In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk. What You’ll Learn  How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions. Why dependency chains dramatically amplify both exposure and attacker leverage. How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption. Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns. Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture. Episode Highlights 00:00 — Welcome + Why Software Supply Chain Risk Matters 02:00 — Hayden’s Non-Cyber Passion + Framing Today’s Topic 03:00 — Why Open Source Powers Everything—and Why That Creates Exposure 06:00 — The Real Attack Vector: Contribution as Initial Access 08:00 — Inside the Indonesian “Fake Package” Campaign 10:30 — How to Evaluate Code + Contributor Identity Together 12:00 — Threat Hunting and AI-Enabled Code Interrogation 15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components 16:30 — How Recovery Works When Malware Is Already in Your Stack 19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security 22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices 24:00 — Where to Learn More About Hunted Labs Episode Resources Hunted Labs — https://huntedlabs.com Hunted Labs Entercept Hunted Labs “Hunting Ground” research blog Open Source Malware (Paul McCarty)

Welcome to Data Security Decoded. Join host Caleb Tolin in conversation with Morgan Adamski who leads Cyber, Data, and Tech Risk at PwC and is a former US national security leader who spent 16 years tracking nation-state threats inside the US government. Coming out of a career spent inside secure facilities without windows or phones and working to address China’s prepositioning in US critical infrastructure, Morgan shares a direct view of how geopolitics is now shaping cyber risk decisions in boardrooms. What You'll Learn: Why only 24% invest in proactive defense, even while 60% call cyber a top priority How AI agents are cutting breach timelines to under 80 days Why cyber insurance is now a hygiene scorecard, not just financial protection The real reason leaders lack confidence in resilience Where legacy systems and supply chain dependencies expose blind spots How public–private collaboration changed the response to China’s infrastructure campaign What CISOs must confront now to avoid being blindsided by the next crisis The conversation gives security leaders and decision-makers a clear view of where current strategies fall short and the choices required to build real resilience before the next crisis forces it. Episode Highlights: [03:43] Why China prepositions inside US critical infrastructure to trigger disruption and panic in a crisis [04:20] Collective defense in action: how victims and industry exposed the campaign [09:27] The truth behind cyber budgets: only 24% invest in proactive defense [11:57] How AI agents are shortening breach lifecycles to under 80 days [13:07] Why cyber insurance is now a security scorecard, not a safety net Episode Resources Caleb Tolin on LinkedIn Morgan Adamski on LinkedIn PwC’s 2026 Global Digital Trust Insights report

In this episode of Data Security Decoded, join host Caleb Tolin as he welcomes back Joe Hladik, Head of Rubrik Zero Labs, to unpack the findings from their new report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, Joe breaks down how the explosion of non-human identities, from API keys to AI agents, is rewriting the threat landscape and forcing security leaders to rethink the perimeter itself. He explains why identity resilience is the new foundation of cyber defense, how to prioritize recovery when every system matters, and what steps teams can take now to stay ahead of emerging agentic AI-driven attacks. What You'll Learn: Why identity has replaced the network as the modern security perimeter How non-human identities outnumber humans 82 to 1, and what that means for control and monitoring Practical steps to build recovery plans around dependency mapping and minimal viable operations Why ransom payments remain high and how better resilience planning can reverse that trend How threat actors exploit backup systems to gain total business leverage What agentic AI really means for cyber defense and how to prepare for its impact The episode offers a clear framework for leaders to transform identity resilience from a reactive measure into a proactive pillar of enterprise security. Episode Highlights: [05:13] The 82:1 Ratio: Why Non-Human Identities Now Define Risk [07:03] Prioritizing Recovery: Building for Minimal Viable Operations [10:53] Declining Recovery Confidence and the Rise of Ransom Payments [15:46] Backups Under Attack: How Threat Actors Seize Business Control [16:32] Agentic AI and the Shifting Nature of Cyber Threats [25:32] What Defenders Can Do Now to Build Identity Resilience Episode Resources Caleb Tolin on LinkedIn Joe Hladik on LinkedIn Rubrik Zero Labs report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats

