In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.

Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can’t control what you can’t see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.

The Zero Trust Mindset: Assume Breach, Limit Access

Rob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It’s not about waiting to detect bad behavior—it’s about blocking the behavior before it starts.

The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker’s automation is designed to lower that barrier and get organizations to meaningful control faster.

Modern Threats, Simplified Defenses

As AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don’t require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it’s created. Whether it’s PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.

This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you’re ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest:

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Quantum computing and AI are no longer theoretical concepts for tomorrow—they’re shaping how organizations must secure their infrastructure today. In this episode of the podcast, Mark Manzano, General Manager of Cybersecurity at SandboxAQ, joins the conversation to share how his team is helping organizations confront some of the most urgent and complex cybersecurity shifts of our time.

SandboxAQ, a company spun out of Alphabet, operates at the intersection of quantum technology and artificial intelligence. Manzano highlights two immediate challenges that demand new approaches: the looming need for quantum-resistant cryptography and the unchecked proliferation of AI agents across enterprise systems.

Post-Quantum Migration and Cryptographic Agility

Manzano describes an industry-wide need for massive cryptographic migration in response to the quantum threat. But rather than treating it as a one-time fix, SandboxAQ promotes cryptographic agility—a framework that enables organizations to dynamically and automatically rotate credentials, replace algorithms, and manage certificates in real-time. Their approach replaces decades of static key management practices with a modern, policy-driven control plane. It’s not just about surviving the post-quantum era—it’s about staying ready for whatever comes next.

Taming the Complexity of AI Agents and Non-Human Identities

The second challenge is the surge of non-human identities—AI agents, machine workloads, and ephemeral cloud infrastructure. SandboxAQ’s platform provides continuous visibility and control over what software is running, who or what it communicates with, and whether it adheres to security policies. This approach helps teams move beyond manual, one-off audits to real-time monitoring, dramatically improving how organizations manage software supply chain risks.

Real Use Cases with Measurable Impact

Manzano shares practical examples of how SandboxAQ’s technology is being used in complex environments like large banks—where decades of M&A activity have created fragmented infrastructure. Their platform unifies cryptographic and identity management through a single pane of glass, helping security teams act faster with less friction. Another use case? Reducing vendor risk assessment from months to minutes, allowing security teams to assess software posture quickly and continuously.

Whether it’s quantum cryptography, AI risk, or identity control—this isn’t a vision for 2030. It’s a call to action for today.

Learn more about SandboxAQ: https://itspm.ag/sandboxaq-j2en

Note: This story contains promotional content. Learn more.

Guest:

Marc Manzano, General Manager of Cybersecurity at SandboxAQ | https://www.linkedin.com/in/marcmanzano/

Resources

Learn more and catch more stories from SandboxAQ: https://www.itspmagazine.com/directory/sandboxaq

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

mark manzano, marco ciappelli, sean martin, cryptography, quantum, ai, cybersecurity, nonhuman, keymanagement, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

In today’s threat environment, it’s not enough to back up your data—you have to be able to trust that those backups will be there when you need them. That’s the message from Sterling Wilson, Field CTO at Object First, during his conversation at RSAC Conference 2025.

Object First is purpose-built for Veeam environments, offering out-of-the-box immutability (OOTBI) with a hardened, on-premises appliance. The goal is simple but critical: make backup security both powerful and practical. With backup credentials often doubling as access credentials for storage infrastructure, organizations expose themselves to unnecessary risk. Object First separates those duties by design, reducing the attack surface and protecting data even when attackers have admin credentials in hand.

Immutability as a Foundation—Not a Feature

The conversation highlights data from a recent ESG study showing that 81% of respondents recognize immutable object storage as the most secure way to protect backup data. True immutability means data cannot be modified or deleted until a set retention period expires—an essential safeguard when facing ransomware or insider threats. But Sterling emphasizes that immutability alone isn’t enough. Backup policies, storage access, and data workflows must be segmented and secured.

Zero Trust for Backup Infrastructure

Zero trust principles—verify explicitly, assume breach, enforce least privilege—have gained ground across networks and applications. But few organizations extend those principles into the backup layer. Object First applies zero trust directly to backup infrastructure through what they call zero trust data resilience. That includes verifying credentials at every step and ensuring backup jobs can’t alter storage configurations.

