Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why doesn't point-in-time compliance work? #cybersecurity #compliance #podcast

Nov 26, 2025 By LimaCharlie In LimaCharlie
PCI compliance has never been about passing a single audit and forgetting about it until next year. In our recent PCI DSS 4.0 session, author Branden R. Williams explained why point-in-time assessments create a false sense of security. Passing a compliance report doesn't mean you'll still be compliant two days later if something changes. Configuration drift happens. Systems change. Sometimes it's accidental. Other times, organizations deliberately configure things to pass an assessment, then revert to their old ways afterward.
View Video

AI hype & the future of SecOps, what's changed in 30 years? With Erik Bloch from Illumio [271]

Nov 26, 2025 By LimaCharlie In LimaCharlie
On this episode of The Cybersecurity Defenders Podcast we speak with Erik Bloch, VP of Security at Illumio, about better tools to combat burnout rate and discuss the reality of AI in security. Erik Bloch has 30+ years of information and cyber security experience, both as an IC and as a leader of teams. “People first” has always been his approach. He has led entire security and IT functions at smaller companies, and been the CISOs leading big teams at larger orgs.
View Video
Snyk

Snyk Log Sniffer: AI-Powered Audit Log Insights for Security Leaders

Nov 26, 2025 By Liran Tal In Snyk
Snyk empowers organizations to build fast and stay secure. As security and engineering teams scale their use of Snyk across the enterprise, understanding what's happening across your group and organizations becomes critical–from API integrations and user access patterns to policy changes and security events. However, raw audit logs alone can be overwhelming and difficult to interpret. Security leaders need instant visibility into critical events, risk patterns, and user activity.
Read Post
nightfall

Why Reg S-P Compliance Is Becoming a Critical Risk for Financial Firms - and How Nightfall Can Help

Nov 26, 2025 By Chris Martinez In Nightfall
In finance, protecting customer data isn’t just good practice. It’s a regulatory mandate. The SEC’s Regulation S-P (Privacy of Consumer Financial Information) requires financial firms to guard against unauthorized access, maintain robust data-disposal practices, and have a formal incident response program. As the threat landscape has evolved, so has the regulation. This all means one thing: complacency is no longer an option.
Read Post
cyberark

EP 20 - Why agentic AI is changing the security risk equation

Nov 26, 2025 By CyberArk In CyberArk
As enterprises embrace agentic AI, a new security risk equation emerges. In this episode of Security Matters, host David Puner sits down with Lavi Lazarovitz, VP of Cyber Research at CyberArk Labs, to unpack how AI agents and identity security are reshaping the threat landscape. Learn why privileged access is now the fault line of enterprise security, how attackers exploit overprivileged AI agents, and what security teams must rethink before scaling AI.
Read Post
Feroot

HIPAA Tracking Pixels Without Vendor BAAs: Google, Facebook, and More

Nov 26, 2025 By Feroot In Feroot
It starts with a simple audit. Your legal team checks Business Associate Agreements after OCR’s tracking technology guidance. Google Workspace BAA: signed. Analytics platform BAA: signed. CRM and marketing tools: covered. Then the question that changes everything: Do we have BAAs for the tracking pixels on our patient pages?
Read Post
gitprotect

Jira Data Loss Scenarios To Watch Out For (And How To Avoid)

Nov 26, 2025 By Wojciech Andryszek In GitProtect
For many DevOps and ITSM workflows, Jira is the nerve center. It’s relied upon by thousands of teams for everything from agile sprint planning to enterprise-scale incident management. However, beneath the robust interface and powerful automation, your Jira data remains fragile – far more than you think. Scenarions around Jira data loss aren’t a theory. At least nowadays, when such things happen it’s quickly and quietly.
Read Post
teleport

Best Practices for Secretless Engineering Automation

Nov 26, 2025 By Jack Pitts In Teleport
A CI/CD pipeline deploying to production. A nightly database backup job. An AI agent performing maintenance tasks. New opportunities for engineering automation emerge every day. However, many of these workflows depend on stored secrets like hardcoded credentials, API keys, and long-lived tokens for privileged access.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.