Redefining CyberSecurity cover art

Redefining CyberSecurity

Redefining CyberSecurity

By: Sean Martin ITSPmagazine
Listen for free

About this listen

 Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, our communities, and our society, in a secure and safe way, we must begin by operationalizing security. Executives are recognizing the importance of their investments in information security and the value it can have on business growth, brand value, partner trust, and customer loyalty. Together with executives, lines of business owners, and practitioners, we are Redefining CyberSecurity.© Copyright 2015-2025 ITSPmagazine, Inc. All Rights Reserved Economics
Episodes
  • You Shot the Arrow. The Bow Went With It. | Lens Four by Sean Martin | Read by TAPE9

    You Shot the Arrow. The Bow Went With It. | Lens Four by Sean Martin | Read by TAPE9
    Apr 8 2026
    The marketing problem in cybersecurity isn't a character problem. It's a system problem. In this edition of Lens Four, Sean Martin examines how the credibility debt accumulates, what it costs the security leaders trying to make good decisions, and what vendors, buyers, and the market need to do differently. 🔍 In this episode: A Forrester analyst — on location at a major industry conference — looked around at six hundred booths and wondered whether every vendor had used the same AI model to produce their marketing. That's not a style critique. That's a signal failure Security leaders confirm the same frustration independently: the less a vendor's message connects to the job, the less likely it connects to the business — and the CISO can't translate what the vendor never gave them Two security leaders describe their organizations viewing security as a compliance function — stay compliant, stay out of the news, keep the infrastructure running — not as part of how the business grows Marco Ciappelli on the observation that hasn't changed since 2012: they're still selling the box — this year the box has an AI badge on it How lead generation metrics create a systematic incentive to overclaim — not because the people doing it don't know better, but because the system doesn't reward them for knowing better One vendor instructed their booth team that AI had to be part of every conversation — regardless of whether the person in front of them had asked about AI, needed AI, or would ever use AI Theresa Lanowitz on the binary the market created: full throttle AI or full stop — and why neither is the correct approach Joe Carson on the differentiation collapse: everybody says they can help you secure your AI agents, but there's not a whole lot of differentiation The arrow and the bow: why releasing both at once means you can't shoot again — the next real message has nothing to travel on The boy who cried wolf didn't fail on the first cry — he failed on the last one The Task by Task parallel: credibility comes back the same way it left — one honest message at a time, one proof point instead of a promise, one use case that actually sounds like the buyer's environment Fourth Lens: The industry is spending down the credibility budget that the next real innovation will need. Every overclaim today is a withdrawal from the account that tomorrow's legitimate warning depends on. The path back works the same way the debt accumulated — not through a grand repositioning, but incrementally: one honest message at a time, one specific outcome instead of a superlative, one proof point instead of a promise. Start small. Aim toward an outcome. Build from there. 🎙️ Conversations referenced in this article: Madelein van der Hout, Senior Analyst, Forrester — On Location RSAC Conference 2026 Theresa Lanowitz, Cybersecurity Evangelist and Thought Leader — On Location RSAC Conference 2026 Joe Carson, Chief Security Evangelist and Advisory CISO — On Location RSAC Conference 2026 🔗 Full article and references: seanmartin.com/lens-four/you-shot-the-arrow-the-bow-went-with-it 🌐 RSAC 2026 coverage: itspmagazine.com/rsac26 Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com. Subscribe to Lens Four — Where business, innovation, and messaging come into focus. 🎯 Keywords: cybersecurity marketing, vendor messaging, credibility debt, agentic AI hype, go-to-market strategy, CISO communication, security program investment, technology overclaiming, lead generation metrics, security outcomes vs. features, cybersecurity industry narrative, signal vs. noise, buyer trust erosion, Zero Trust messaging, SIEM evolution, SOAR overpromise, XDR consolidation, agentic AI claims, security vendor differentiation, cybersecurity branding, Madelein van der Hout, Forrester, Theresa Lanowitz, Joe Carson, Marco Ciappelli, ITSPmagazine, Studio C60, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, TAPE9 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Show More Show Less
    15 mins
  • Order of Operations: The Foundation Risk Healthcare AI Is Running Past | Lens Four by Sean Martin | Read by TAPE9

