Cybersecurity Today

Cybersecurity Isn't Managing Risk—It's Managing Threats... And That's the Problem
Host David Shipley speaks with Jeff Gardner, a former university CISO and now at Morgan Stanley, about Gardner's doctoral research arguing that cybersecurity has structurally misclassified "risk management" as threat management. 
Gardner explains that real risk is an expected loss calculation (impact × likelihood), while many cybersecurity frameworks and training emphasize vulnerabilities, exploitability, and system configuration without likelihood or business impact. He describes examples where teams labeled unlikely issues as "extremely high risk," discusses interviews where leaders universally expect cybersecurity staff to be risk managers, and cites findings that only about 11% of cybersecurity professionals actually perform risk calculations. Gardner outlines a practical approach using qualitative likelihood and impact scales, prioritization, and clearer business framing, and notes ongoing discussions with NIST to improve the NICE framework.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst

00:00 Sponsor Message
00:19 Meet Jeff Gardner
01:51 Career Journey Origins
03:23 TLS Risk Epiphany
05:06 What Is Compute Canada
06:38 Risk Versus Threat
08:35 Why Labels Matter
11:13 Likelihood And Impact
12:26 Teaching Risk Qualitatively
15:29 Why Prioritize Risk
20:36 Training Frameworks Flaw
25:13 Research Frustrations
25:51 Risk Management Wins
26:44 Why CISOs Burn Out
27:43 Speaking Executive Risk
29:22 Teach Risk Broadly
31:36 Biases and Better Judgments
35:17 Sexy Scary vs Real Risk
36:12 Convincing the Room
39:15 Start Simple Frameworks
41:36 Risk Quadrants and Delegation
45:30 Mentorship and NIST V3
47:57 Wrap Up and Sponsor

FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack; Apple iPhone Exploit Patch; North Korean Fake IT Workers Grow
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
The episode reports that the FBI has seized the data leak site used by the Iran-linked hacktivist group Handala, which has been widely linked to the Stryker attack where attackers compromised admin accounts, stole data, and used Microsoft Intune to remotely wipe and factory reset roughly 80,000 managed devices. CISA and Microsoft warn organizations to harden Intune and identity controls with least privilege, role-based access, MFA, conditional access, and requiring multi-admin approval for sensitive actions like device wipes. Apple urges iPhone users to update after fixing actively exploited flaws used in targeted, sophisticated campaigns, noting risks even for those who think Apple devices aren't targeted. The show also highlights new FLAIR research showing North Korean operatives continue infiltrating Western firms as remote IT workers using stolen or fabricated identities, exploiting weak hiring verification and broad access.
LINKS
https://flare.io/learn/resources/north-korean-infiltrator-threat

00:00 Sponsor Message Meter
00:19 Headlines And Intro
00:46 FBI Seizes Handala Leak Site
02:31 CISA And Microsoft Intune Guidance
04:37 Apple iPhone Update Warning
06:10 North Korean Fake IT Workers
07:56 Links Sharing And Wrap Up
08:29 Sponsor Thanks And Sign Off

Medical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
The episode covers several cybersecurity stories: Intuitive Surgical disclosed a March 12 phishing-led intrusion where stolen credentials enabled access to its internal administrative network and data theft (customer/business contacts and employee records), while clinical platforms and Da Vinci/Ion systems remained unaffected. Eleven tech and retail firms including Google, Amazon, and OpenAI pledged to share threat intel on scams, amid skepticism and Verafin figures estimating $4.4T in global financial crime in 2025 and rising AI-driven fraud. LayerX demonstrated a font/CSS "glyph substitution" technique that shows humans a malicious command while AI assistants read benign text; Microsoft addressed it, while others deemed it out of scope. In Iran-war updates, senior Iranian cyber figures were reportedly killed; Iran-linked group Handala's Stryker attack allegedly wiped nearly 80,000 devices via compromised admin accounts and Intune, with further unverified leak claims. Denver crosswalk speakers were hacked due to default passwords.
 
00:00 Sponsor Message Meter
00:19 Medical Device Breach
01:52 Phishing Still Wins
02:32 Tech Pledge Against Scams
03:43 Fraud Numbers And AI
05:49 Font Trick AI Bypass
07:22 Vendor Responses Lessons
09:03 Iran Cyber War Updates
10:00 Stryker Intune Wipe Attack
11:07 More Iranian Claims
12:17 Denver Crosswalk Hack
13:10 Wrap Up And Signoff
13:33 Sponsor Outro Meter

Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more..
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Host David Shipley covers new details on the alleged takedown of "Waifu," a Canadian hacker tied to the cybercrime group The Com, after a harassment campaign against investigator Allison Nixon helped lead to his identification and arrest; he now faces U.S. charges including extortion and unauthorized computer access. The episode also highlights Interpol's six-month Operation Synergia, a major international crackdown that disabled 45,000 malicious IPs and led to 94 arrests across 72 countries, targeting ransomware, phishing, and malware infrastructure. An update on Stryker describes an attack on its Microsoft corporate systems allegedly involving Intune to wipe over 200,000 devices, with Stryker saying connected medical devices and services remain safe while ordering and operations are disrupted. Finally, Poland reports it stopped an attempted hack on its National Center for Nuclear Research that may have Iranian links, though officials caution indicators could be misdirection.
00:00 Sponsor Meter Intro
00:19 Headlines And Welcome
00:50 Calm Hacker Takedown
02:49 Threats Against Researcher
04:21 Unmasking And Arrest
05:46 Interpol Operation Synergy
08:10 Stryker Intune Attack Fallout
12:56 Iran Cyber War Updates
13:43 Poland Nuclear Hack Attempt
16:14 Wrap Up And Thanks
16:52 Sponsor Meter Outro

Gemini in Google Workspace, Agentic AI, and Managing AI Anxiety (with Accenture's Krish Banerjee)
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
In a special edition of Project Synapse shared with Cybersecurity Today, host Jim Love and co-host John Pinard (a VP and CSO at a Canadian financial institution) speak with Krish Banerjee, Accenture's managing director and partner leading AI in Canada. They discuss Google integrating Gemini into Workspace and how AI assistants like Gemini and Microsoft Copilot are converging, along with recent moves around agent platforms and the business models of AI, including Meta and Nvidia's evolving strategies and Nvidia's push toward enterprise agent infrastructure amid rapidly rising compute demand. The conversation explores why AI adoption lags capability, emphasizing task-based redesign, human-in-the-loop guardrails, and not "AI-washing" broken processes. They also address AI anxiety, training and culture change, impacts on education and jobs, and practical ways to use agents to stay informed and productive.
00:00 Sponsor Message
00:20 Show Intro and Guests
01:12 Gemini Comes to Workspace
03:38 AI Tool Leapfrogging
05:06 Agent Network Acquisitions
07:53 Nvidia Bets on Enterprise Agents
11:08 Why AI Adoption Lags
14:27 Agentic AI and Process Redesign
16:19 Security Guardrails and Human Oversight
24:05 Accenture Transformation and Training
26:55 AI Anxiety in the Workplace
30:22 Tasks Not Jobs
32:12 Outcome First Thinking
34:15 Personal AI Assistants
37:24 Building Agents Together
38:35 Executive Learning Curve
44:31 Kids And AI Natives
50:15 Critical Thinking And Trust
54:15 Company Advice Focus Value
55:58 Wrap Up And Sponsor