Beyond Passwords: Passkeys, AI & Identity with Ben Wilcox

Podcast: Play in new window | Download (Duration: 13:04 — 18.0MB)

Subscribe: RSS

Summary

On this episode of Chattinn Cyber, Marc is chattin’ with Ben Wilcox, Chief Technology Officer and Chief Information Security Officer at ProArch. Their chat opens by focusing on high-impact, practical ways organizations can reduce cyber risk. Ben highlights identity as the top priority: his team moved to passkeys to remove passwords and lower the attack surface. He stresses that threat actors increasingly use man-in-the-middle techniques and that AI has accelerated the automation of credential-theft, which makes strengthening identity controls essential.

The chat then moves to AI and data governance. Ben describes rolling out visibility tools to monitor internal AI use — what prompts users run and what data is fed into models — and pairing that with data labeling and classification. He warns organizations to restrict where AI tools are allowed and to implement compensating data controls to prevent accidental or intentional leaks of sensitive information.

Ben cautions that AI and cybersecurity must be adopted in parallel, because AI will reveal existing misconfigurations and permission drift. He gives practical examples (like Copilot showing information a user shouldn’t see because of incorrect permissions) to illustrate how AI surfaces weaknesses in access controls. The takeaway is that AI can be a force-multiplier but also a magnifier of existing security gaps.

On leadership and tradeoffs, Ben explains how combining CTO and CSO responsibilities can be an enabler if balanced correctly. He argues for marrying a product/technology lens with a risk lens, leveraging internal expertise, and making business enablement and security complementary so organizations can move quickly while maintaining the right groundwork.

Finally, Ben addresses translating cyber risk into financial terms for CFOs and boards. He recommends business impact analysis—linking key system outages (e.g., Active Directory) to production downtime costs—to quantify risk and justify security investments. He shares real incident cost ranges (low seven figures to tens of millions in some cases), underscores the role of compensating controls, and concludes with a call to monitor industry trends, assess outage and reputational costs, and prioritize risk reduction.

Key Points

Identity-first approach: move away from passwords (passkeys) and reduce reliance on MFA tokens that can be intercepted or automated by attackers.
AI visibility and data controls: monitor internal AI usage, restrict sites/tools, and enforce labeling/classification to prevent data leakage.
AI exposes existing weaknesses: adopting AI without fixing permission drift and misconfigurations surfaces risks rather than hiding them.
Speed and detection advantage: AI can accelerate detection and response in SOCs—gaining even seconds can materially reduce impact.
Translate risk to business terms: use business impact analysis to quantify downtime costs and build the financial case for security investments and insurance.

Key Quotes

“Last year we took the initiative and we moved to pass keys.”
“AI has sped up that weaponization and being able to turn that around and get those tokens automatically.”
“AI is going to expose the weaknesses that are inherent within your security controls that you already have in place.”
“If we can get even 5 seconds faster or 10 seconds faster or 20 seconds faster, sometimes that makes a difference.”
“And that’s why they should have bought cyber insurance.”

About Our Guest

Ben Wilcox is a seasoned technology leader with over 25 years of experience driving innovation and solving complex business challenges. Serving as both Chief Technology Officer and Chief Information Security Officer at ProArch, Ben combines a forward-looking vision with a hands-on approach to cybersecurity. He is passionate about leveraging technology to accelerate business outcomes while embedding security best practices into organizational culture and operations. Ben’s strategic mindset and dedication to excellence have strengthened ProArch’s resilience and helped protect clients’ data and systems. Outside of work, Ben channels his relentless drive into racing as an instructor and competitor with the Northeast Audi Club, and enjoys gardening, cooking, and spending quality time with his family. As he puts it, “Security isn’t just about defending against threats—it’s about enabling trust, protecting growth, and ensuring every decision we make strengthens the foundation of the business.”

Follow Our Guest

LinkedIn | Website

About Our Host

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

Follow Our Host

Website | LinkedIn

March 10, 2026

Bridging the Cybersecurity Gap: Leadership, AI, and Real-World Strategies for 2026

Podcast: Play in new window | Download (Duration: 12:09 — 16.7MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Mike Armistead, a seasoned cybersecurity expert with over 40 years of experience, including more than 20 years as a vendor in the cybersecurity space. The conversation opens with a discussion about the challenges security leaders face in 2026. Mike highlights the complexity of their role, comparing it to that of a CFO managing financial risk, but notes that cybersecurity leaders often lack the comprehensive management tools that CFOs have. He emphasizes the fragmented nature of cybersecurity tools and the difficulty in stitching together disparate signals to form a coherent security posture.

Mike further explains that the human element is the critical glue in cybersecurity programs. The effectiveness of security teams depends heavily on the leadership and the ability of individuals to contextualize technical signals within the business environment. This need for situational awareness is driving interest in AI technologies, particularly on the defender side, to augment human capabilities and expand the scope and depth of security operations.

The chat then shifts to the role of AI in cybersecurity products. Mike observes that while AI is increasingly integrated into detection tools, the industry has largely shifted focus away from prevention. He advocates for a strategic return to prevention, where AI can play a significant role in helping security leaders develop and implement risk mitigation strategies tailored to their organizations. Mike stresses the importance of a holistic approach that goes beyond real-time detection to include employee training, access control, and disaster recovery.

