agent identity governance? Shlomo explains that the first step is discovery. Most companies do not know what their AI agent inventory looks like, and without that baseline, effective governance is impossible. The good news, he notes, is that agents do not suffer from politics. They do exactly what they are told and operate within the boundaries they are given. That predictability makes the challenge more manageable if the right tooling is in place.What makes an effective access policy for AI agents? Rather than relying on prompt filtering or output controls that add latency and friction, Shlomo advocates for intent-based permission models that scope each agent to access only what it needs, when it needs it. He frames the prioritization process as a matrix of access and autonomy, where the agents with the highest levels of both deserve immediate attention. For business leaders, the visibility that comes from this approach also reveals waste and inefficiency, highlighting departments and services that are not delivering on their intended value. To learn more about how to identify, govern, and secure AI agent identities, connect with the Token Security team and follow Ido Shlomo for practical guidance.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTIdo Shlomo, Co-Founder & CTO of Token SecurityOn LinkedIn: https://il.linkedin.com/in/ido--shlomoRESOURCESToken Security (Website): https://www.token.security/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSIdo Shlomo, Token Security, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, AI agent identity, non-human identity, identity governance, AI agent security, identity risk, least privilege, AI agent access, machine identity, NHI security, AI agent inventory, intent-based access Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Agade: The AI-Powered Wearable Robots That Protect Workers, Not Replace Them AI Meets Human CraftsmanshipThere's something poetic about a technology born to help people with muscular dystrophy finding its second life on factory floors and logistics warehouses. That's the story of Agade, an Italian deeptech startup that began as a research project at Politecnico di Milano and evolved into something far more ambitious: a mission to preserve human craftsmanship in an age of automation.I sat down with Lorenzo Aquilante, CEO and co-founder of Agade, to talk about their journey from healthcare innovation to industrial exoskeletons—and what it was like showcasing their latest product at CES 2026.The origin story matters here. Back in 2017, researchers at Politecnico di Milano started developing exoskeletons for people affected by muscular dystrophy. They created something different—a semi-active model powered by AI that recognizes when a user is lifting and responds accordingly. It wasn't just about motors and sensors. It was about intelligence.Then companies came knocking. Manufacturing firms, logistics operations, industries where human workers still matter because their skills, experience, and judgment can't be replaced by machines. They saw potential. Why not use this technology to protect the people doing the heavy lifting—literally?Agade was founded in 2020 with a clear mission: preserve craftsmanship against the physical toll of material handling. Not replace humans. Protect them.The company now has two products. The first, launched in 2024, focuses on shoulder assistance. The second—the one they brought to CES 2026—targets the lower back, which makes sense when you consider that back pain is practically an occupational hazard for anyone moving materials all day.What makes Agade's approach different is that semi-active AI system. The exoskeleton knows when you're lifting. It responds. It's not just a passive brace or a fully motorized suit that takes over. It's somewhere in between—smart enough to help, light enough to wear all day.Lorenzo emphasized something that resonated with me: the importance of feedback. From day one, Agade has been obsessed with real-world testing. Not lab conditions. Actual workers doing actual jobs. Because the buyer isn't the user—companies purchase these for their employees—and that creates a unique dynamic. You need both sides to believe in the technology.The CES experience brought that home. There's always the initial wow factor when someone sees a wearable robot with motors and sensors. But the real work happens after the demo, when users tell you what needs to improve. That's where the collaboration lives.And here's what struck me most about this conversation: Agade isn't trying to remove humans from the equation. They're trying to keep humans in it longer, healthier, and more capable. In a world racing toward full automation, there's something refreshing about a company betting on human skill—and building technology to protect it.The products are available globally. You can reach Agade through their website at agadexoskeletons.com, find them on LinkedIn and other social channels, and even arrange trials before committing to a purchase.For those of us watching the intersection of AI, robotics, and human labor, Agade represents a different path. Not humans versus machines. Humans with machines. Tools that amplify rather than replace.That's a story worth telling.Marco Ciappelli interviews Lorenzo Aquilante, CEO & Co-Founder of Agade, for ITSPmagazine's Brand Highlight series following CES 2026.>>> Marcociappelli.comGUESTLorenzo Aquilante, CEO and co-founder of Agadehttps://www.linkedin.com/in/lorenzo-aquilante-108573b0/RESOURCESAGADE: https://agade-exoskeletons.comAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSAgade, exoskeleton, CES 2026, wearable robotics, AI, future of work, industrial exoskeleton, made in Italy, workplace safety, deeptech, robotics. