Redefining CyberSecurity cover art

Redefining CyberSecurity

Redefining CyberSecurity

By: Sean Martin ITSPmagazine
Listen for free

About this listen

 Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, our communities, and our society, in a secure and safe way, we must begin by operationalizing security. Executives are recognizing the importance of their investments in information security and the value it can have on business growth, brand value, partner trust, and customer loyalty. Together with executives, lines of business owners, and practitioners, we are Redefining CyberSecurity.© Copyright 2015-2025 ITSPmagazine, Inc. All Rights Reserved Economics
Episodes
  • It Fractured, Then Rebuilt Itself: The CISO Role Changed More in Five Years Than Ever Before, Setting the Stage for 2026 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9

    It Fractured, Then Rebuilt Itself: The CISO Role Changed More in Five Years Than Ever Before, Setting the Stage for 2026 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9
    Jan 3 2026
    Across dozens of conversations centered on the CISO experience, one reality keeps surfacing: the role no longer exists to protect systems in isolation. It exists to protect the business itself.Today’s CISO operates at the intersection of operational risk, executive decision-making, and organizational trust. The responsibility is not just to identify threats, but to help leadership understand which risks matter, when they matter, and why they deserve attention. This shift changes what success looks like. It also changes how pressure is felt.During the early years of this transition, CISOs carry accountability without authority. They are expected to influence outcomes without always having control over budgets, priorities, or timelines. That tension forces a new skill set to the forefront. Technical knowledge is assumed. The differentiator becomes communication, translation, and relationship-building across the business.As organizations mature, the conversation evolves again. Security stops being framed around individual threats and starts being framed as an operational discipline. CISOs focus on prioritization, tradeoffs, and clarity rather than coverage for everything. This requires judgment more than tooling.The role also becomes deeply human. Fear shows up quietly. Fear of pushing too hard. Fear of slowing the business. Fear of being seen as the blocker. CISOs who succeed do not eliminate that fear. They learn how to manage it while building credibility with executive peers.AI enters the picture not as a replacement, but as a force multiplier. Automation supports scale, but judgment remains human. Security programs increasingly deny by default and permit intentionally, which demands a deep understanding of how the business actually works. That understanding cannot be automated.What emerges is a clearer definition of modern security leadership. The CISO is no longer a gatekeeper. This is a risk advisor, a translator, and a strategist who helps the organization focus its limited resources where they matter most.The role has not become easier. It has become more meaningful.Read the full article: TBA________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecuritySincerely, Sean Martin and TAPE9________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of the On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Would you like Sean to work with you on a topic/series to help you tell your story? Visit his services page to learn more: https://www.seanmartin.com/servicesWant to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.Keywords: sean martin, marco ciappelli, steve katz, tim brown, jessica robinson, rob allen, rohit ghai, rich seiersen, steven j speer, chris pierson, mark lambert, jim manico, robin bylenga, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast, ciso, risk, leadership, ai, resilience, strategy Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Show More Show Less
    16 mins
  • Five Patterns From 152 Episodes That Reshaped How I Think About Security, Technology, and Work Heading into 2026 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9