Addressing the challenges faced by middle-market organizations, Mike points out that these companies are often expected to meet the same cybersecurity standards as large enterprises but with far fewer resources. He advises middle-market CISOs to prioritize protecting their most critical assets—their “crown jewels”—and to have candid conversations with leadership about realistic security goals. This pragmatic approach helps ensure that limited resources are focused on the highest risks rather than attempting to cover every possible threat.

Finally, Mike shares information about a community he helped start called the Security Impact Circle, which focuses on cybersecurity leadership issues such as board engagement. This community facilitates workshops that bring together CSOs and board directors to bridge the communication gap and align security priorities with business needs. Mike encourages listeners to visit securityimpactcircle.org to learn more and get involved.

Five Key Points Covered

Cybersecurity leaders face complex challenges similar to CFOs but lack equivalent management tools.
Human expertise is essential to contextualize technical security signals within the business environment.
AI is increasingly used in detection but should also be leveraged to enhance prevention strategies.
Middle-market organizations must prioritize protecting their most critical assets due to limited resources.
The Security Impact Circle community helps improve communication and alignment between security leaders and boards.

Five Key Quotes from the Conversation

“Security leaders have a tough job… it’s not unlike what a CFO has to think about, right? That risk happens to be financial, and the CISOs really happens to be in cyber.”
“The security teams are really bound by how good not only their leader, but the deputies, the managers, the architects, those individual contributors that really help lead it.”
“I think the opportunity is to swing it back to prevention… AI can really start to help on the prevention strategy side of cybersecurity.”
“Middle-market leaders are expected to do everything that the largest enterprises do, but they don’t have the resources to cover all the ground.”
“We bring in a director from a public company’s audit committee to run workshops… it’s less about what a CSO thinks they should say and more about what the director thinks they need to hear.”

About Our Guest

Mike Armistead brings nearly 40 years of business experience marked by a proven track record of building companies, navigating strategic acquisitions, and leading growth at every stage. As co-founder and CEO of Respond Software, acquired by Mandiant for $200 million, and co-founder of Fortify Software, acquired by HP for $285 million, Mike has played pivotal roles in multiple successful startups, including serving as SVP on the turnaround team at WhoWhere (acquired by Lycos for $133 million) and contributing to Pure Software’s IPO. His post-acquisition leadership includes key roles as VP of Products & UX at Mandiant, Director at Google Cloud, and VP & GM for Fortify and ArcSight business groups at HPE, where he drove significant expansion and over $400 million in revenue impact. Alongside these successes, Mike gained valuable insights from two brief ventures, including leading InLeague through post-9/11 financial challenges and emphasizing product-market fit in another startup. Beginning his career as a Product Manager at HP in the late 1980s, Mike’s multifaceted experience spans diverse industries and company sizes. Today, he remains passionate about building high-performing teams and tackling complex, noble challenges.

Follow Our Guest

About Our Host

Follow Our Host

Website | LinkedIn

February 10, 2026February 9, 2026

Bridging Cybersecurity and Economic Strategy: Insights from Cyber Policy Pioneer Alex Niejelow

Feature image, Alex Niejewlow and Marc Schein chatting

Podcast: Play in new window | Download (Duration: 19:13 — 26.4MB)

Subscribe: RSS

Summary

Today Marc is chattin’ with Alex Niejelow, a respected figure in cybersecurity. The episode opens with Marc highlighting Alex’s unique background growing up in Philly and his diverse career path. Alex shares how his early career as a Durham police officer and later as a lawyer shaped his mindset around public service and supporting people and businesses. He then transitioned into federal and state government roles, including significant positions in the Obama administration and Homeland Security, focusing on trade, customs, and national security issues such as counterfeit semiconductors in supply chains.

They then chat about Alex’s role on the National Security Council, where he worked on the intersection of trade and cybersecurity, a concept that was not widely recognized in the early 2010s but has since become central to government policy. Alex explains his involvement in developing the first-ever cyber sanctions regime, a tool designed to economically disincentivize cybercriminals and nation-states from monetizing stolen intellectual property and trade secrets. This approach was innovative in addressing the asymmetry in cyber threats, where traditional law enforcement and diplomatic tools were insufficient.

The chat then shifts to the challenges Alex faced working across multiple government agencies with differing priorities, which, while complex, ultimately led to better outcomes through collaboration and creative problem-solving. Alex emphasizes the importance of reducing asymmetry in cybersecurity, noting that companies remain vulnerable at their weakest points. He highlights the evolution of the cyber insurance industry, which has become more sophisticated with risk engineers engaging deeply with clients to improve cybersecurity postures and insurance terms.

Alex explains his motivation for founding Hilco Global Cyber Advisors, driven by the need to support middle-market companies that often lack adequate cybersecurity resources despite their sophistication and capital. He critiques the cybersecurity industry’s tendency to self-silo and stresses the importance of aligning cybersecurity solutions with the nature of the products and services businesses provide to increase adoption and effectiveness.

Finally, the chat turns to artificial intelligence (AI) as a major cybersecurity topic in 2025. Alex acknowledges both the threats and opportunities AI presents, noting that threat actors are leveraging AI to scale traditional cyberattacks like phishing. He expresses optimism about the cybersecurity community’s commitment to addressing these challenges and highlights regulatory efforts, such as guidance issued to the insurance industry on AI use in underwriting, to mitigate risks including bias. The episode closes with Alex sharing a personal anecdote from his time at the White House and providing contact information for Hilco Global Cyber Advisors.