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The CISA Known Exploited Vulnerabilities (KEV) catalog is one of the most referenced resources in vulnerability management, but how well do security teams actually understand what it tells them? In this Brand Highlight, Tod Beardsley, Vice President of Security Research at runZero and former CISA section chief who helped manage the KEV on a daily basis, breaks down what the catalog is designed to do and, just as importantly, what it is not.What is the KEV catalog and who is it really for? The KEV is mandated by Binding Operational Directive 22-01 (BOD 22-01), which tasks CISA with identifying vulnerabilities that are known to be exploited and have an available fix. Its primary audience is federal civilian executive branch agencies, but because the catalog is public, organizations everywhere use it as a prioritization signal. Beardsley notes that inclusion on the KEV requires a CVE ID, evidence of active exploitation, a patch or mitigation, and relevance to federal interests, meaning zero-day vulnerabilities and end-of-life systems without CVEs never appear.How should organizations think about KEV entries that are not equally dangerous? Beardsley explains that only about a third of KEV-listed vulnerabilities represent straight-shot remote code execution with no user interaction and no authentication required. The rest span a wide spectrum of severity. EPSS data reveals an inverse bell curve: many KEV entries have extremely low probabilities of exploitation in the next 30 days, while others cluster at the high end with commodity exploits widely available. This means treating every KEV entry as equally critical leads to wasted effort and alert fatigue.That gap between the catalog and real-world decision-making is exactly what KEVology addresses. The research, produced by Beardsley at runZero, enriches KEV data with CVSS metrics, EPSS scores, exploit tooling indicators, and ATT&CK mappings to help security teams filter and prioritize vulnerabilities based on what actually matters to their environment. Rather than prescribing a single priority list, KEVology treats the KEV as data to be analyzed, not doctrine to be followed blindly.To make this analysis accessible and interactive, runZero built KEV Collider, a free, daily-updated web application at runzero.com/kev-collider. The tool lets defenders sort, filter, and layer multiple risk signals across the entire KEV catalog. Because every filter combination is encoded in URL parameters, teams can bookmark and share custom views with colleagues instantly. Beardsley describes KEV Collider as an evergreen companion to the research, updating automatically as new vulnerabilities are added to the catalog each week.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTTod Beardsley, Vice President of Security Research at runZeroOn LinkedIn: https://www.linkedin.com/in/todb/RESOURCESLearn more about runZero: https://www.runzero.comKEVology research report: https://www.runzero.com/resources/kevology/KEV Collider: https://www.runzero.com/kev-collider/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSTod Beardsley, runZero, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, KEVology, KEV Collider, CISA KEV, vulnerability management, exploit scoring, EPSS, CVSS, vulnerability prioritization, exposure management, BOD 22-01, known exploited vulnerabilities, cybersecurity risk, patch management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What happens when AI safety filters fail to catch harmful content hidden inside images? Alessandro Pignati, AI Security Researcher at NeuralTrust, joins Sean Martin to reveal a newly discovered vulnerability that affects some of the most widely used image-generation models on the market today. The technique, called semantic chaining, is an image-based jailbreak attack discovered by the NeuralTrust research team, and it raises important questions about how enterprises secure their multimodal AI deployments.How does semantic chaining work? Pignati explains that the attack uses a single prompt composed of several parts. It begins with a benign scenario, such as a historical or educational context. A second instruction asks the model to make an innocent modification, like changing the color of a background. The final, critical step introduces a malicious directive, instructing the model to embed harmful content directly into the generated image. Because image-generation models apply fewer safety filters than their text-based counterparts, the harmful instructions are rendered inside the image without triggering the usual safeguards.The NeuralTrust research team tested semantic chaining against prominent models including Gemini Nano Pro, Grok 4, and Seedream 4.5 by ByteDance, finding the attack effective across all of them. For enterprises, the implications extend well beyond consumer use cases. Pignati notes that if an AI agent or chatbot has access to a knowledge base containing sensitive information or personal data, a carefully structured semantic chaining prompt can force the model to generate that data directly into an image, bypassing text-based safety mechanisms entirely.Organizations looking to learn more about semantic chaining and the broader landscape of AI agent security can visit the NeuralTrust blog, where the research team publishes detailed breakdowns of their findings. NeuralTrust also offers a newsletter with regular updates on agent security research and newly discovered vulnerabilities.