Welcome to Data Security Decoded. Join host Caleb Tolin in conversation with Lauren Zabierek, Senior Vice President for the Future of Digital Security at the Institute for Security and Technology. A former CISA leader and long-time national security professional, Lauren unpacks the principles of Secure by Design, Secure by Default, and Secure by Demand and how these frameworks are reshaping the software supply chain. What You'll Learn: Why security must be a business decision led by executives rather than a technical afterthought How Secure by Design principles inspired more than 300 companies to eliminate entire classes of vulnerabilities The economic incentives that drive insecure software and what must change to realign the market How customers can evaluate vendors and ask the right questions to ensure secure authentication and transparent practices The role of Secure by Demand in helping buyers assess software safety before and after adoption Why initiatives like #ShareTheMicInCyber are essential for expanding diversity and innovation across cybersecurity policy The conversation offers a practical roadmap for executives, CISOs, and technology leaders to integrate secure development practices into business strategy, turning software security from a compliance checkbox into a competitive advantage. Episode Highlights: [08:46] Inside CISA’s Secure by Design Pledge [09:41] The Three Pillars: Secure by Design, Default, and Demand [11:59] Why Security Is an Economic Issue, Not Just Technical [15:41] How Customers Can Drive Change Through Secure by Demand [18:23] The Story and Impact of #ShareTheMicInCyber Quotes: "Security has to be a business decision led by business leaders in the company. It should not be an afterthought. It shouldn't just be left to the security team to sort of try to convince the rest of the company that they should do this. It's the company leadership that should say, this is a priority and therefore orient the different resources and priorities around that particular topic." "Having more secure software is not a technical impossibility. The companies right now are acting rationally in a misaligned market. Secure by Design, at its core, is about shifting those incentives in order to drive a change in behavior." "Software is what economists would refer to as a credence good. It's very hard to assess the quality of a product or a service both before you consume it and after you consume it. We don't have the criteria or benchmarks to fully assess that, and that’s a problem." "We looked at really how to provide guidance, and then we also created the Secure by Design pledge. And at the time when we launched it in 2024 at RSA, we had 68 software companies sign on… And then by the time we left, we had over 300 companies sign on. Now this pledge, you know, it addressed certain things like eliminating entire classes of vulnerability. It talked about enabling multifactor authentication by default across product lines. It talked about a vulnerability disclosure policy. Those are just a few things, but you can see that they're very concrete, measurable actions that lead to better outcomes." Episode Resources Caleb Tolin on LinkedIn Lauren Zabierek on LinkedIn Institute for Security and Technology (IST) Secure by Demand Guide from CISA

Cyber resilience in financial services is often treated as a checklist of tools and controls, rather than what it truly is: a system of people, intelligence, and collaboration working together. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Troy Wells⁠, Intelligence Officer at FS-ISAC and former U.S. Army intelligence officer, to explore how principles like teamwork, trust, and preparation, forged in national security, translate directly into protecting the global financial system. From using fire-safety lessons to explain prevention, detection, and response, to breaking down the difference between AI models and AI agents, Troy shares practical guidance for banks and financial institutions building resilience in the face of evolving threats. What You’ll Learn: Why prevention, detection, and response are strongest when treated as a cycle, not silos How AI models act as “calculators” while AI agents act as “interns,” and what oversight each requires The guardrails that financial institutions should set before deploying AI tools at scale How cloud misconfigurations in even major enterprises reveal the need for security-first design The three threat trends that will shape financial services in the next 12–24 months: identity attacks, supply chain compromises, and AI-enabled adversaries Episode Highlights: [00:22] Troy’s path from Army intelligence officer to FS-ISAC[03:20] Fire-safety lessons: framing prevention, detection, and response in cybersecurity[08:15] The difference between AI models and AI agents, and how to guide each[12:22] Four principles for adopting AI securely in financial institutions[17:00] Cloud misconfigurations and why resilience must be built into architecture[21:39] The top three threats to watch in the next 12–24 months: identity, supply chain, and AI-driven attacks[27:35] Why speed and sophistication make resilience and collaboration essential Episode Resources: Caleb Tolin on LinkedIn Troy Wells on LinkedIn

