Cybersecurity Refined and Feral

Is AI governance dead, or was it never actually alive? In this episode of Cybersecurity Refined and Feral, Candy and Cailin tackle the "elephant in the room"—Artificial Intelligence. While organizations are rushing to deploy AI at breakneck speed, the security guardrails are often left in the dust. To help us navigate this "Wild West," we are joined by two industry titans: Aruneesh Salhotra, a fractional CISO and global community builder, and Rock Lambros, CEO of RockCyber and author of The CISO Evolution. Our guests pull back the curtain on the OWASP AI Exchange, a groundbreaking open-source project that serves as the "Rosetta Stone" for AI security. We move beyond the hype of GenAI to discuss how this framework provides over 300 pages of practical guidance for securing analytical, discriminative, and agentic AI systems. In this episode, we discuss: - The Evolution of OWASP: How a foundation built for web apps is adapting to the AI era. - Beyond the Top 10: Why the AI Exchange is a comprehensive framework rather than just a list of vulnerabilities. - The "Agentic" Threat: What happens to security when AI starts taking tangible actions instead of just answering questions. - Data Security on Steroids: Why AI governance is fundamentally rooted in "bagging and tagging" your data. - Global Impact: How the project is feeding directly into international standards like the EU AI Act. Whether you are a CISO trying to explain AI risks to the board or a developer looking for actionable controls like the "Periodic Table of AI Security," this episode provides the map you need to move from "feral" chaos to "refined" resilience. Resources Mentioned: - OWASP AI Exchange: http://www.owaspai.org - Connect with Aruneesh Salhotra: https://www.linkedin.com/in/aruneeshsalhotra/ - Connect with Rock Lambros: https://www.linkedin.com/in/rocklambros/

Is a SOC 2 attestation a vital proof of security or just a "rubber stamp" to keep procurement happy? In our latest episode of Cybersecurity Refined and Feral, Candy Alexander and Cailin join industry expert Rob to uncover the "Hard Truth" about the ROI of compliance. We dig into the messy reality of audits, including: - The Cost of Doing Business: Why SOC 2 is often the non-negotiable entry fee for selling to large enterprises. - The "Magic Genie" Myth: Why GRC tools won't save you if you haven't made the philosophical shift to prioritize security every day. - Operational Awareness: How the audit process actually teaches engineering and operations teams what they are supposed to be doing. - The Power of Risk Assessments: How simply writing down your risks creates a "persuasion effect" that helps management prioritize security. Whether you are a startup founder looking for a framework or a CISO navigating the "point-in-time" audit grind, this conversation is for you.

The cyber job market feels broken, doesn't it? Everyone says there's a talent shortage, but résumés are getting lost in a sea of applicants, and qualified pros can't seem to find a job. In this no-BS episode of Cybersecurity Refined & Feral, we cut through the noise and get to the truth behind the hiring crisis. We're joined by recruitment specialist Wayne Daley and ISSA New England Chapter VP Dan Bailey to give you the real story. In this candid discussion, we tackle the paradox head-on: - The AI/ML problem: How technology is both helping and hurting the job search, creating a "keyword challenge" for both applicants and recruiters. - The rise of fractional C-suite roles: We discuss the pros and cons of this trend and why some organizations are turning to it. - The overabundance of applicants: We explore why so many job postings are overwhelmed with unqualified respondents and how this impacts the hiring process. - This episode isn't just about identifying the problems; it's about providing real solutions. We'll give you actionable advice on: - Hacking the system: How to craft a resume that gets past the bots and lands on a human's desk. - The power of networking: Why building a face-to-face network (even virtually) is more crucial than ever. Whether you're an employer struggling to find the right talent or a professional looking to make your next career move, this episode is a must-listen. It's time to stop complaining about the problem and start implementing the solution. Guest Information - Wayne Daley is a veteran recruitment specialist with deep insights into the cybersecurity talent market. - Dan Bailey is the Vice President of the ISSA New England Chapter and a seasoned professional with a strong understanding of industry trends and community building.