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTAlessandro Pignati, AI Security Researcher, NeuralTrustOn LinkedIn: https://www.linkedin.com/in/alessandro-pignati/RESOURCESLearn more about NeuralTrust: https://neuraltrust.ai/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSAlessandro Pignati, NeuralTrust, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, semantic chaining, image jailbreak, AI security, agentic AI, multimodal AI, LLM safety, AI red teaming, prompt injection, AI agent security, image-based attacks, enterprise AI security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What happens when the security community stops debating whether AI belongs in the SOC and starts figuring out how to make it work? Monzy Merza, Co-Founder and CEO of Crogl, is helping answer that question, both through the autonomous AI SOC agent his company builds and through the inaugural AI SOC Summit, a community event designed to bring practitioners together for honest, no-nonsense conversation about what is real and what is hype in AI-driven security operations.Crogl builds what Merza describes as a "superhero suit" for SOC analysts. The platform investigates every alert in depth, working across multiple data lakes without requiring data normalization, and escalates only the issues that require human judgment. But the conversation here goes beyond any single product. Merza explains that the motivation for creating the AI SOC Summit came directly from community feedback. Security teams across enterprises are trying to determine what to buy, what to build, and how to govern AI in their environments, and they need a transparent, practical space to share those experiences.How are threat actors changing the game with agentic AI? Merza points to two critical shifts. First, adversaries are now conducting campaigns using agentic systems, which means defenders need to operate at the same speed. Second, the barrier to entry for sophisticated attacks has dropped significantly because agentic systems handle much of the technical detail, from crafting convincing phishing emails to automating post-exploitation activity. The implication is clear: security teams that do not adopt AI-driven capabilities risk falling behind attackers who already have.The AI SOC Summit, hosted March 3rd at the Hyatt Regency in Tysons, Virginia, is structured to serve the practitioners who are doing the daily work of security operations. The morning features keynotes from CISOs sharing what is working and what is not, along with perspectives on AI governance and privacy. The afternoon splits into two tracks: talk sessions from startups and established companies, and a five-and-a-half-hour hackathon where attendees get free access to frontier AI models and tools to experiment hands-on with real security data.Who should attend the AI SOC Summit? Merza identifies four key personas. SOC analysts at every tier who are buried in alert triage. Security engineers deploying AI-driven and traditional tools who want to see how other enterprises are rationalizing their investments. Incident responders and threat hunters who need to understand how to track agentic activity rather than just human activity. And builders, the security teams prototyping and testing AI capabilities in-house, who want to learn from what others have tried, what has failed, and what constraints can be overcome.What sets this event apart from the typical conference experience? The AI SOC Summit is intentionally vendor-agnostic. Sponsors range from reseller partners serving government organizations to household names like Splunk and Cribl, but the focus stays on community learning rather than product pitches. Many organizations still restrict employee access to frontier models and agentic systems, and the summit provides a space where attendees can kick the tires on these technologies without worrying about tooling costs or corporate restrictions. The goal is for every participant to leave with something practical they can take back and apply to their work immediately.This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlightGUESTMonzy Merza, Co-Founder and CEO, Crogl [@monzymerza on X]https://www.linkedin.com/in/monzymerzaRESOURCESCrogl: https://www.crogl.comAI SOC Summit: https://www.aisocsummit.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSMonzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC Summit, AI SOC agent, security operations center, agentic AI, autonomous security, threat detection, SOC analyst, incident response, threat hunting, security engineering, AI governance, cybersecurity community, hackathon, frontier AI models, agentic speed, security automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What does it take to design a signature guitar from the ground up? Chris Buck sits down with Sean Martin at NAMM 2026 to talk about the journey of creating the Yamaha Revstar RS02CB, his first production signature model. Buck describes the experience as surreal, noting that the weight of joining Yamaha's legacy of signature artists continues to hit him in waves. The lengthy design process, he says, was about making sure every detail lived up to what the guitar could be.How did Chris Buck and Yamaha land on the right pickups for the RS02CB? Buck explains that the pickups were the centerpiece of the collaboration, with the team working through countless iterations of magnet types, wire specifications, and voicing options. The result is a set of custom P90-style pickups that deliver the dynamic, responsive tone he has built his sound around. The wraparound tailpiece, a feature less common on modern instruments, adds sustain and directness to the signal path, contributing to the guitar's massive volume and resonance.What makes the RS02CB stand apart from other Revstar models? Buck highlights a three-way pickup selector switch instead of the five-way found on the current generation of Revstars, along with custom inlays and his own signature squiggle on the back of the headstock. He caps the conversation by playing a lick that shows exactly what the guitar can do, leaving no doubt about the instrument's character and capability.