Identity-based ransomware is no longer a fringe tactic; it’s becoming the playbook of today’s most dangerous adversaries. Scattered Spider, a financially motivated e-crime group, has shifted the model from smash-and-grab encryption to a far more devastating combination of double extortion, social engineering, and hypervisor encryption attacks. In this episode of Data Security Decoded, host Caleb Tolin welcomes back Joe Hladik, Head of Rubrik Zero Labs, to unpack how Scattered Spider is evolving the ransomware playbook. From double extortion and identity compromise to hypervisor encryption and legacy system exploitation, Joe explains why these tactics succeed where traditional defenses fail and why building cyber resilience, not just detection and response, is the critical next step for security leaders. What You’ll Learn: How Scattered Spider leverages ransomware-as-a-service and double extortion to maximize payouts Why identity compromise and social engineering make traditional defenses ineffective How “living off the land” techniques and vulnerable drivers bypass signature-based tools Why legacy infrastructure and outdated backup systems are prime targets for exploitation What cyber resilience really means and how to build recovery into your security posture Episode Highlights: [00:30] Joe on Scattered Spider’s financial motivations and shift to double extortion  [06:53] Why identity compromise and social engineering bypass traditional defenses  [08:49] Disabling EDR with “living off the land” techniques and vulnerable drivers  [13:06] Hypervisor encryption: how attackers can take entire backup systems offline  [16:21] Cyber resilience as the future: assuming breach and restoring trusted systems Episode Resources: Caleb Tolin on LinkedIn Joe Hladik on LinkedIn

Chinese state-backed cyber operations are often misunderstood as a single, centrally controlled machine. In reality, they are fragmented, diverse, and strategically aligned with China’s national objectives, from economic development to critical infrastructure positioning. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Mei Danowski⁠, Co-Founder of Natto Thoughts and expert in geopolitical intelligence, to explore how China’s cyber ecosystem operates and how it is shaped by cultural, political, and economic structures. What You’ll Learn: Why Chinese cyber operations are fragmented and decentralized, and why that matters for defenders How private companies in China are tied to the Communist Party and mobilized for cyber objectives The strategic difference between China, Russia, North Korea, and Iran in their cyber operations How China’s targeting priorities have shifted toward telecom, energy, water, and transport infrastructure Three intelligence-driven approaches defenders can use to counter Chinese operations What the 14th Five-Year Plan achieved in cyberspace, and what to expect in the 15th Highlights: [01:50] The fragmented reality of Chinese state-backed cyber operations [05:28] How cultural and political structures shape threat actor behavior [08:47] Comparing China’s cyber strategy to Russia, North Korea, and Iran [12:45] Why telecom, energy, and water systems are top targets [21:24] China’s 14th Five-Year Plan successes and projections for the 15th Episode Resources: Caleb Tolin on LinkedIn Mei Danowski on LinkedIn Natto Thoughts website

Cyber threat intelligence is often misunderstood, seen as a niche reporting function instead of the connective tissue that links defenders, leaders, and strategy. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Scott Scher⁠, a cyber threat intelligence (CTI) expert with an unconventional backstory, to explore how his off‑grid years shaped his view on resilience, why CTI should be seen as “counter‑threat intelligence,” and how intelligence defenders, and policy teams can work as one to turn raw data into actionable security decisions. What You’ll Learn: The mindset shift from cyber threat intelligence to cyber counter-threat intelligence Why threat intel must not just inform, but recommend actions for defenders How intelligence insights serve as “cover” for defenders, offering justification and prioritization for security decisions Why we should think of intelligence, defenders, and policy teams as part of a formula, not opposing forces How Scott’s off-grid lifestyle shaped his view on resilience, preparedness, and technology dependency Episode Highlights: [00:01] Scott’s unconventional path from off‑grid homesteading to cybersecurity [03:47] Breaking the “versus” mindset: How intelligence, defenders, and policy work as a formula [08:19] What CTI and defenders really need to understand about each other [12:45] CTI as “cover”: Giving defenders justification and prioritization for key decisions [17:45] How CTI helps organizations protect their most sensitive data Episode Resources: Caleb Tolin on LinkedIn Scott Scher on LinkedIn

