Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk’s VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them.

In a bad dream, you open the closet. You think you know exactly what’s in there: a few SSH keys, a bunch of TLS certificates, and some secrets like API keys locked in what you believe to be a safe place. But pull it all out and suddenly you find yourself face-to-face with stacks of forgotten ciphers, drawers stuffed with expired certificates, and algorithms in use you thought teams had left behind in 2011. And that’s just for one application.

The quantum threat isn’t theoretical—it’s operational. Quantum computing is rapidly shifting from research to reality, forcing chief information security officers (CISOs) to rethink cryptography, risk management and long-term data protection. In a previous post, I explained the quantum challenge. Recently, we explored why quantum readiness is not optional. Now, it’s time for action.

For many of us, the term “cloud security breach” conjures meticulous attack plans executed by sophisticated criminal syndicates. But in reality, “attacks” can be far more mundane: maybe some forgotten credentials, a few default permissions, or a user whose cleanup to-do list never got done. At the center of these incidents are standing privileges: long-lived access rights originally granted for legitimate tasks.

Secrets management is a foundational pillar of cloud security. It enables secure storage, rotation, and access control for application secrets. But in Kubernetes environments, secrets don’t just live in vaults; they move, execute, and often proliferate across clusters and containers. Without visibility into how secrets are used at runtime, organizations risk exposing sensitive data without realizing it.

For years, separating day-to-day user activity from administrative tasks through secondary accounts was considered a security best practice. But as identity threats grow more sophisticated and cloud environments become more dynamic, this static model is showing its age. Today, modern identity security demands a shift—one that zero standing privileges (ZSP) are designed to deliver.

Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.

For every enterprise CISO in the world right now, the burning question isn’t about cloud, TPRM, or internal threats. It’s about how to securely and responsibly adopt AI—specifically, agentic AI, the buzziest of today’s AI buzzwords. There’s no shortage of stats on skyrocketing adoption trends. Consider EY’s recent Technology Pulse Poll, which found that half of tech leaders have at least begun deploying agentic AI within their organizations.

‘Plague’ represents a newly identified Linux backdoor that has quietly evaded detection by traditional antivirus solutions for over a year. Its primary mechanism involves operating as a malicious PAM, allowing attackers to silently bypass system authentication and establish persistent SSH access to compromised Linux systems.

As ransomware strains hospital operations and supply‑chain attacks target energy grids, Australia’s public and regulated sectors need proven cyber resilience. At the heart of most breaches lie human error and weak identity controls, making the Infosec Registered Assessors Program (IRAP) assessment program the gold standard for moving sensitive workloads to the cloud.