Key Points

Alex’s career journey from police officer to cybersecurity expert in public and private sectors
Development of the first-ever cyber sanctions regime to economically deter cybercrime
The importance of collaboration across government agencies to address complex cyber challenges
The evolution and sophistication of the cyber insurance industry in reducing asymmetry
The dual impact of AI on cybersecurity: expanding threats and fostering innovative defenses.

Key Quotes

“The idea that cybersecurity issues and economic issues were actually interconnected was not widely accepted [in 2010]. It was still emerging. Fast forward to today. It is abundantly clear the intersectionality of those issues.”
“Companies are always as weak as their weakest link.”
“If you let the nature of the products and services that are being provided better inform and drive the cybersecurity solutions instead of vice versa, I think there will be a greater adoption.”
“Threat actors are expanding their capacity and capabilities leveraging AI … but it is the speed and scale at which it is becoming exacerbated that I think is most concerning.”

About Our Guest

Alexander Niejelow is Executive Director of Global Cyber Advisors at Hilco Global, bringing deep expertise in cybersecurity, fintech, and digital policy from leadership roles in both the private sector and government. He previously served as Deputy Superintendent for Innovation Policy at the New York Department of Financial Services, leading initiatives on AI and emerging fintech. At Mastercard, he was Senior Vice President for Cybersecurity Coordination and Advocacy, overseeing global cybersecurity and technology policy efforts. Alex also held key government positions, including Director of Cybersecurity Policy at the White House National Security Council and Chief of Staff to the U.S. Intellectual Property Enforcement Coordinator. He began his career as a litigator and holds a JD from the University of Pennsylvania and a BA from Duke University. Alex actively contributes to cybersecurity policy through board roles with the Center for Cybersecurity Policy and Blue Star Families, and has led global coalitions focused on cyber risk reduction and digital protection.

Follow Our Guest

Website | LinkedIn

About Our Host

Follow Our Host

Website | LinkedIn

January 20, 2026February 3, 2026

Context is King: Tailoring Cybersecurity with Courtney Hans

Podcast: Play in new window | Download (Duration: 16:36 — 22.8MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Courtney Hans, a seasoned cyber professional with a unique background. Courtney shares that her path into cybersecurity was nontraditional, having started as a literature major and then spending about a decade as an adventure travel guide. She reflects on how the skills she developed during that time—understanding people’s motivations and goals—have been invaluable in her cybersecurity career, particularly in tailoring security strategies to individual organizational contexts.

Courtney emphasizes that cybersecurity is not a one-size-fits-all problem. She explains how, during her time at a SaaS startup, she prioritized cybersecurity investments based on the company’s specific risks and environment, such as focusing on application security over endpoint detection due to budget constraints and business needs. She stresses the importance of context in determining where organizations should focus their people, processes, and technology investments to have the greatest impact.

The chat then shifts to practical advice on how organizations can begin improving their cybersecurity posture, particularly through tabletop exercises. Courtney encourages organizations to leverage resources from their cyber insurance providers, many of which offer free or low-cost training and virtual tabletop exercises. She advises starting simple—having conversations about incident response plans and ensuring everyone knows their role if a cyber incident occurs.

Courtney also discusses the importance of engaging leadership in cybersecurity exercises. She suggests setting clear expectations, respecting executives’ time, and framing tabletop exercises as safe spaces to practice responses without pressure. She highlights that cyber incidents affect the entire organization, not just IT, and that practice builds muscle memory and helps identify gaps before a real crisis occurs.

Finally, Courtney outlines best practices for following up after tabletop exercises, including documenting observations, assigning responsibilities, and setting deadlines to ensure improvements are made. She acknowledges the discomfort some may feel participating in these exercises but stresses that creating a supportive environment where it’s okay to say “I don’t know” is crucial for identifying and addressing security gaps effectively.

Key Points

1. Nontraditional Path to Cybersecurity: Courtney’s background in literature and adventure travel shaped her people skills, which are critical in cybersecurity for understanding motivations and tailoring solutions.

2. Context is King: Cybersecurity solutions must be customized to an organization’s specific risks, environment, and priorities rather than applying generic controls.

3. Value of Tabletop Exercises: These exercises are essential for preparing organizations to respond to cyber incidents, helping build muscle memory and identify gaps in a safe environment.

4. Leveraging Cyber Insurance Resources: Many cyber insurance providers offer free or low-cost resources, including virtual tabletop exercises, which organizations should utilize.

5. Leadership Engagement and Follow-Up:Successful cybersecurity preparedness requires executive buy-in, clear expectations, and diligent follow-up with assigned responsibilities to ensure continuous improvement.

Key Quotes

1. “Context is king… each of our clients, in the insurance space, are different. What their risks are, what their environment looks like, dictates where their investments will have outsized impact.”

2. “Practice builds muscle memory, practice builds an awareness of where the gaps are, and always better to identify the gaps in a safe environment versus a real environment.”

3. “Plans are useless, but planning is indispensable.” — Dwight Eisenhower, quoted by Courtney.

4. “If you see something, say something… make sure people feel comfortable bringing those concerns to light.”

5. “It’s absolutely okay, maybe desirable, to say ‘I don’t know that yet’ because that’s what we’re here to figure out—where our gaps are.”

About Our Guest

Currently the Vice President of Cyber Services for AmTrustCyber, Courtney Hans brings a variety of experience into her work. In her early career, Courtney was an adventure travel guide with a short window to make a strong impression. Curiosity became her superpower as she learned how to uncover the inner motivations of diverse groups of guests. Guiding, just like cybersecurity, requires agility and a cool head during a crisis. Formerly the Head of Security and IT for a growing SaaS startup, Courtney joined AmTrust to help to reduce risk and deepen the relationship between carrier and insured.

