In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.

At the heart of the discussion is the question: Can my AI be hacked? Peter’s answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we’ve seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.

Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.

A key takeaway is that the issue isn’t just technical. Many organizations are integrating AI capabilities without understanding what they’re introducing. As Peter puts it, “You’re plugging in software filled with features you don’t need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.

Peter’s upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you’re in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.

___________

Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Peter’s Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.html

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, peter garraghan, ai, cybersecurity, software, risk, threat, prompt, injection, infosecurity europe, event coverage, on location, conference

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.

The Power of the Crowd: Community, Policy, and Lifelong Learning

This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.

Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics

Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.

Maximizing the Experience: Prep, Participate, and Party

From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.

The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.

___________

Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference

At RSAC Conference 2025, the conversation with Rob Allen, Chief Product Officer at ThreatLocker, centered on something deceptively simple: making cybersecurity effective by making it manageable.

During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught people’s attention, though, wasn’t the booth layout—it was a live demonstration of a PowerShell-based attack using a rubber ducky device. It visually captured how traditional tools often miss malicious scripts and how ThreatLocker’s controls shut it down immediately. That kind of simplicity, Rob explains, is the real differentiator.

Zero Trust Is a Journey—But It Doesn’t Have to Be Complicated

One key message Rob emphasizes is that true security doesn’t come from piling on more tools. Too many organizations rely on overlapping detection and response solutions, which leads to confusion and technical debt. “If you have five different jackets and they’re all winter coats, you’re not prepared for summer,” Sean Martin jokes, reinforcing Rob’s point that layers should be distinct, not redundant.

ThreatLocker’s approach simplifies Zero Trust by focusing on proactive control—limiting what can execute or communicate in the first place. Rob also points to the importance of vendor consolidation—not just from a purchasing standpoint but from an operational one. With ThreatLocker, multiple security capabilities are built natively into a single platform with one agent and one portal, avoiding the chaos of disjointed systems.

From Technical Wins to Human Connections

The conversation wraps with a reminder that cybersecurity isn’t just about tools—it’s about the people and community that make the work worthwhile. Rob, Marco Ciappelli, and Sean Martin reflect on their shared experiences around the event and even the lessons learned over a slice of Detroit-style pizza. While the crust may have been debatable, the camaraderie and commitment to doing security better were not.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

⸻

Guest:

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, threat prevention, powerShell, vendor consolidation, rsac2025, endpoint security, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

At RSAC 2025, the most urgent signals weren’t necessarily the loudest. As ISACA board member and cybersecurity veteran Rob Clyde joins Sean Martin and Marco Ciappelli for a post-conference recap, it’s clear that conversations about the future of the profession—and its people—mattered just as much as discussions on AI and cryptography.

More Than a Job: Why Community Matters

Rob Clyde shares his long-standing involvement with ISACA and reflects on the powerful role that professional associations play in cybersecurity careers. It’s not just about certifications—though Clyde notes that employers often value them more than degrees—it’s also about community, mentorship, and mutual support. When asked how many people landed a job because of someone in their local ISACA chapter, half the room raised their hands. That kind of connection is difficult to overstate.

Clyde urges cybersecurity professionals to look beyond their company roles and invest in something that gives back—whether through volunteering, speaking, or simply showing up. “It’s your career,” he says. “Take back control.”

Facing Burnout and Legal Risk Head-On

The group also addresses a growing issue: burnout. ISACA’s latest research shows 66% of cybersecurity professionals are feeling more burned out than last year. For CISOs in particular, that pressure is compounded by personal liability—as in the case of former SolarWinds CISO Tim Brown being sued by the SEC. Clyde warns that such actions have a chilling effect, discouraging internal risk discussions and openness.

To counteract that, he emphasizes the need for continuous learning and peer support as a defense, not only against burnout, but also isolation and fear.

The Silent Threat of Quantum

While AI dominated RSAC’s headlines, Clyde raises a quieter but equally pressing concern: quantum computing. ISACA chose to focus its latest poll on this topic, revealing a significant gap between awareness and action. Despite widespread recognition that a breakthrough could “break the internet,” only 5% of respondents are taking proactive steps. Clyde sees this as a wake-up call. “The algorithms exist. Q Day is coming. We just don’t know when.”

From mental health to quantum readiness, this conversation makes it clear: cybersecurity isn’t just a technology issue—it’s a people issue. Listen to the full episode to hear what else we’re missing.

Learn more about ISACA: https://itspm.ag/isaca-96808

⸻

Guest:

Rob Clyde, Board Director, Chair, Past Chair of the Board Directors at ISACA | https://www.linkedin.com/in/robclyde/

Resources

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Stay tuned for an upcoming ITSPmagazine Webinar with ISACA: https://www.itspmagazine.com/webinars

ISACA Quantum Pulse Poll 2025 and related resources: https://www.isaca.org/quantum-pulse-poll

ISACA State of Cybersecurity 2024 survey report: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob clyde, rsac2025, burnout, quantum, cryptography, certification, isaca, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.

Not All AI Is Created Equal: The Archer Approach

RSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn’t about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.

Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.

From Policy Generation to Risk Narratives

One of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.

AI with a Human Touch

As Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.

What’s Next in Risk? Better Conversations

Looking ahead, Schlarman sees a shift from “no, we can’t” to “yes, and here’s how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.

From regulatory change to real-time translation of risk data, this is where tech meets trust.

⸻

Guest:

Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Small and medium-sized enterprises (SMEs) continue to be at a disadvantage when it comes to cybersecurity—not because the risks are unclear, but because the means to address them remain out of reach for many. In this episode, Professor Steven Furnell of the University of Nottingham highlights the real barriers SMEs face and shares the thinking behind a new approach: creating cybersecurity communities of support.

The research behind this project, supported by the University and its partners, explores how different types of SMEs—micro, small, and medium-sized—struggle with limited time, budget, and expertise. Many rely on third-party service providers, but often don’t have enough cybersecurity knowledge to evaluate what “good” looks like. It’s not just a resource problem—it’s a visibility and literacy problem.

Furnell emphasizes the potential of automation to lift some of the burden, from automated updates to scheduled malware scans. But he also makes it clear that automated tools can’t fully replace the need for human judgment, especially in scenarios like phishing or social engineering attacks. People still need cybersecurity literacy to recognize and resist threats.

That’s where the idea of communities of support comes in. Rather than each SME navigating cybersecurity alone, the goal is to create local or sector-based communities where businesses and cybersecurity practitioners can engage in open, non-commercial conversations. These communities would offer SMEs a space to ask questions, share challenges, and exchange practical advice—without pressure, cost, or fear of judgment.

The initiative isn’t about replacing regulation or mandating compliance. It’s about raising the baseline first. Communities of support can serve as a step toward greater awareness and capability—something that’s especially critical in a world where supply chains are interconnected, and security failures in one small link can ripple outward.

The message is clear: cybersecurity isn’t just a technical issue—it’s a social one. And it starts by creating room for dialogue, connection, and shared responsibility. Want to know what this model could look like in your community? Tune in to find out.

__________________________________

Guest:
Steven Furnell | Professor of Cyber Security at University of Nottingham
https://www.linkedin.com/in/stevenfurnell/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

____________________________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us