    Five Patterns From 152 Episodes That Reshaped How I Think About Security, Technology, and Work Heading into 2026 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9
    Jan 1 2026
    Across 152 conversations this year, a set of recurring patterns kept surfacing, regardless of whether the discussion focused on application security, software supply chain risk, AI systems, or creative work. The industries varied. The roles varied. The challenges did not.One theme rises above the rest: visibility remains the foundation of everything else, yet organizations continue to accept blind spots as normal. Asset inventories are incomplete. Build systems are poorly understood. Dependencies change faster than teams can track them. The issue is not a lack of tools. It is a willingness to tolerate uncertainty because discovery feels hard or disruptive.Another pattern is equally consistent. Integration matters more than novelty. New features, including AI-driven ones, sound compelling until they fail to connect with what teams already rely on. Security programs fracture when tools operate in isolation. Coverage looks strong on paper while gaps quietly expand in practice. When tools fail to integrate into existing environments, they create complexity instead of reducing risk.Security also continues to struggle with how it shows up in daily work. Programs succeed when security is embedded into workflows, automated where possible, and invisible until it matters. They fail when security acts as a gate that arrives after decisions are already made. Teams either adopt security naturally or route around it entirely. There is no neutral middle ground.Context repeatedly separates effective leadership from noise. Risk only becomes meaningful when it is framed in terms of business operations, delivery speed, and real tradeoffs. Leaders who understand how the business actually functions communicate risk clearly and make better decisions under pressure.Finally, creativity remains undervalued in security conversations. Automation should remove repetitive tasks so people can focus on judgment, problem solving, and design. The same mindset that produces elegant guitars, photographs, or products applies directly to building resilient security programs.These five patterns are not independent ideas. Together, they describe a shift toward security that is visible, integrated, contextual, workflow-driven, and human-centered.Read the full article: TBD________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecuritySincerely, Sean Martin and TAPE9________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of the On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Would you like Sean to work with you on a topic/series to help you tell your story? Visit his services page to learn more: https://www.seanmartin.com/servicesWant to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Show More Show Less
    13 mins
  • The Hidden Risk Inside Your Build Pipeline: When Open Source Becomes an Attack Vector | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin

    The Hidden Risk Inside Your Build Pipeline: When Open Source Becomes an Attack Vector | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin
    Dec 16 2025
    ⬥EPISODE NOTES⬥Modern application development depends on open source packages moving at extraordinary speed. Paul McCarty, Offensive Security Specialist focused on software supply chain threats, explains why that speed has quietly reshaped risk across development pipelines, developer laptops, and CI environments.JavaScript dominates modern software delivery, and the npm registry has become the largest package ecosystem in the world. Millions of packages, thousands of daily updates, and deeply nested dependency chainsഴ് often exceeding a thousand indirect dependencies per application. That scale creates opportunity, not only for innovation, but for adversaries who understand how developers actually build software.This conversation focuses on a shift that security leaders can no longer ignore. Malicious packages are not exploiting accidental coding errors. They are intentionally engineered to steal credentials, exfiltrate secrets, and compromise environments long before traditional security tools see anything wrong. Attacks increasingly begin on developer machines through social engineering and poisoned repositories, then propagate into CI pipelines where access density and sensitive credentials converge.Paul outlines why many existing security approaches fall short. Vulnerability databases were built for mistakes, not hostile code. AppSec teams are overloaded burning down backlogs. Security operations teams rarely receive meaningful telemetry from build systems. The result is a visibility gap where malicious code can run, disappear, and leave organizations unsure what was touched or stolen.The episode also explores why simple advice like “only use vetted packages” fails in practice. Open source ecosystems move too fast for manual approval models, and internal package repositories often collapse under friction. Meanwhile, attackers exploit maintainer accounts, typosquatting domains, and ecosystem trust to reach billions of downstream installations in a single event.This discussion challenges security leaders to rethink how software supply chain risk is defined, detected, and owned. The problem is no longer theoretical, and it no longer lives only in development teams. It sits at the intersection of intellectual property, identity, and delivery velocity, demanding attention from anyone responsible for protecting modern software-driven organizations.⬥GUEST⬥Paul McCarty, NPM Hacker and Software Supply Chain Researcher | On LinkedIn: https://www.linkedin.com/in/mccartypaul/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥LinkedIn Post: https://www.linkedin.com/posts/mccartypaul_i-want-to-introduce-you-to-my-latest-project-activity-7396297753196363776-1N-TOpen Source Malware Database: https://opensourcemalware.comOpenSSF Scorecard Project: https://securityscorecards.dev⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 🎧 https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/Contact Sean Martin to request to be a guest on an episode of Redefining CyberSecurity: https://www.seanmartin.com/contact⬥KEYWORDS⬥paul mccarty, sean martin, software, supplychain, appsec, npm, javascript, ci, malware, opensource, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
    Show More Show Less
    40 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.