A Real-World Test: Marysville School District

When Marysville School District suffered a ransomware attack, nearly every system was compromised—except the Object First appliance. The attacker had administrative credentials, but couldn’t access or encrypt the immutable backups. Thanks to the secure design and separation of permissions, recovery was possible—demonstrating that trust in your backups can’t be assumed; it must be enforced by design.

Meeting Customers Where They Are

To support both partners and end customers, Object First now offers OOTBI through a consumption-based model. Whether organizations are managing remote offices or scaling their environments quickly, the new model provides flexibility without compromising security or simplicity.

Learn more about Object First: https://itspm.ag/object-first-2gjl

Note: This story contains promotional content. Learn more.

Guest:

Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/

Resources

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, sterling wilson, ransomware, immutability, backups, cybersecurity, zero trust, data protection, veeam, recovery, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

In this RSAC 2025 episode, Sean Martin sits down with Steve Schlarman, Senior Director of Product Management at Archer Integrated Risk Management, to explore how organizations are rethinking compliance and risk—not just as a box to check, but as a business enabler.

At the center of the conversation is Archer Evolve, a new platform intentionally designed to move beyond legacy GRC workflows. Built on years of insight from customers and aligned with the company’s post-RSA independence, Evolve aims to modernize how compliance and risk teams operate. That includes automating burdensome regulatory processes, surfacing business-relevant risk insights, and supporting more strategic decision-making.

One standout capability comes from Archer’s integration of Compliance.ai, a regulatory tech firm the company acquired to accelerate its transformation. By applying AI tuned specifically for the language of compliance, Archer can now help customers reduce review time per regulatory obligation from 100 hours to just a few. That’s more than a productivity gain—it’s a structural shift in how companies adapt to nonstop regulatory change.

Another critical area is quantifying risk. Rather than relying on subjective heat maps, Archer enables organizations to calculate loss exposure in real terms. This creates a foundation for executive conversations rooted in financial and operational impact, not just abstract threat levels. That same quantitative view can be applied to understanding the cost of controls—ensuring that investments align with real business risk, rather than piling on complexity for the sake of coverage.

The conversation closes on a powerful shift: risk and compliance teams freeing up time and brainpower to collaborate directly with the business. With the manual grunt work automated and controls mapped more intelligently, these teams can help shape new services and strategic initiatives—safely and confidently.

This episode isn’t just about software or frameworks. It’s about what happens when governance becomes a driver of value, not just a reaction to fear.

Listen in to hear how Archer is helping turn risk and compliance from operational drag into business advantage.

Learn more about Archer Integrated Risk Management: https://itspm.ag/rsaarchweb

Note: This story contains promotional content. Learn more.

Guest:

Steve Schlarman, Senior Director, Product Management, Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer Integrated Risk Management: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, steve schlarman, risk, compliance, ai, governance, grc, quantification, controls, automation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

At RSAC Conference 2025, Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, joined ITSPmagazine to share critical insights into the dual role AI is playing in cybersecurity today—and what Akamai is doing about it.

Chokshi lays out the landscape with clarity: while AI is unlocking powerful new capabilities for defenders, it’s also accelerating innovation for attackers. From bot mitigation and behavioral DDoS to adaptive security engines, Akamai has used machine learning for over a decade to enhance protection, but the scale and complexity of threats have entered a new era.

The API and Web Application Threat Surge

Referencing Akamai’s latest State of the Internet report, Chokshi cites a 33% year-over-year rise in web application and API attacks—topping 311 billion threats. More than 150 billion of these were API-related. The reason is simple: APIs are the backbone of modern applications, yet many organizations lack visibility into how many they have or where they’re exposed. Shadow and zombie APIs are quietly expanding attack surfaces without sufficient monitoring or defense.

Chokshi shares that in early customer discovery sessions, organizations often uncover tens of thousands of APIs they weren’t actively tracking—making them easy targets for business logic abuse, credential theft, and data exfiltration.

Introducing Akamai’s Firewall for AI

Akamai is addressing another critical gap with the launch of its new Firewall for AI. Designed for both internal and customer-facing generative AI applications, this solution focuses on securing runtime environments. It detects and blocks issues like prompt injection, PII leakage, and toxic language using scalable, automated analysis at the edge—reducing friction for deployment while enhancing visibility and governance.

