Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.

The identity is the main attack vector for cybercriminals, with cybercriminals using stolen identity to infiltrate the organization, move laterally and vertically throughout the organization, and extract data, deploy ransomware, establish backdoors, and cause major service disruptions. All with long term impact to organizations.

“The modern ‘software as a service’ (SaaS) delivery model is quietly enabling cyber attackers and—as its adoption grows—is creating a substantial vulnerability that is weakening the global economic system.” These are the words of JPMorgan Chase CISO Patrick Opet in an open letter to third-party suppliers that has gone viral, at least in the cybersecurity world, and sparked a broader conversation about building trust in cyberspace.

The Model Context Protocol (MCP) is an open standard and open-source project from Anthropic that makes it quick and easy for developers to add real-world functionality — like sending emails or querying APIs — directly into large language models (LLMs). Instead of just generating text, LLMs can now interact with tools and services in a seamless, developer-friendly way.

In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.

Have you ever been on a tight deadline, and suddenly, your organization’s core services go dark because a TLS certificate expired without warning? It’s a nightmare scenario no team wants to face. Now, picture this happening eight times more often. Starting in 2029, every public TLS certificate will have a maximum lifespan of just 47 days. Compared to today’s 398-day validity, this represents a seismic shift in digital security practices. And the ripple effects will be hard to ignore.

As 2025 unfolds, U.S. federal agencies are navigating significant operational shifts that are impacting their overarching cybersecurity strategies. Government security leaders have always emphasized stringent cybersecurity practices in the face of dynamic threats.