CISO Insights: Voices in Cybersecurity

In 2025, software supply chain attacks have surged by 34%, with threat actors like Salt Typhoon exploiting a "lack of visibility" to target critical infrastructure and manufacturing sectors. This episode explores the permanent "SolarWinds Effect" on executive liability and how CISA’s updated 2025 SBOM mandates are forcing organizations to cryptographically prove the integrity of their software "ingredients". Finally, we analyze the...

In this episode, we dissect the escalating cyber threats targeting the cannabis industry in 2025, from the massive STIIIZY data breach to the rise of AI-driven ransomware groups like Everest and Qilin. We explore critical regulatory shifts, including the strategic partnership between Metrc and BioTrack and the strict new data privacy mandates under the NJDPA that are redefining retail compliance. Finally, we discuss how operators c...

This episode uncovers the "12 Threats of Christmas" defining the 2025 holiday season, where AI-driven social engineering and deepfakes have turned festive shopping into a high-stakes battlefield. We explore the surge in retail ransomware and "smishing" attacks, while auditing the hidden privacy risks of popular smart toys that may be spying on your home. Tune in to learn why experts call this the "peak hunting season" for cybercrim...

This episode unpacks a bold new strategy from the Vanderbilt University Institute of National Security, arguing that the U.S. must undertake a "whole-of-society" mobilization akin to World War II to counter persistent cyber aggression. We discuss the proposed shift to "Integrated Resilience," which focuses defense efforts on the five most critical infrastructure sectors—power, water, telecoms, finance, and healthcare—while mandatin...

This episode dives into the declassified Chairman of the Joint Chiefs of Staff Manual 3500.08, which serves as the master training guide for establishing and operating a Joint Psychological Operations Task Force (JPOTF) headquarters. We explore how military planners were taught to integrate psychological operations with special forces, civil affairs, and information warfare to influence foreign audiences and achieve national object...

Delve into the clandestine industry of Bulletproof Hosting (BPH), where providers utilize sophisticated "infrastructure laundering" and corporate shell games to shield ransomware gangs from the law. We explore how these digital fortresses have evolved from physical bunkers to complex networks of jurisdictional arbitrage and "DMCA ignored" policies designed to frustrate investigators. Finally, learn how unprecedented international a...

This episode explores Vietnam's first comprehensive Law on Artificial Intelligence, set to take effect on March 1, 2026, which establishes a risk-based regulatory framework similar to the EU AI Act but with a distinct focus on national sovereignty. We analyze the four distinct risk categories ranging from "unacceptable" prohibitions to "low-risk" systems, detailing the compliance obligations for essential sectors such as healthcare...

The Intelligence and Security Committee’s 2023–2025 report reveals an Intelligence Community operating on a permanent "crisis footing," forcing agencies to continuously divert resources from long-term priorities to handle immediate conflicts in Ukraine and the Middle East. While the community pivots to address the complex "whole-of-state" threats posed by China, Russia, and Iran, it is simultaneously racing to modernize its technol...

This episode uncovers the "perfect storm" of cyber risks facing cannabis operators, from the regulatory "cashless ATM" crackdowns to the sophisticated phishing campaigns responsible for nearly 9 out of 10 industry breaches. We analyze high-profile incidents like the Stiiizy data exposure to show how third-party vendor vulnerabilities can cascade through POS and seed-to-sale systems, putting customer data and state licenses at risk....

In deze aflevering duiken we in de nieuwe Cyberbeveiligingswet (Cbw), die de Europese NIS2-richtlijn naar Nederlandse wetgeving vertaalt en de huidige Wbni vervangt. We bespreken waarom de implementatie is vertraagd tot het tweede kwartaal van 2026 en waarom de Rijksoverheid adviseert om nu al te starten met de tien verplichte zorgplichtmaatregelen. Daarnaast analyseren we de impact op bestuurders, die persoonlijk aansprakelijk kun...

This episode unpacks the new timeline for the Cyberbeveiligingswet, the Dutch implementation of NIS2 now projected for the second quarter of 2026, and explains the critical distinction between Essential and Important entities. We dive into the expanded fiduciary duties for board members, who now face mandatory training and potential personal liability if they fail to approve and supervise strict risk management measures. Experts di...

As governments from Australia to Texas enforce "digital borders" through mandates like the Social Media Minimum Age Act, the internet is rapidly shifting from an open forum to a surveillance state requiring government ID or biometric scans for entry. While intended to protect children, experts warn these systems create "massive centralized repositories" of sensitive data ripe for hackers, while determined minors easily bypass them ...

After years of controversy, EU member states have agreed on a revised position for the "Chat Control" regulation that drops mandatory mass scanning but introduces a framework for "voluntary" detection of private messages. Privacy advocates and security experts warn that this new "risk mitigation" approach, coupled with mandatory age verification, could still effectively force platforms to implement surveillance infrastructure and e...

Australia is launching a world-first "grand experiment" by banning social media for under-16s and mandating age verification for search engines, threatening fines of up to $49.5 million for tech giants that fail to comply. We explore the massive privacy trade-offs as millions of Australians—adults included—face requirements to submit government IDs or undergo biometric face scans just to remain logged into services like Google and ...

Discover how a veteran security consultant rebuilt a media empire from scratch following a business collapse, all while operating full-time from a solar-powered Honda Odyssey with Starlink. We explore how the CyberAdX Network leverages extreme automation to deliver 25 million annual impressions and undercut legacy publishers by 50 to 100 times in cost efficiency. This episode reveals the operational grit required to manage 11 speci...