In this episode of ⁠Data Security Decoded⁠, host ⁠Caleb Tolin⁠ sits down with ⁠Dustin Droullard⁠, a cyber threat intelligence expert and former Army intelligence analyst, to discuss how global conflict is increasingly playing out in cyberspace, from digital espionage to civilian-targeted cyber operations. This episode highlights why organizations must rethink their cyber risk strategies in light of modern geopolitical threats and growing digital exposure. What You’ll Learn: How influence operations are used to confuse, divide, and destabilize Understanding your organization’s role in geopolitical conflicts What basic cybersecurity practice still gets overlooked Where small businesses can find free resources to improve security posture and resilience  How anthropology, business, and literature studies can power cyber careers The gap in current cyber education and how to fix it with critical thinking and specialization Episode Highlights: [00:00:33] From Army Intelligence to Cyber Operations [00:02:45] Espionage vs. Effects: Cyber Tactics in Geopolitical Conflict [00:06:38] Influence Operations and Psychological Warfare [00:10:39] Why Every Business is a Target, Whether They Know It or Not [00:13:21] Cybersecurity on a Budget: Resources for Underserved Organizations [00:15:57] Anthropology in Cyber: Understanding the Human Behind the Hack [00:20:33] Non-Tech Majors That Thrive in Cybersecurity [00:23:03] What Cyber Schools Are Missing: Business, Collaboration & Critical Thinking Episode Resources: Caleb Tolin on LinkedIn Dustin Droullard on LinkedIn CISA – Cybersecurity and Infrastructure Security Agency

Welcome to the ⁠Data Security Decoded⁠ podcast, brought to you by ⁠Rubrik Zero Labs⁠. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.  In this episode, our host, ⁠Caleb Tolin⁠, is joined by ⁠Errol Weiss⁠, Chief Security Officer at ⁠Health-ISAC⁠ and former cybersecurity leader at ⁠Citi⁠ and ⁠Bank of America⁠. Errol shares his journey from the NSA to building one of the most collaborative threat intelligence networks in healthcare, discussing cyber recovery, the minimum viable hospital model, and why culture and community matter in achieving true resilience. Errol Weiss has been a driving force in advancing cybersecurity resilience across critical sectors, beginning with his early work at the National Security Agency and later leading security programs at Citi and Bank of America. As Chief Security Officer at Health-ISAC, he built a threat operations center from the ground up, delivering original threat intelligence to healthcare organizations that often lack the resources to do it alone. With deep experience across consulting, finance, and healthcare, Errol has become a leading voice in shifting the conversation from protection to recovery, promoting a resilience-first mindset, collaborative intelligence sharing, and a human-centric security culture. Join Caleb and Errol as they explore what makes healthcare cybersecurity unique, how to embed security into clinical culture, and why building a “human firewall” is just as critical as any technical control in today’s evolving threat landscape. Episode Highlights: 00:00 - Intro 01:33 - Moving from consulting and finance to healthcare cybersecurity 02:12 - What ISACs are and how Health-ISAC supports threat sharing 04:39 - Building a threat operations center from scratch 06:38 - Collaboration differences between finance and healthcare ISACs 07:24 - Shifting from disaster recovery to cyber recovery and resilience 09:12 - Why HIPAA 2.0 is unlikely to advance and what’s happening instead 11:58 - How policy mandates collide with healthcare’s talent and budget challenges 13:01 - Biking, mental clarity, and leadership outside of work 14:26 - Embedding security into healthcare culture and creating a human firewall 16:43 - The rise of the minimum viable hospital concept 18:20 - Why Errol remains optimistic about AI and the future of cybersecurity Episode Resources: Health-ISAC Official Site National Council of ISACs website  Rubrik Zero Labs website Caleb Tolin on LinkedIn Errol Weiss on LinkedIn

Navigating Modern Cybersecurity: From Supply Chain Risks to AI Evolution. In this episode of ⁠Data Security Decoded⁠, ⁠Allison Wikoff⁠, a 20-year veteran in information security and threat intelligence, explores current cybersecurity challenges, emerging threats, and practical defensive strategies for organizations of all sizes. What You'll Learn: How to prioritize vulnerability management by focusing on critical edge devices and access points Why understanding your network architecture is crucial for effective threat defense The reality of AI in cyber attacks: current uses, limitations, and practical defense strategies How to build supply chain resilience through vendor assessment and backup supplier planning Why older vulnerabilities remain a primary attack vector and how to address them effectively The framework for developing an actionable threat profile tailored to your organization's needs Key Insights: Threat actors increasingly target known vulnerabilities over sophisticated zero-day exploits Supply chain security requires understanding vendor access levels and maintaining secondary suppliers AI adoption in cyber attacks remains focused on basic tasks like improving phishing emails and code generation Organizations should prioritize patching vulnerabilities in edge devices like VPNs and WAFs Building an effective security strategy starts with understanding your organization's specific threat profile Partnering with vendors and suppliers can help smaller organizations enhance their security capabilities Highlights: [00:00:00] Vulnerability Exploitation Trends Allison Wikoff reveals that vulnerability exploitation has become a dominant attack vector across both criminal and state-sponsored threat actors. The shift marks a departure from traditional assumptions that mainly espionage-focused groups leveraged vulnerabilities. [04:30] Supply Chain Security Essentials   Wikoff emphasizes that modern supply chain security requires looking beyond just your own organization's defenses. Organizations must thoroughly understand their vendors' access levels and potential impact on operations. [07:23] AI in Cybersecurity: Reality vs Hype Tolin shares that while AI adoption by threat actors is increasing, it hasn't revolutionized attack tactics as many feared. Current AI usage focuses mainly on improving phishing email quality and assisting with malware code generation. [14:08] Threat Profile Development Tolin advocates for organizations to start by understanding what assets would interest attackers rather than chasing every new threat. The rapidly changing threat landscape makes it impossible to defend against everything, requiring a focused approach based on your specific risk profile. Episode Resources:  Caleb Tolin on LinkedIn Allison Wikoff on LinkedIn PwC website PwC - Year in Retrospect Report 2024 Rubrik Zero Labs website