Follow Our Guest

Website | LinkedIn

About Our Host

Follow Our Host

Website | LinkedIn

December 18, 2025February 3, 2026

Unveiling the Dark Web: Cyber Threat Intelligence and Forensics with Alyssa Lisiewski

Podcast: Play in new window | Download (Duration: 11:50 — 16.3MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc is chattin’ with Alyssa Lisiewski, Managing Director at Ankura and one of the best known and respected cybersecurity experts in the country. The conversation begins with Alyssa sharing her early introduction to technology, influenced by her father who taught her to take apart and reassemble computers from a young age. Initially interested in forensic crime scene investigations, Alyssa shifted her focus to cybersecurity due to her father’s encouragement and foresight about the field’s growth. She started her career as an intern in diplomatic security’s computer investigations and forensics unit, then pursued a master’s degree while working as a government contractor, honing her skills in cybersecurity and high-tech crime investigations.

Alyssa’s career progressed into the intelligence community, where she specialized in digital forensics from an intelligence perspective, which differed from traditional digital forensics. She later worked at the Department of Defense Cyber Crime Center in Maryland, conducting forensic examinations and testifying in court cases. Transitioning to the private sector, Alyssa led a digital forensics team at a major financial company focusing on insider threats before joining Anchor, where she combines her cyber threat and forensic expertise.

The discussion then shifts to clarifying common internet terminology: the surface web, deep web, and dark web. Alyssa explains that the surface web is the small portion of the internet most people use daily, such as Google and social media. The deep web contains more anonymous and legal content like academic and medical documents, while the dark web is accessed via Tor and is often associated with illicit activities but also hosts legitimate anonymous communications.

Alyssa emphasizes the importance of proactive dark web monitoring for businesses. Beyond just detecting if stolen data is posted, monitoring can reveal chatter among threat actors about industries or competitors, enabling companies to anticipate and mitigate attacks. She shares a real-life example where her team identified a threat actor group’s tactics early, allowing a client to detect an intrusion that had gone unnoticed for a month, demonstrating the value of threat intelligence in incident response.

Finally, Marc and Alyssa chat about the benefits and challenges of incorporating dark web analysis into post-incident investigations. While it can clarify the true impact of a breach and assist in legal mediation, there are limitations due to the trustworthiness of data posted by criminals. Her team validates findings through metadata analysis and breach research. The episode closes with Alyssa inviting listeners to connect with her via email or LinkedIn for further discussion, highlighting her openness to sharing knowledge and engaging with the cybersecurity community.

Key Points

Alyssa’s Journey: Alyssa’s early exposure to technology and career path from forensic interests to cybersecurity and digital forensics.
Web Infrastructure: Explanation of the surface web, deep web, and dark web, including their differences and common misconceptions.
Threat Detection: The strategic value of proactive dark web monitoring for businesses to detect threats and industry chatter before breaches occur.
A real-world example of how threat intelligence helped identify a threat actor’s tactics and detect a breach earlier than usual.
The role of dark web analysis in post-incident investigations, including its benefits, limitations, and methods to validate data.

Key Quotes

“When I was four, my dad taught me how to take apart a computer and put it back together… he made sure I was learning about it from a very young age.”
“The surface web is really only 4 or 5% of the web. The majority of the web is the deep web and the dark web.”
“If you’re not monitoring proactively the dark web, chances are the first time you’re looking at the dark web is after that breach.”
“We knew … the threat actor group… and because of that, we were able to identify the actual true start of the incident, about a month prior to the update we were working on.”
“There are going to be situations where we may not be able to identify if data is out there, or we may identify it but not give any context… that’s why we do other things to try to validate it.”

About Our Guest

Alyssa Lisiewski is a Managing Director at Ankura in Washington, DC, bringing over 14 years of specialized experience in digital forensics, cybersecurity, and insider threat investigations. She has a proven track record of leading and conducting complex cyber investigations that protect critical digital assets across diverse industries including government, financial services, and legal sectors. Alyssa is highly skilled in operating within digital forensic lab environments, adhering to industry standards for evidence handling, and analyzing electronically stored information. She has been qualified as an expert witness in federal and military courts and has played key roles in program leadership, strategic service development, and partner engagement, driving innovation and excellence in cyber risk management.

Follow Our Guest

Website | LinkedIn

About Our Host

Follow Our Host

Website | LinkedIn

November 17, 2025February 3, 2026

AI Unmasked: Navigating Legal Risks and Realities with Cyber Attorney Ryan Steidl

Podcast: Play in new window | Download (Duration: 28:54 — 39.7MB)

Subscribe: RSS

Summary

In this insightful episode of the Chattinn Cyber podcast, host Marc Schein is chattin’with Ryan Steidl, a leading privacy and artificial intelligence attorney, to explore the evolving landscape of AI from a legal and cybersecurity perspective. Ryan shares his journey from Maryland to becoming a respected figure in data privacy and AI law, highlighting the influence of pioneering professors and his early work at Under Armour. He frames AI as an evolutionary technology that builds on existing data privacy and security issues but introduces new complexities due to limited human intervention in its processes.

