TechSpective Podcast copertina

TechSpective Podcast

TechSpective Podcast

Di: Tony Bradley
Ascolta gratuitamente

The TechSpective Podcast brings together top minds in cybersecurity, enterprise tech, AI, and beyond to share unique perspective on technology—unpacking breakthrough trends like zero trust, threat intelligence, AI-enabled security, ransomware’s geopolitical ties, and more. Whether you’re an IT pro, security exec, or simply tech‑curious, each episode blends expert insight with real-world context—from microsegmentation strategies to the human side of cyber ethics. But we also keep it fun, sometimes riffing on pop‑culture debates like Star Wars vs. Star Trek or Xbox vs. PS—so it’s not all dry and serious.2025 Bradley Strategy Group, Inc. Politica e governo
Episodi
  • Remote Hiring Opened the Talent Pool — and the Fraud Surface

    Remote Hiring Opened the Talent Pool — and the Fraud Surface
    Jun 8 2026
    Before COVID forced everyone out of the office, hiring for most companies was a pretty localized exercise. You posted the job, you interviewed whoever could physically show up, and you picked someone. If you were based in a mid-sized city, you hired from a mid-sized city talent pool. Remote work changed that. Suddenly a company in Topeka, Kansas could interview candidates in Portland, Maine — or anywhere else. This meant more competition for good candidates. However, it also meant a dramatically better shot at actually finding the right person for the job. And depending on your market, the cost savings weren't trivial either. Most of the data suggested remote work was as productive as in-office work, sometimes more so. The case for keeping it was strong. A lot of companies made it permanent, or at least optional. The Fraud Problem Nobody Planned For But there's a problem that came along with all of that — one that didn't get much attention until recently. When you expand your hiring geography to anywhere with an internet connection, you also expand your exposure. As a result, you encounter applicants who are not who they claim to be. I'm not talking about resume padding. I mean organized fraud. That includes fake identities. There are people swapping out mid-interview so that the person who actually shows up on day one is not the person you interviewed. AI is being used in real time to answer technical questions the candidate doesn't actually know. And in some well-documented cases, state-sponsored actors — North Korean IT workers operating under false identities — get hired. These workers receive company laptops and exfiltrate data almost immediately. The FTC reported that US businesses lost a staggering amount to this kind of fraud in 2024. And that's not just the companies that hired someone fraudulent. A significant chunk of that is wasted time. This includes the cost of running three, five, or seven interview rounds on a candidate who turns out to be fake, and having to start over. In this episode of the TechSpective Podcast, I talk with Den Jones, CEO and founder of 909Cyber, about a product he's been building to address exactly this problem. Den has spent 30 years in identity and zero trust — at Adobe, Cisco, and elsewhere. 909Shield applies that same thinking to the hiring process itself. This happens before a candidate ever gets to the first interview, before a company ships a laptop, and before access is provisioned. More to the Conversation Than Just the Product We get into how the fraud actually works — and it's more varied and more organized than most people realize. We also talk about what a solution looks like, the tradeoffs involved in verifying someone's identity across multiple touchpoints, and the data privacy questions that come with building a biometric trust layer for hiring. There are also some side conversations worth tuning in for. For example, whether it actually matters if an employee works for multiple companies simultaneously, as long as they're delivering. Also, whether using AI to answer interview questions should disqualify someone when employers are often mandating AI use once they're hired. And whether return-to-office mandates, at least in some cases, are partly a response to this fraud problem rather than the real estate economics most people assume. Den also traces how 909Shield came to exist — which did not start with a plan to build a remote hiring verification platform. It started with a passion project to help cybersecurity students find part-time work while they were still in school. Later, that evolved into a freelancer marketplace and then into a fraud-prevention product for remote hiring. This is its own story, and it's worth hearing him tell it. 909Shield is launching in mid-June. Den is actively looking for design partners — companies doing meaningful hiring volume who want to help shape the product and lock in early pricing. If your organization does a significant amount of remote hiring, this conversation is worth your time. Check out the full episode on the TechSpective Podcast.
    Mostra di più Mostra meno
    46 min
  • The AI Risk Blind Spot Most Organizations Don’t Know They Have