AI-powered SOC platforms are revolutionizing cybersecurity by dramatically reducing false positives and enabling analysts to focus on high-value security work. In this episode of ⁠Data Security Decoded⁠, join ⁠Caleb Tolin⁠ as he sits down with ⁠Grant Oviatt⁠, Head of Security Operations at Prophet Security, to explore how AI agents are transforming security operations centers (SOCs) and reshaping the future of cyber defense. What You'll Learn: How AI agents achieve a 95% reduction in false positive alerts while maintaining high investigation accuracy Why AI won't replace SOC analysts but will elevate their roles by eliminating tedious tasks The framework for building trust in AI security tools through evidence-backed investigations and transparent decision-making How AI is lowering barriers to entry for cybersecurity careers by focusing on analytical thinking over technical expertise The critical balance between AI automation and human context in security operations. How to evaluate and implement AI security solutions, including key criteria for testing accuracy and effectiveness Highlights: [02:57] Dramatic Reduction in False Positives Through AI-Driven Investigation [07:21] AI Augmentation vs. Replacement: Elevating Security Roles [09:34] Lowering Barriers to Entry in Cybersecurity [17:41] Building Trust Through Transparent AI Operations [21:58] Strategic Implementation of AI Security Solutions Episode Resources: Caleb Tolin on LinkedIn Grant Oviatt on LinkedIn Prophet Security website Rubrik Zero Labs website

In this episode of ⁠Data Security Decoded⁠, host ⁠Caleb Tolin⁠ sits down with ⁠Gabrielle Hibbert⁠, a social policy expert and researcher, about her innovative work developing a nutrition labeling system for generative AI tools. This framework aims to bridge the gap between complex AI technology and consumer understanding, while addressing critical transparency and data privacy concerns. What You'll Learn: How nutrition labels for AI tools can make complex technology accessible to non-technical users Why current privacy policies fail to protect consumers, with 93% of users unable to understand them The three-pillar approach to AI transparency: general usage information, safety measures, and potential risks How companies can balance corporate sensitivity with consumer transparency in AI tool deployment Why Generation Z and Millennial users feel increasingly burdened by technology, and how transparency can help The regulatory framework needed to standardize AI tool labeling across industries How iterative processes and APIs can keep AI nutrition labels current with rapid technological changes The importance of multi-stakeholder collaboration in developing effective AI transparency standards Episode Highlights: [00:00:55] Creating Consumer-Friendly AI Transparency Labels [04:58] Building Universal Understanding Across Technical Levels [22:13] Regulatory Framework Integration [27:21] Dynamic Updates Through API Integration Episode Resources: Caleb Tolin on LinkedIn Gabrielle Hibbert on LinkedIn FCC Broadband Labeling System New America – Translating the Artificial Report Page FDA Nutrition Label Design Standards