Their chat delves into the current regulatory environment surrounding AI in the United States, which Ryan describes as a patchwork of state laws with no comprehensive federal framework yet in place. He discusses the recent veto of Virginia’s AI bill and the ongoing debate over a proposed federal moratorium on state AI legislation, emphasizing the tension between innovation and safety. Ryan also notes the role of federal agencies like the FTC and EEOC in shaping AI policy and how shifts in administration priorities—from safety to innovation—impact regulatory approaches.

Ryan advises business leaders to focus on the purpose behind AI adoption, urging them to carefully assess use cases, data needs, and risk tolerance before allowing AI tools in their organizations. He stresses the importance of governance, recommending cross-functional oversight teams and clear ownership at multiple levels—from enterprise governance to tool implementation and output accountability. He also highlights the necessity of rigorous vetting and ongoing risk assessments to manage AI-related risks effectively.

The chat further clarifies the distinctions between open-source AI models, public tools like ChatGPT, and private sandbox environments. Ryan warns against indiscriminate use of public AI models with sensitive data and advocates for controlled environments that offer greater security and customization. He also touches on emerging trends like synthetic data and regulatory sandboxes, which balance innovation with risk mitigation, citing Utah’s AI lab as a pioneering example.

Concluding on the topic of AI’s impact on cyber risk, Ryan offers a nuanced view: AI can both help manage and exacerbate cyber risks depending on how it is used. He underscores the increasing complexity AI introduces and the critical role of human oversight in accountability and enforcement. Ryan predicts that insurers will push organizations toward proactive risk management rather than reactive responses, emphasizing the need for continuous monitoring and anticipation of AI-related pitfalls. He closes by inviting listeners to access further resources and contact his team for guidance.

Key Points

AI as an Evolutionary Technology: AI builds on existing data privacy and security frameworks but introduces new challenges due to limited human intervention in its processes.
Fragmented AI Regulation: The U.S. currently has a patchwork of state-level AI laws with no comprehensive federal legislation, complicated by political debates such as the proposed moratorium on state AI laws.
Governance and Ownership: Effective AI adoption requires clear governance structures, cross-functional oversight, and defined ownership at multiple organizational levels.
Risk Assessment and Documentation: Organizations must implement thorough vetting processes, conduct ongoing risk assessments, and maintain detailed documentation to demonstrate accountability and compliance.
Safe AI Adoption Practices: Businesses should avoid using public AI models with sensitive data, favor sandbox or private instances, and consider synthetic data to mitigate privacy and compliance risks.

Key Quotes

“AI is more evolutionary than revolutionary, at least. It builds on a lot of topics that we’re pretty familiar with, especially in cybersecurity.”
“AI’s processing with limited human intervention heightens potential risk, so we have to dive deep into how we approach, analyze, control, and comply with it.”
“The current AI regulatory landscape in the U.S. is a patchwork, with states like California, Utah, and Colorado leading, but no comprehensive federal law yet.”
“Purpose, purpose, purpose — understanding why you’re using AI and what problem you’re solving is the foundation for managing risk.”
“Humans will need to be involved in AI no matter how much intervention happens … Insurers will demand organizations be proactive, not reactive, in managing AI risks.”

About Our Guest

Ryan Steidl, based in Seattle, Washington, is a member of Constangy’s Cyber Team and part of its compliance advisory group, where he provides strategic guidance on navigating complex data privacy and cybersecurity laws. He advises clients on compliance with diverse state, federal, and international privacy regulations, helping them develop business-focused data protection strategies that minimize legal risk and align with operational goals. Prior to joining Constangy, Ryan spent eight years at Grant Thornton as a founding member of their Cyber Practice and Senior Manager of the Privacy & Data Protection team, leading regulatory risk assessments, privacy program development, and compliance advisory for a broad range of clients including Fortune 500 companies, multinationals, private equity firms, and startups.

Follow Our Guest

Website | LinkedIn

About Our Host

Follow Our Host

Website | LinkedIn

September 23, 2025February 3, 2026

Inside the Mind of a Cyber Sleuth: Digital Forensics, Insider Threats, and the Future of Cybersecurity with Devon Ackerman

Still shot of Devon Ackerman and Marc Schein

Podcast: Play in new window | Download (Duration: 32:25 — 44.5MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Devon Ackerman, a highly respected figure in the digital forensics and incident response (DFIR) community. Devon shares his background, starting from his upbringing in upstate New York, moving to Georgia, and how a chance encounter with an article about digital forensics at Champlain College sparked his interest in the field. He explains his early career in IT and web design during the dot-com boom, and how his curiosity and passion for troubleshooting led him to pursue digital forensics as a career.

Devon elaborates on the core concepts of digital forensics and incident response, describing digital forensics as the scientific discipline of preserving, validating, and interpreting digital data, often for legal purposes. Incident response builds on this foundation by focusing on reacting to cyber incidents, preserving evidence, and supporting organizations during and after attacks. He recounts his FBI career, highlighting a significant case involving espionage where a trusted insider stole sensitive data for a foreign government, demonstrating the real-world impact and importance of DFIR work.

The conversation shifts to emerging cyber threats and the evolving landscape of cyber risk. Devon emphasizes that threat actors are highly motivated, whether financially or politically, and continuously adapt to stay ahead of defenders. He discusses the widespread availability of offensive cyber capabilities among nation-states and criminal groups, and how geopolitical tensions can influence cyber activity. The discussion also touches on the role of AI in cybersecurity, acknowledging its potential benefits but warning about risks related to rapid adoption without adequate security controls.