    The AI Risk Blind Spot Most Organizations Don’t Know They Have
    May 13 2026
    Most organizations believe they have a solid handle on their AI risk. According to a new report, that confidence may be misplaced. ArmorCode partnered with the Purplebook community to survey more than 650 cybersecurity leaders to produce the State of AI Risk Management 2026 report. The results reveal a disconnect that's hard to explain away. Nearly 90% of respondents said they had complete visibility into AI usage across their organizations. However, more than 60% of those same respondents said AI usage in their organizations is essentially ungoverned. These weren't different groups of people. Instead, it was the same respondents giving contradictory answers within the same survey. I talked with Mark Lambert, Chief Product Officer at ArmorCode, about what's behind that gap and what organizations can realistically do about it. This conversation took place on this episode of the TechSpective Podcast. Lambert wasn't surprised by the findings. The pressure organizations are under to capture productivity gains from AI is real. Normally, the instinct is to adopt now and figure out governance later. AI-assisted code generation is delivering meaningful output, and the business case is hard to argue with. However, the security implications are another matter. As Lambert explained, even if AI-generated code has half the vulnerability density of human-written code, a 4x productivity multiplier still nets out to more vulnerabilities reaching production. As a result, there are not fewer vulnerabilities. We also got into something I hadn't fully thought through before our conversation. Tools capable of discovering security flaws at a scale no human team could match are already here in limited form. Lambert described what he sees as a three-wave scenario for how this plays out — beginning with CVEs in critical infrastructure, moving to open-source vulnerabilities, and eventually reaching nation-state actors who've been capturing codebases for years. Now, these actors have the right tools to mine them for exploitable flaws. Most organizations are already struggling to keep up with patching. Additionally, the question of what happens when the volume of known vulnerabilities multiplies significantly is one that the industry doesn't have a good answer for yet. From there, we got into agentic AI, which is where the governance conversation gets complicated fast. I've been using the intern analogy a lot lately when talking about AI agents — you'd give them tasks, but you wouldn't hand them access to everything, and you'd review the output before it went anywhere it mattered. Lambert agreed with the framing. The problem, as I see it, is that the analogy breaks down at scale. Managing a handful of agents the way you'd supervise a new hire is workable. However, doing that with a hundred agents means the human review process becomes the bottleneck. Therefore, you've given back the efficiency gains you were after. Lambert and I worked through what governance actually looks like when agent deployments grow. This includes scoping agency based on business risk, making sure high-stakes decisions can be reversed, and building in the audit trail. He pointed to a fireside chat from RSAC. The question came up of whether two agents could theoretically handle Sarbanes-Oxley compliance between them. The concept highlights an important point about where the line between autonomous and human-reviewed needs to sit. The self-driving car comparison came up, too. The first time I used adaptive cruise control, I kept my foot next to the brake the whole time. Later, I've since ridden in Waymos, where I would have been fine falling asleep. That trust didn't come from a product announcement — it came from watching the system handle real situations over time. Lambert made the point that the same logic applies to AI agents in enterprise environments, which I think is right. Consequently, the organizations that will do this well are the ones that build trust in their agents. Lambert tied all of this back to ArmorCode's focus on unified exposure management — pulling data from hundreds of sources, applying business context, and using AI to prioritize what actually needs attention rather than just generating more alerts. Watch or listen to the full episode for the complete conversation.
    Mostra di più Mostra meno
    49 min
  • The Attack Surface Changed but the Fundamentals Didn’t

    The Attack Surface Changed but the Fundamentals Didn’t
    May 7 2026
    Every few years, something comes along that reshapes the threat landscape and sends the industry scrambling for new tools, new frameworks, and new buzzwords. The perimeter died. Then it came back. Endpoints became the priority. Now they're not the whole story. Identity is the new battleground. AI is changing everything. And yet, the more I talk to people who've spent decades in the trenches, the more I keep hearing the same thing: the fundamentals still work. We just stopped trusting them. I had that conversation recently with Will Ledesma, a cybersecurity veteran with over 25 years in the field and a current role at N-able. Will also serves as a cyber warrior in the U.S. Air Force — and as a fellow Air Force vet, I can say the service tends to instill a certain appreciation for doing things right the first time. State of the SOC Report We talked about what N-able's latest State of the SOC report actually shows about where attacks are coming from — and the answer probably isn't what you'd expect if you've been following the conventional wisdom around endpoint protection. The data points somewhere else, and Will does a good job of explaining why that shift makes sense when you look at what's been happening across the business world over the last few years. From there, the conversation moved into identity — not just the username-and-password kind, but the full scope of what "identity" means in a world where your network includes laptops, IoT devices, cloud workloads, software applications, and increasingly, AI agents running on behalf of your employees. If an attacker can own any one of those identities, a lot of your other defenses stop mattering. Companies are bringing in AI tools at a rapid pace, leaning on them to augment their workforce and drive efficiency. That's fine. But what happens when those systems become mission-critical, and someone decides to take them out? Compliance and Security We also got into something I've been saying for years about compliance. Compliance and security aren't the same thing. You can check every box on a framework audit and still get breached — plenty of high-profile companies have proven that. The frameworks have value, but they're a floor, not a ceiling. And too many organizations treat them like the finish line. Will's framing for all of it comes back to defense in depth — a concept he learned early in his career and one that he argues is more relevant now, not less. The attack surface has expanded. The identities have multiplied. The stakes are higher. But the logic of layering your defenses, covering your fundamentals, and not betting everything on any one control? That hasn't changed. The episode is worth your time whether you're a practitioner, a leader trying to make sense of your security investments, or just someone trying to figure out what "cyber resilience" actually means when you strip away the marketing. Hint: it's bigger than cybersecurity.
    Mostra di più Mostra meno
    28 min
adbl_web_anon_alc_button_suppression_t1
Ancora nessuna recensione