Welcome to the ⁠Data Security Decoded⁠ podcast by Rubrik Zero Labs. In this episode, our host ⁠Caleb Tolin⁠ speaks with ⁠Joe Hladik⁠, a veteran security expert with two decades of experience, to explore the evolving landscape of cybersecurity, incident response, and the critical challenges of data security in today's distributed environments. What You'll Learn: How the cybersecurity landscape has evolved from traditional nation-state threats to modern ransomware operations Why data sprawl creates complex security challenges as sensitive information moves across platforms and users The real-world challenges organizations face when managing vulnerability patches and business continuity How identity management has become more complex than just "the new perimeter" in cloud environments Why data security posture management is crucial for protecting sensitive information across distributed systems The ways modern threat actors combine financial and political motivations in sophisticated attack campaigns The conversation draws from "The State of Data Security: A Distributed Crisis," a new report from Rubrik Zero Labs, and provides practical insights into how organizations can better manage their data security posture while addressing emerging threats in an increasingly complex digital landscape. Episode Highlights: [20:05] Understanding Data Sprawl and Security Posture Management [27:05] Identity Management as a Dynamic Security Challenge  [08:40] The Evolution of Cyber Threats and Motivations [32:28] The Future of Security Research and Response Episode Resources: Caleb Tolin on LinkedIn Joe Hladik on LinkedIn The State of Data Security: A Distributed Crisis, Rubrik Zero Labs Report

Welcome to the ⁠Data Security Decoded⁠ podcast by Rubrik Zero Labs. In this episode, our host ⁠Caleb Tolin⁠ speaks with ⁠Pavlina Pavlova⁠, a researcher and cybersecurity advocate focusing on data weaponization and its disproportionate impact on vulnerable populations. Pavlina defines data weaponization as using data to manipulate, deceive, coerce, or attack someone to inflict harm. Her research investigates why cyber attacks and their impacts often have gendered dimensions, with certain populations experiencing more severe consequences. The conversation explores how attacks on critical infrastructure, particularly healthcare, create immediate impacts. While cyber attacks aren't becoming more sophisticated, they're growing more vicious. Ransomware attacks against healthcare facilities disproportionately affect women, who often serve as caregivers and rely more heavily on healthcare services. Pavlina examines the geopolitical dimensions of cybercrime, noting how certain nations harbor cybercriminals aligned with their foreign policy goals. These sanctuary jurisdictions make accountability difficult and contribute to attacks aimed at disrupting societal resilience. Join Caleb and Pavlina as they discuss policy frameworks addressing gender dimensions of data weaponization, explore international cooperation efforts, and share practical advice for under-resourced organizations to improve their cyber resilience despite limited funding. They also examine the critical role of responsible data collection and the importance of donors specifically allocating cybersecurity funding when supporting vulnerable organizations. Episode Highlights: [01:02] Defining Data Weaponization [04:11] Critical Infrastructure Targeting [09:29] Geopolitical Dimensions of Cybercrime [13:24] Policy Frameworks and International Cooperation [19:31] Resources for Under-resourced Organizations Episode Resources: Caleb Tolin on LinkedIn Pavlina Pavlova on LinkedIn New America report by Pavlina Pavlova Cyber Peace Institute United Nations Cybercrime Convention

Welcome to the ⁠Data Security Decoded⁠ podcast by Rubrik Zero Labs. In this episode, our host, ⁠Caleb Tolin⁠, is joined by ⁠Michael Razeeq⁠, a cybersecurity policy researcher specializing in advocating for Civilian Cyber Corps (C3s). Michael shares insights into how these volunteer forces, C3s, are transforming community cyber defense, addressing workforce shortages, and providing both preventive and reactive cybersecurity services to underfunded organizations. Michael's research provides a unique perspective on the emergence of the Civilian Cyber Corps across various models, from university cyber clinics to state-level programs. These task forces address gaps in cybersecurity defense where resource constraints leave organizations vulnerable. As a ⁠2024 #ShareTheMicInCyber Fellow at New America⁠ and 2025 Fellow at UC Berkeley ⁠CLTC⁠, he advocates for a "whole society" approach to cybersecurity, highlighting successful implementations in states like Ohio and drawing inspiration from Estonia's cyber defense unit. Join Caleb and Michael as they explore the operational frameworks of C3s, discuss the challenges of recruiting and vetting volunteers, examine legal considerations for establishing programs, and share insights on measuring both quantitative and qualitative impacts of these initiatives. They also look at the future of C3s through increased collaboration and partnerships like the Cyber Resilience Core. Episode Highlights: [01:30] The Rise of Civilian Cyber Corps (C3s) [13:11] Pathways to Establishing C3 Programs [19:47] Left of Boom vs Right of Boom Services [26:49] Addressing C3 Implementation Challenges Episode Resources: Caleb Tolin on LinkedIn Michael Razeeq on LinkedIn “Civilian Cyber Corps: A Model Law for States” by Michael Razeeq for New America  New America’s #ShareTheMicInCyber Fellowship Program UC Berkeley Center for Long-Term Cybersecurity Program CISA Cybersecurity Resources for High-Risk Communities