Devon addresses the insider threat, distinguishing between malicious insiders and those who pose risks unintentionally through mistakes or misconfigurations. He stresses that human factors remain a critical vulnerability in cybersecurity, as trusted employees can inadvertently expose sensitive data. He offers advice for newcomers to the DFIR field, encouraging a mindset of continuous learning, experimentation, and resilience in the face of failure, noting the complexity and ever-changing nature of digital forensics.

Finally, Devon describes his current role at Cybereason, a cybersecurity company known for its endpoint detection and response technology. He explains how Cybereason has expanded its services to include both proactive advisory and reactive incident response capabilities, supporting clients globally across the entire cyber risk lifecycle. He provides contact information for listeners interested in learning more or engaging their services, and the episode concludes with Marc thanking Devon for sharing his insights and experiences.

Key Points

1. Career Path to Digital Forensics: Devon’s journey from IT and web design to becoming a leading expert in digital forensics and incident response, sparked by early exposure to the field and a passion for troubleshooting.

2. Definition and Scope of DFIR: Explanation of digital forensics as a scientific discipline and incident response as the reactive process to cyber incidents, including their importance in legal and investigative contexts.

3. Notable FBI Case: A detailed recount of a high-profile espionage investigation involving insider theft of sensitive data, illustrating the practical application and impact of DFIR work.

4. Evolving Cyber Threat Landscape: Discussion on the motivations and capabilities of threat actors, the proliferation of offensive cyber tools among nation-states and criminals, and the influence of geopolitical factors.

5. Insider Threat and Human Factor: Insight into insider threats, both malicious and accidental, emphasizing the ongoing risk posed by human error and the need for vigilance and security awareness.

Key Quotes

1. “Digital forensics is the scientific discipline by which we investigate digital information or digital data… It’s the basis for incident response and legal interpretation.”

2. “The insider threat isn’t always malicious; sometimes it’s a trusted employee making a mistake that inadvertently exposes sensitive data.”

3. “Threat actors are incentivized, whether financially or politically, and they continuously adapt to stay ahead of defenders.”

4. “AI is a buzzword and a powerful tool, but rapid adoption without security safeguards can lead to data spillage and new risks.”

5. “For those entering the field, be hungry to learn, be ready to fail, and understand that digital forensics is a never-ending journey of discovery.”

About Our Guest

Devon Ackerman is a highly respected expert in digital forensics and incident response (DFIR), known for leading the DFIR Definitive Compendium Project and bringing extensive experience from his tenure as a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner with the FBI. During his FBI career, he oversaw and coordinated digital forensic operations nationwide, handling critical cases involving domestic terrorism, mass shootings, and large-scale electronic evidence collection. Devon has also contributed significantly to the field by co-authoring FBI training curricula, developing forensic tools, and providing expert testimony in federal and state courts. Beyond his public service, he has been recognized as Digital Forensic Investigator of the Year, spoken at major industry conferences, and shared his expertise through media appearances and publications. Prior to the FBI, Devon ran a technical services firm supporting small and medium businesses, underscoring his broad technical and investigative background.

Follow Our Guest

Website | LinkedIn

About Our Host

Follow Our Host

Website | LinkedIn

August 13, 2025February 3, 2026

Legal Insights on AI: Protecting Privacy in a Data-Driven World with Colleen García

Podcast: Play in new window | Download (Duration: 10:59 — 15.1MB)

Subscribe: RSS

Summary

In this episode, Marc is chattin’ with Colleen García, a seasoned privacy attorney. The conversation begins with an introduction to Colleen’s extensive background in cybersecurity law, including her experience working with the U.S. government before transitioning to the private sector. This sets the stage for a deep dive into the complex relationship between data privacy and artificial intelligence (AI), highlighting the importance of understanding legal and ethical considerations as AI technology continues to evolve rapidly.

The core of the discussion centers on how AI models are trained on vast amounts of data, often containing personal identifiable information (PII). Colleen emphasizes that respecting individuals’ data privacy rights is crucial, especially when it comes to obtaining proper consent for the use of their data in AI systems. She points out that while AI offers many benefits, it also raises significant concerns about data misuse, leakage, and the potential for infringing on privacy rights, which companies must carefully navigate to avoid legal and reputational risks.

Colleen elaborates on the current legal landscape, noting that existing data privacy laws—such as those in the U.S., the European Union, Canada, and Singapore—are being adapted to address AI-specific issues. She mentions upcoming regulations like the EU AI Act and highlights the role of the Federal Trade Commission (FTC) in enforcing transparency and honesty in AI disclosures. Although some laws do not explicitly mention AI, their principles are increasingly being applied to regulate AI development and deployment, emphasizing the need for companies to stay compliant and transparent.

The conversation then expands to a global perspective, with Colleen discussing how different countries are approaching the intersection of data privacy and AI. She notes that international efforts are underway to develop legal frameworks that address the unique challenges posed by AI, reflecting a broader recognition that AI regulation is a worldwide concern. This global outlook underscores the importance for companies operating across borders to stay informed about evolving legal standards and best practices.

In closing, Colleen offers practical advice for businesses seeking to responsibly implement AI. She stresses the importance of building AI systems on a strong foundation of data privacy, including thorough vetting of training data and transparency with users. She predicts that future legislative efforts may lead to more state-level AI laws and possibly a comprehensive federal framework, although the current landscape remains fragmented. The podcast concludes with Colleen inviting listeners to connect with her for further discussion, emphasizing the need for proactive, thoughtful approaches to AI and data privacy in the evolving legal environment.