    Order of Operations: The Foundation Risk Healthcare AI Is Running Past | Lens Four by Sean Martin | Read by TAPE9
    Mar 22 2026
    Healthcare's AI ambition and its data infrastructure are moving at different speeds. In this edition of Lens Four, Sean Martin examines what happens when those speeds collide — and who is accountable when the sequence is wrong. 🔍 In this episode: 82% of health systems have limited or no AI governance in place, while deployments proceed — Digital Medicine Society58% of frontline clinical staff are using unsanctioned AI tools — not out of recklessness, but because approved alternatives don't exist — Wolters KluwerThe vendor trust gap: trusted vendors are shipping AI capabilities into integrated products after contracts are signed, after integrations are built, after due diligence has closed — and most health systems have no mechanism to detect itJason Kor of HITRUST on what procurement processes aren't built to catch — recorded for the Redefining CyberSecurity PodcastThe Stryker attack: a nation-state operation that disrupted hospitals through their supplier — not their own systemsRyan Patrick of HITRUST on why availability of services now sits in the same risk tier as confidentiality of dataWho actually owns the patient's data — the provider, the insurer, the vendor, the device manufacturer, the government program, or the patient?TEFCA — the Trusted Exchange Framework and Common Agreement — moves data nationally across eleven Qualified Health Information Networks. It does not move the ownership rights with itThe CMS agenda: $1.7 trillion, 160 million Americans, and a policy clock that does not wait for the identity infrastructure to catch upThe vocabulary of transformation — what "pilot to production" and "scale" are selecting for, and what they are leaving outZero Trust reframed as the infrastructure condition that makes trustworthy AI deployment possible — not just a ransomware defense Fourth Lens: Healthcare's AI ambition and its data infrastructure are moving at different speeds — and the patient is where those speeds collide. The program layer is making sequence choices. The market layer is accelerating pressure. The messaging layer is optimizing for ambition. None of it is an argument against innovation. All of it is an argument for discipline — A-to-Z, every dependency, ambiguity, and fragility along the way. 🎙️ Podcast conversations referenced in this article: Jason Kor, HITRUST — Brand SpotlightRyan Patrick, HITRUST — HIMSS Recap 🔗 Full article and references: seanmartin.com/lens-four 🌐 HIMSS26 coverage: itspmagazine.com Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com. Subscribe to Lens Four — Where business, innovation, and messaging come into focus. 🎯 Keywords: healthcare AI governance, order of operations AI, data foundation healthcare, vendor trust gap, patient data ownership, TEFCA, health information exchange, QHINs, Shadow AI healthcare, third-party risk management, supply chain resilience healthcare, Zero Trust healthcare, CMS interoperability framework, CIA triad healthcare, data integrity AI, identity management healthcare, HITRUST, Jason Kor, Ryan Patrick, Wolters Kluwer, Digital Medicine Society, DiMe, Google for Health, Jon McNeill, John Halamka, Mayo Clinic Platform, Sumbul Ahmad Desai, Apple Health, Daymond John, Dr. Mehmet Oz, Amy Gleason, Kim Brandt, DOGE healthcare, Stryker cyberattack, nation-state healthcare attack, HIMSS26, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, ITSPmagazine Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Show More Show Less
    20 mins
  • When Cyber Meets Physical: Building Executive and Employee Protection Programs That Actually Work | A Redefining CyberSecurity Podcast Conversation with Roland Cloutier, Principal of The Business Protection Group

    When Cyber Meets Physical: Building Executive and Employee Protection Programs That Actually Work | A Redefining CyberSecurity Podcast Conversation with Roland Cloutier, Principal of The Business Protection Group
    Mar 18 2026
    ⬥EPISODE NOTES⬥ The conversation that led to this episode started with a LinkedIn post -- and it quickly surfaced a challenge that security leaders across industries are wrestling with but rarely talk about openly: who is actually responsible for protecting the people inside an organization, not just the systems they use? Roland Cloutier has sat in some of the most demanding security leadership seats in the world -- Global CSO at TikTok/ByteDance, a decade as Global CSO at ADP, and VP and CSO at EMC -- and he now advises CISOs and CSOs through The Business Protection Group. His lens is converged security: the deliberate integration of cyber, physical, privacy, and people-risk under a unified program and leadership model. Roland identifies three patterns that typically bring organizations to him. First, an emergent crisis -- a threat against an executive, a workplace violence incident, a travel security failure -- that suddenly exposes the absence of a coherent protection program. Second, a cost and structure conversation where the CEO is tired of receiving two different risk pictures from two different security leaders and wants a single accountable voice. Third, a board-driven inquiry where general counsel or the CEO is being asked questions about executive resilience and duty of care that nobody inside the organization can confidently answer. What makes this conversation particularly sharp is Roland's framing of convergence not as an org chart exercise, but as a force multiplier. A unified threat intelligence picture -- one that covers cyber, physical, executive, brand, and customer risk simultaneously -- enables cleaner prioritization, better resource allocation, and a fundamentally stronger conversation with the CEO. The alternative, which he has seen firsthand, is four separate threat management platforms reporting independently with no team working across all of them. The episode also pushes into territory that most security programs have not yet mapped: employee protection at scale. Not bodyguards for everyone, but the organizational consciousness to monitor for geographic threats, proactively check in with distributed employees during major events, and build a duty-of-care posture that extends beyond the office walls into people's home lives and total risk environment. For high-risk employees -- those with keys to the kingdom, not just C-suite titles -- that responsibility extends further still. For CISOs and CSOs wondering where to start, Roland offers a practical crawl-walk-run framework: start with shared services rather than full convergence, open the conversation with leadership, surface the gaps the business already knows exist, and build a financial and risk model that makes sense for your specific organization. The goal is a converged security program that treats people -- not just infrastructure -- as an asset worth protecting. ⬥GUEST⬥ Roland Cloutier, Principal at The Business Protection Group | On LinkedIn: https://www.linkedin.com/in/rolandcloutier/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On ITSPmagazine: https://www.itspmagazine.com/ On YouTube: https://www.youtube.com/@itspmagazine On LinkedIn Newsletter: https://itspm.ag/future-of-cybersecurity Sean Martin's Contact Page: https://www.seanmartin.com/ ⬥KEYWORDS⬥ roland cloutier, the business protection group, sean martin, executive protection, employee protection, converged security, physical security, ciso, cso, duty of care, threat intelligence, workplace violence, security convergence, business resilience, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Show More Show Less
    25 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.