Welcome to the Data Security Decoded podcast. In this episode, our host, ⁠Richard Cassidy⁠, is joined by ⁠Carolin Desirée Toepfer⁠, founder of ⁠Cyttraction⁠ and CISO as a Service for multiple organizations across Europe and North America. Carolin shares her journey from building websites and online communities to becoming a cybersecurity leader, offering insights into the unique challenges of European cybersecurity, AI security frameworks, and transforming cybersecurity training into data integrity training that better aligns with business needs. Carolin's unique position as a CISO for multiple organizations gives her exceptional perspective on cybersecurity challenges across different industries and company sizes. Her approach focuses on addressing gaps in the European cybersecurity landscape where, according to Cisco studies, only 2% of companies are well-prepared. As founder of Cyttraction, an edtech company focused on cybersecurity training, she advocates for reframing security training to emphasize data integrity and digital identity protection, making it more relevant to business stakeholders. Join Richard and Carolin as they explore the evolution of the CISO role in Europe, discuss the global skills shortage in cybersecurity, examine cultural differences in security awareness between North America and Europe, and share insights on effective training strategies that accommodate modern attention spans and learning preferences. Episode Highlights: 00:02 - Introduction and CISO as a Service Role 01:57 - European Cybersecurity Landscape and Challenges 03:26 - Path to Becoming a CISO 06:17 - Regional Differences in Cybersecurity Approaches 09:53 - AI Governance and Business Impact 14:39 - Reframing Security Training for Business Alignment 19:20 - Measuring Training Effectiveness 24:01 - Future Outlook for Cybersecurity Episode Resources: Richard Cassidy on LinkedIn Carolin Desirée Toepfer on LinkedIn Cyttraction Learning Platform The State of Data Security: The New Rules Breaking the Banks report from Rubrik Zero Labs

Welcome to the ⁠Data Security Decoded⁠ podcast, brought to you by ⁠Rubrik Zero Labs⁠. In each episode, we discuss cybersecurity with thought leaders and industry experts and get their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.  In this episode, our host, ⁠Ghazal Asif⁠, Global VP of Channels, Alliances, and Inside Sales at Rubrik, is joined by ⁠Kris Lovejoy⁠, Global Security and Resilience Practice Leader at ⁠Kyndryl⁠. With over two decades of leadership experience, Kris has built a career focused on advancing technology ecosystems that drive human progress. At Kyndryl, she leads initiatives to design, manage, and safeguard the world's most reliable technology infrastructure. Previously, Kris served as EY’s Global Cybersecurity Leader, where she worked with diverse teams across 150+ countries to solve complex cybersecurity challenges. She has also held leadership roles at IBM, including VP of IT Risk and Chief Information Security Officer (CISO), and served as CEO of BluVector, a Comcast company. Kris also sits on the board of Dominion Energy, where she supports efforts to achieve Net Zero emissions by 2050. Join Ghazal and Kris as they explore actionable strategies for integrating cyber resilience into business operations, the importance of regulatory readiness for global organizations navigating new compliance frameworks, and how diverse teams drive innovative problem-solving in cybersecurity. Episode Highlights:  00:00 - Intro 03:45 - Evolving Perspectives on Compliance and Regulation 07:25 - Why Diversity in IT and Security Teams Drives Better Solutions 09:59 - Cybersecurity vs. Cyber Resilience 14:25 - Practical Strategies for Building Cyber Resilience 17:40 - Communicating Security Strategies to Non-Technical Leaders 20:25 - The Paradox of Per Capita Spend 26:09 - Regulatory Readiness in a Complex Global Landscape 28:09 - Preparing for Cyber Threats: The Critical Role of Basic Hygiene 30:18 - Looking Forward: Optimism for the Future of Cybersecurity Episode Resources Rubrik Zero Labs The State of Data Security: Measuring Your Data's Risk report Ghazal Asif on LinkedIn Kris Lovejoy on LinkedIn