Key Points

The Relationship Between Data Privacy and AI: The discussion emphasizes how AI models are trained on data that often includes personal identifiable information (PII), highlighting the importance of respecting privacy rights and obtaining proper consent.
Legal Risks and Challenges in AI and Data Privacy: Colleen outlines potential risks such as data leakage, misuse, and the complexities of ensuring compliance with existing privacy laws when deploying AI systems.
Current and Emerging Data Privacy Laws: The conversation covers how existing laws (like those from the U.S., EU, Canada, and Singapore) are being adapted to regulate AI, along with upcoming regulations such as the EU AI Act and the role of agencies like the FTC.
International Perspectives on AI and Data Privacy: The interview highlights how different countries are approaching AI regulation, emphasizing that this is a global issue with ongoing legislative developments worldwide.
Practical Advice for Responsible AI Deployment: Colleen offers guidance for companies to build AI systems on a strong data privacy foundation, including vetting training data, ensuring transparency, and staying proactive in legal compliance as the regulatory landscape evolves.

Key Quotes

“AI models are built, trained, and built on data. They are as good as the data we put in.”
“Data privacy concerns arise when personal data, or PII, is used to design, develop, and train those AI models.”
“Existing laws being applied to data privacy are often being used in new ways to address AI, such as the FTC’s focus on transparency and honest disclosures.”
“Designing AI with privacy-enhancing techniques, like differential privacy or federated learning, can help protect individual data.”
“Companies should build AI on a strong data privacy framework rather than trying to do it in reverse.”

About Our Guest

Colleen García is Of Counsel at Tannenbaum Helpern’s Cybersecurity & Data Privacy practice, advising clients on legal and regulatory compliance, drafting and negotiating technology agreements, privacy policies, and terms of use. She is certified as CIPP/US and AIGP by the IAPP. Her practice encompasses the entire cybersecurity lifecycle, including incident response, breach plans, cybersecurity insurance, and training, as well as supporting M&A transactions with data privacy reviews. Colleen’s clients span industries such as technology, healthcare, transportation, real estate, and insurance, including security firms and data brokers. Prior to joining Tannenbaum Helpern, she served as Director for Cybersecurity Policy at the NSC, Attorney Advisor at the DOJ, and Assistant U.S. Attorney in Virginia. She was also a founding partner of Fractional GCs PLLC and is an Adjunct Professor at The LBJ School of Public Affairs in Austin, Texas.

Follow Our Guest

LinkedIn | Tannenbaum Helpern

About Our Host

Follow Our Host

Website | LinkedIn

May 28, 2025February 3, 2026

Point. Click. Hack: Snehal Antani on the Future of Autonomous Cybersecurity

Podcast: Play in new window | Download (Duration: 23:33 — 32.4MB)

Subscribe: RSS

Summary

In this insightful episode, Marc Schein interviews Snehal Antani, the CEO and co-founder of Horizon3.ai, about his entrepreneurial journey, the evolution of his company, and the future of cybersecurity. Snehal shares how Horizon3.ai grew from a handful of engineers working in a basement to a cutting-edge firm revolutionizing autonomous penetration testing. He walks listeners through the different startup phases, emphasizing how critical it is to develop a repeatable sales process, retain customers, and build operational excellence at scale.

Snehal discusses the complex challenge of preserving organizational culture during rapid growth, highlighting mistakes made during their first hyper-growth phase and the importance of investing in strong, well-indoctrinated management. He explains how a thoughtful approach to onboarding managers as cultural ambassadors ultimately led to a more stable, scalable team.

He offers a candid perspective on venture funding—detailing both the pitfalls of dealing with inexperienced investors and the value of bringing on seasoned operators as board mentors. Snehal uses his experience with crises, including the collapse of Silicon Valley Bank and the loss of his father, to underline the importance of developing “muscle memory” within leadership teams. He compares this to special operations units, where preparation and planning allow for excellence under pressure.

The episode shifts into technical terrain with a compelling explanation of autonomous penetration testing. Snehal shares how Horizon3.ai developed a system capable of autonomously discovering vulnerabilities and compromising environments without human input—essentially transforming cyber warfare into an algorithmic domain. He compares pen testing to chess, where well-defined opening and closing moves are followed by dynamic midgames.

Finally, Snehal forecasts a future in which cyberattacks will be AI-powered and nearly instantaneous. He warns that most current defensive tools are designed for human-centered responses, which will soon be obsolete. As evidence, he cites Horizon3.ai’s autonomous agent compromising a bank in under five minutes—twice as fast as the previous year. He predicts the first deepseek-enabled cyberattack within 90 days, calling it a wake-up call for the industry.

Key Points

Startup Phases: Snehal outlines the four key startup phases: building value, repeatable sales, scaling operations, and achieving operational excellence.
Culture During Hypergrowth: The key to scaling culture is hiring the right management and giving them time to assimilate before they scale their teams.
Autonomous Pen Testing: Horizon3.ai’s agent can autonomously discover and exploit vulnerabilities without human involvement.
Crisis Leadership: True leadership is tested during crises; muscle memory and planning are essential for executive teams.
AI-Powered Cyber Threats: Snehal predicts that the next wave of cyberattacks will be powered by open-weight AI models capable of adaptive exploitation.