In early testing, Akamai found that 6% of traffic to a single LLM-based customer chatbot involved suspicious activity. That volume—within just 100,000 requests—highlights the urgency of runtime protections for AI workloads.

Enabling Security Leadership

Chokshi emphasizes that modern security teams must engage collaboratively with business and data teams. As AI adoption outpaces security budgets, CISOs are looking for trusted, easy-to-deploy solutions that enable—not hinder—innovation. Akamai’s goal: deliver scalable protections with minimal disruption, while helping security leaders shoulder the growing burden of AI risk.

Learn more about Akamai: https://itspm.ag/akamailbwc

Note: This story contains promotional content. Learn more.

Guest:

Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/

Resources

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, rupesh chokshi, akamai, rsac, ai, security, cisos, api, firewall, llm, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

RSAC 2025 is a wrap. The expo floor is closed, the conversations have ended, and the gear is packed — but the reflections are just beginning. Throughout the week, Sean Martin and Marco Ciappelli had powerful discussions around AI, identity, platform security, partnerships, the evolving legal and VC landscapes, and the growing importance of multi-layered defense strategies. But one moment stood out. While we were recording outside the conference, someone walking by asked us, “Is the world secure now?” Our answer was simple: “We’re working on it.” That exchange captured the spirit of the entire event — security is not a destination, it’s an ongoing effort. We learn, we adapt, and we move forward faster than the future is coming at us. Thank you to everyone who made RSAC 2025 such a meaningful experience. Next stops: AppSec Global in Barcelona, Infosec Europe in London, Black Hat and DEF CON in Las Vegas — and more conversations across the hybrid analog digital society we all share. Until next time, keep building, keep connecting, and keep moving forward.

___________

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

Akamai: https://itspm.ag/akamailbwc

BlackCloak: https://itspm.ag/itspbcweb

SandboxAQ: https://itspm.ag/sandboxaq-j2en

Archer: https://itspm.ag/rsaarchweb

Dropzone AI: https://itspm.ag/dropzoneai-641

ISACA: https://itspm.ag/isaca-96808

ObjectFirst: https://itspm.ag/object-first-2gjl

Edera: https://itspm.ag/edera-434868

___________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

___________

KEYWORDS

sean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference

___________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

The cybersecurity workforce shortage isn’t a new problem—but according to Jamie Norton, Board Director at ISACA, it’s one that’s getting worse. In this on-location conversation during RSAC Conference 2025, Norton shares how ISACA is not only acknowledging this persistent gap but actively building pathways to close it, especially for early-career professionals.

While many know ISACA for its certifications and events, Norton emphasizes that the organization’s mission goes much deeper—supporting digital trust through education, community, and career development. One key area of focus: helping individuals navigate every phase of their professional journey, from new graduates to seasoned leaders. That includes new offerings like the Certified Cyber Operations Analyst (CCOA) credential, designed specifically to meet the growing demand for technical, hands-on skills in security operations roles.

What’s driving this shift? Norton points to employer demand for candidates who can walk into SOC and technical analyst roles with practical experience. The CCOA was created based on feedback from ISACA’s 185,000+ global members and a wide network of hiring organizations, all highlighting the same pain point: early-stage roles are difficult to fill, not because people aren’t interested, but because too many can’t prove their skills in ways hiring managers understand.

ISACA’s response is both strategic and community-driven. Certification development is rooted in large-scale data analysis and enhanced by input from members around the world, ensuring each program reflects real-world needs. At the same time, ISACA recognizes that certifications alone don’t create confidence. Community and mentorship matter—especially for those struggling with imposter syndrome or breaking into the field from non-traditional backgrounds.

Looking ahead, ISACA is investing in career journey tools, AI-focused certifications, and guidance for post-quantum readiness—all while continuing to support members through local chapters and global programs.

For those hiring, job-seeking, or guiding others into the field, this episode offers a grounded, forward-looking view into how one organization is equipping the cybersecurity workforce for the work that matters now—and what’s coming next.

Learn more about ISACA: https://itspm.ag/isaca-96808

Note: This story contains promotional content. Learn more.

Guest:

Jamie Norton, Director Board of Directors, ISACA | https://www.linkedin.com/in/jamienorton/

Resources

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

jamie norton, sean martin, marco ciappelli, cybersecurity, certifications, workforce, skills, governance, community, careers, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us