Welcome to the ⁠Data Security Decoded⁠ podcast, brought to you by Rubrik Zero Labs⁠. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.  In this episode, our host, ⁠Travis Rosiek⁠, Public Sector CTO at Rubrik, is joined by ⁠Nicole Tisdale⁠, Founder of Advocacy Blueprints, former Director of Legislative Affairs for the National Security Council, and author of ⁠Right to Petition⁠. Nicole shares her journey from rural Mississippi to national security leadership, offering insights into cybersecurity equity, workforce development, and public policy's critical role in addressing underserved communities' unique challenges. Nicole’s leadership has been instrumental in shaping transformative policies, including spearheading The White House’s advocacy that secured a $1 billion cybersecurity grant program and the nation’s first cyber incident reporting law. Representing the United States in global policy dialogues across 30 nations, she has been a prominent voice in advancing security and equity on the international stage. Now as the Founder of Advocacy Blueprints, Nicole continues to champion cybersecurity and civic engagement, equipping organizations and individuals with the tools to influence policy effectively. She is also the author of Right to Petition, a practical guide for empowering citizens in advocacy. Join Travis and Nicole as they delve into the challenges of bridging policy gaps for underserved communities and her vision for equitable cybersecurity policies that prepare, respond, and recover in today’s digital landscape. Episode Highlights:  00:00 - Intro 02:57 - Advocacy for Underserved Communities 06:21 - Addressing Cybersecurity Gaps in Rural and Low-Income Communities 07:17 - Defensive vs. Offensive Cybersecurity Policy 12:10 - The Role of Proactive Policy in Cyber Resilience 18:35 - The Importance of Cybersecurity Workforce Development 21:41 - Regional Nodes for Workforce Growth and Local Cybersecurity Defense 25:48 - Connecting Workforce Development to Community Economic Stability 30:05 - The Ripple Effects of Cyberattacks on Healthcare Systems 34:57 - Cybersecurity as Critical Infrastructure Protection: The Rural Perspective 38:39 - Advocacy Blueprints: Empowering Communities to Influence Policy 45:15 - Effective Advocacy: Known Information and Resource Alignment in Cyber Policy 48:03 - Advice for Government Leaders During Leadership Transitions 55:59 - Optimism About Cybersecurity’s Future Episode Resources: Rubrik Zero Labs The State of Data Security: Measuring Your Data's Risk report Travis Rosiek on LinkedIn Nicole Tisdale on LinkedIn Right to Petition by Nicole Tisdale

Welcome to the ⁠Data Security Decoded⁠ podcast, brought to you by ⁠Rubrik Zero Labs⁠. In each episode, we discuss cybersecurity with thought leaders and industry experts, and get their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.  In this episode, our host, ⁠Mike Tornincasa⁠, Chief Business Officer at Rubrik, is joined by ⁠Marcela Escobar-Alava⁠, CIO of the Social Security Administration⁠, and ⁠Joe Stenaka⁠, SSA’s CISO for an insightful conversation on IT and cybersecurity collaboration. Marcela Escobar-Alava is a seasoned technology executive with deep expertise in building high-performing teams and aligning technology solutions with business objectives. Known for her ability to innovate under tight deadlines, Marcela brings years of experience in managing global application development, transforming organizational operations, and driving impactful business outcomes. Her strategic leadership and problem-solving approach have made her a trusted leader in rapidly evolving environments. Joe Stenaka, the Associate Commissioner and CISO at SSA, has spent decades protecting critical information systems across government agencies, including the Department of Veterans Affairs and the National Security Agency. With a pragmatic leadership style, Joe emphasizes collaboration and enabling secure IT solutions while minimizing risks. As an educator and industry thought leader, he is committed to fostering the next generation of cybersecurity professionals. Together, Marcela and Joe share how their unique partnership ensures operational efficiency and robust security for one of the largest independent government agencies, serving over 64 million Americans. Episode Highlights:  00:00 - Intro 00:58 - Marcela’s role as CIO: Bridging strategic and operational objectives 02:59 - Joe’s leadership in advancing SSA’s cybersecurity framework 05:12 - Establishing lockstep collaboration between IT and security 10:30 - Balancing the speed of IT innovation with robust security measures 18:14 - Lessons from Marcela’s past: Ransomware scars and fostering vigilance 24:15 - The rise of AI: Ethical considerations, security risks, and opportunities 29:27 - Reflections on leadership: From cryptology to servant leadership 32:12 - The future of cybersecurity: Opportunities and challenges Episode Resources: Rubrik Zero Labs The State of Data Security: Measuring Your Data's Risk report Marcela Escobar-Alava on LinkedIn  Joe Stenaka on LinkedIn Mike Tornincasa on LinkedIn