Key Quotes

“You want to build that muscle memory as a CEO as early as possible… so you can stack excellence upon excellence.”
“PowerPoint is cheap. YouTube videos are cheap. Let our results do the talking.”
“My primary competitor is mediocre consultants.”
“Every defensive tool in the market today is designed for humans at the center—and every one of them will be rendered obsolete.”
“The future of cyber warfare will be algorithms versus algorithms, and humans by exception.”

About Our Guest

Snehal Antani is the CEO and co-founder of Horizon3.ai, a pioneering cybersecurity company that leverages artificial intelligence to autonomously conduct penetration testing. Before founding Horizon3, Snehal served as the first Chief Technology Officer for the Joint Special Operations Command (JSOC), where he was instrumental in leading initiatives in data analytics, cloud/edge computing, and cybersecurity as part of the Commander’s executive team. His extensive experience also includes roles as CTO and Senior Vice President at Splunk, multiple CIO positions at GE Capital, and starting his career as a Software Engineer at IBM. Snehal holds a Master’s in Computer Science from Rensselaer Polytechnic University and a Bachelor’s in Computer Science from Purdue University, where he was recognized as their 2023 Distinguished Alumni. With 18 patents to his name, he is driven by a purpose to solve meaningful problems, create significant impact, and foster a culture of continuous learning. His leadership principles emphasize servant leadership, prioritizing business needs over political popularity, and letting results speak for themselves.

Follow Our Guest

LinkedIn | Horizon3.ai

About Our Host

Follow Our Host

Website | LinkedIn

May 6, 2025February 3, 2026

Beyond MFA: How Deepfakes Are Hacking Humans

Podcast: Play in new window | Download (Duration: 12:10 — 16.7MB)

Subscribe: RSS

Summary

On this episode of Chattinn Cyber, Marc is chattin’ with Aaron Painter, a seasoned enterprise tech executive with years at Microsoft and experience leading operations in China and the UK, shares the origin story of his company, Nametag. After observing the rise in identity theft among friends and family, Aaron was struck by how outdated and vulnerable identity verification processes had become—especially the ease with which attackers could answer common security questions using publicly available data.

The conversation turns to the evolution of cyber threats, particularly social engineering and deepfake-enabled attacks. Painter outlines a disturbing trend where attackers bypass even sophisticated technological protections like multi-factor authentication (MFA) by exploiting weak points in human processes, such as IT help desks. One example he highlights is the MGM breach, where a phone-based social engineering tactic led to significant damage.

Painter emphasizes that many organizations’ defenses rely on trust in video verification—such as Zoom or Teams calls—but that these platforms are now susceptible to real-time deepfake emulation. Attackers can impersonate employees or candidates using advanced visual spoofing tools, bypassing traditional verification methods and gaining access to critical systems.

To address these vulnerabilities, Nametag offers a mobile-first identity verification solution that leverages smartphone cryptography and biometric tools to take three-dimensional selfies and securely scan IDs. This process ensures stronger identity proofing, even under conditions that would normally be vulnerable to deepfake deception or impersonation.

The episode concludes with Painter warning HR professionals about the increasing threat of hiring fraud—where bad actors impersonate real candidates using deepfakes. He advises that companies don’t need to replace existing systems like Workday or Okta but should instead implement layered solutions that complement current infrastructure and close critical security gaps.

Key Points

Cybersecurity Gaps Are Human, Not Just Technical: Despite widespread use of MFA, social engineering attacks targeting help desk personnel remain a primary threat vector.
Deepfakes Are Evolving Rapidly: Attackers increasingly use deepfake technologies to impersonate employees or job applicants on video calls, rendering basic visual verification untrustworthy.
Nametag’s Mobile-First Approach: Nametag strengthens identity verification by using mobile devices’ cryptographic and biometric capabilities to combat real-time deepfake impersonation.
Hiring Fraud Is a Growing Threat: Criminals, sometimes state-sponsored, use deepfake tools to impersonate legitimate job candidates, gain access to internal systems, and cause serious security breaches.
Enterprise Integration Over Replacement: Painter advocates for bolting on new security layers rather than replacing entire systems—filling in gaps while preserving operational continuity.

Key Quotes

“All you have to do is call and pretend to be the account holder and say you were locked out. Then there’s a clear vulnerability. And that vulnerability is a social one or human one.”
“The platforms weren’t really built to prevent against deepfakes… You’ve got that person showing up completely different on the video call.”
“95% of the background check providers do it with a Social Security number and no identity verification.”
“We invented the same concept of scan your ID and take a selfie—but we do it exclusively on mobile.”
“I knew identity verification was a hot area. I had no idea it would be this hot.”

About Our Guest

Aaron Painter is the visionary CEO of Nametag Inc., the pioneering identity verification platform dedicated to protecting users from impersonators and AI-generated deepfakes. With a mission to enhance online authenticity and foster trusted relationships, Nametag has emerged as the go-to solution for leading companies aiming to combat fraud and streamline account security. Aaron’s commitment to user-centered security is deeply personal, stemming from his own experiences with online fraud and identity theft, which inspired him to assemble a team of security experts to revolutionize account protection. A global leader with a rich background, Aaron has lived and worked across six countries on four continents, and he is the author of the best-selling book *LOYAL*, where he emphasizes the importance of cultivating a culture of listening in leadership. His impressive career includes serving as CEO of Cloudreach, a top multi-cloud solutions provider, and holding various leadership roles at Microsoft. A Fellow at the Royal Society of Arts and a member of the Forbes Business Council, Aaron is also a sought-after speaker and advisor, known for his ability to blend international practices with local insights to build innovative, high-performing teams.