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTChris Buck, Yamaha Signature Artist | On Instagram: @chrisbuckguitar | Website: https://www.chrisbuckguitar.shop/RESOURCESYamaha: https://usa.yamaha.com/Yamaha RS02CB Chris Buck Signature Revstar: https://usa.yamaha.com/products/musical_instruments/guitars_basses/el_guitars/rs02cb/index.htmlPart of ITSPmagazine's On Location Coverage at NAMM 2026. 🌐 https://www.itspmagazine.com/the-namm-show-2026-namm-music-conference-music-technology-event-coverage-anaheim-californiaAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightMore From Sean MartinMore from Music Evolves: https://www.seanmartin.com/music-evolves-podcastMusic Evolves on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllTRJ5du7hFDXjiugu-uNPtWMusic Evolves: Sonic Frontiers Newsletter | https://www.linkedin.com/newsletters/7290890771828719616/Line of Sight Newsletter | https://www.linkedin.com/newsletters/7400591548452667392/ITSPmagazine YouTube Channel: https://www.youtube.com/@itspmagazineBe sure to share and subscribe!KEYWORDSChris Buck, Yamaha, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, Yamaha Revstar, RS02CB, signature guitar, P90 pickups, NAMM 2026, Cardinal Black, wraparound tailpiece, electric guitar, guitar design, custom pickups, signature artist Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

None of Your Goddamn BusinessJohn Morgan Salomon said something during our conversation that I haven't stopped thinking about. We were discussing encryption, privacy laws, the usual terrain — and he cut through all of it with five words: "It's none of your goddamn business."Not elegant. Not diplomatic. But exactly right.John has spent 30 years in information security. He's Swiss, lives in Spain, advises governments and startups, and uses his real name on social media despite spending his career thinking about privacy. When someone like that tells you he's worried, you should probably pay attention.The immediate concern is something called "Chat Control" — a proposed EU law that would mandate access to encrypted communications on your phone. It's failed twice. It's now in its third iteration. The Danish Information Commissioner is pushing it. Germany and Poland are resisting. The European Parliament is next.The justification is familiar: child abuse materials, terrorism, drug trafficking. These are the straw man arguments that appear every time someone wants to break encryption. And John walked me through the pattern: tragedy strikes, laws pass in the emotional fervor, and those laws never go away. The Patriot Act. RIPA in the UK. The Clipper Chip the FBI tried to push in the 1990s. Same playbook, different decade.Here's the rhetorical trap: "Do you support terrorism? Do you support child abuse?" There's only one acceptable answer. And once you give it, you've already conceded the frame. You're now arguing about implementation rather than principle.But the principle matters. John calls it the panopticon — the Victorian-era prison design where all cells face inward toward a central guard tower. No walls. Total visibility. The transparent citizen. If you can see what everyone is doing, you can spot evil early. That's the theory.The reality is different. Once you build the infrastructure to monitor everyone, the question becomes: who decides what "evil" looks like? Child pornographers, sure. Terrorists, obviously. But what about LGBTQ individuals in countries where their existence is criminalized? John told me about visiting Chile in 2006, where his gay neighbor could only hold his partner's hand inside a hidden bar. That was a democracy. It was also a place where being yourself was punishable by prison.The targets expand. They always do. Catholics in 1960s America. Migrants today. Anyone who thinks differently from whoever holds power at any given moment. These laws don't just catch criminals — they set precedents. And precedents outlive the people who set them.John made another point that landed hard: the privacy we've already lost probably isn't coming back. Supermarket loyalty cards. Surveillance cameras. Social media profiles. Cookie consent dialogs we click through without reading. That version of privacy is dead. But there's another kind — the kind that prevents all that ambient data from being weaponized against you as an individual. The kind that stops your encrypted messages from becoming evidence of thought crimes. That privacy still exists. For now.Technology won't save us. John was clear about that. Neither will it destroy us. Technology is just an element in a much larger equation that includes human nature, greed, apathy, and the willingness of citizens to actually engage. He sent emails to 40 Spanish members of European Parliament about Chat Control. One responded.That's the real problem. Not the law. Not the technology. The apathy.Republic comes from "res publica" — the thing of the people. Benjamin Franklin supposedly said it best: "A republic, if you can keep it." Keeping it requires attention. Requires understanding what's at stake. Requires saying, when necessary: this is none of your goddamn business.Stay curious. Stay Human. Subscribe to the podcast. And if you have thoughts, drop them in the comments — I actually read them.Marco CiappelliSubscribe to the Redefining Society and Technology podcast. Stay curious. Stay human.> https://www.linkedin.com/newsletters/7079849705156870144/Marco Ciappelli: https://www.marcociappelli.com/John Salomon Experienced, international information security leader. vCISO, board & startup advisor, strategist.https://www.linkedin.com/in/johnsalomon/  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.