Unspoken Security

They’re Hacking the People!

In this episode of Unspoken Security, host AJ Nash welcomes Ivan Novikov, CEO of Wallarm, to discuss the fundamental shifts in API security. They explore how APIs have evolved from internal tools to the public-facing backbone of mobile apps, IoT, and AI. This change has dramatically expanded the threat surface, making traditional security methods obsolete.Ivan explains why older approaches, like signature-based detection and RegEx, fail against modern attacks. He details Wallarm's unique solution: a real-time decompiler that analyzes the actual payload of API requests. This technique allows for deep inspection of complex and nested data formats, identifying malicious code that standard tools miss.The conversation also looks to the future, examining the security risks posed by the rapid adoption of AI agents. Ivan concludes with a stark comparison between physical and cyber threats. In the digital world, attacks are constant and aggressive. Success depends less on the tools you have and more on who you are and how you use them.Send us a textSupport the show

Communication Strategies for Data Driven Leaders

Data alone does not persuade. For data-driven leaders, learning totranslate numbers into a compelling narrative is a critical skill. In thisepisode of Unspoken Security, host AJ Nash speaks with Salvatore Manzi, aleadership communications coach, about the strategies technical leaderscan use to create influence. Salvatore explains why leaders must learn tomake meaning over metrics to connect with teams, stakeholders, andcustomers.Salvatore shares practical frameworks to improve communication. Heintroduces the "You then me" principle, which prioritizes acknowledging the other person’s view to build rapport. He also shows how using simplemetaphors and a little appreciation can make complex dataunderstandable. These techniques disarm a room before you need tocorrect someone or present a counter-argument, ensuring your message lands effectively.The conversation also covers imposter syndrome and the uniquecommunication hurdles women face in the tech industry. AJ and Salvatorediscuss the power of authenticity and the need for allies who activelyamplify other voices. They explore how simple shifts in body language andmindset can build the confidence needed to overcome these challenges and ensure your voice is heard.Send us a textSupport the show

Today’s Geopolitical Threat Environment Requires a New Security Model

In this episode of Unspoken Security, host AJ Nash welcomes Mark Freedman, Principal and CEO of Rebel Global Security, to discuss a major shift in the global threat landscape. The primary national security concern has moved from counter-terrorism to interstate strategic competition. This change requires a new security model, especially for the private sector.Mark explains that companies are now players on a geopolitical battlefield, facing sophisticated threats from nation-states. Yet, many organizations operate in silos. Legal teams track sanctions while cybersecurity teams react to technical threats. They often miss the strategic connection between the two, which creates significant vulnerabilities.To close these gaps, AJ and Mark explore the need for an integrated intelligence function within businesses. They discuss how even a single empowered person, tasked with understanding the geopolitical environment, can connect various teams. This strategic view helps companies build a more resilient and proactive defense in a complex world.Send us a textSupport the show

Can My AI Be Hacked?

In this episode of Unspoken Security, host AJ Nash speaks with Dr. Peter Garraghan, CEO and CTO of Mindgard. They discuss the real-world security risks of artificial intelligence. Peter starts with a simple point: AI is just software, and software is easy to break. He urges businesses using AI to step back and truly understand its vulnerabilities.Peter draws parallels between the current AI boom and past technology cycles like cloud computing. While AI feels revolutionary, the security risks are not new. Threats like data poisoning and prompt injection are modern versions of classic cybersecurity problems. The danger is that AI's human-like interface makes it easy to anthropomorphize, causing users to overlook fundamental security flaws.To manage these risks, Peter advises companies to treat AI like any other software. This means applying the same rigorous security controls, testing protocols, and incident response playbooks. Instead of creating a separate process for AI, organizations should find the gaps in their current security posture and update them. This practical approach helps businesses secure AI systems effectively.Send us a textSupport the show

The Human Side of Cyber

Why does security awareness training so often fail? In this episode of Unspoken Security, host AJ Nash welcomes Living Security CEO Ashley M. Rose to discuss this common issue. They explore how compliance-driven, "check-the-box" training creates a false sense of security. This old model relies on vanity metrics and rituals instead of reducing actual human risk.Ashley presents a better way forward through human risk management. This modern strategy moves beyond simple phishing tests and integrates data from your existing security tools. It provides a full view of employee behavior to identify and address risks proactively. The goal is to make security training engaging and effective, not just another task to ignore.The conversation also covers the nuanced relationship between human risk management and insider threat programs. AJ and Ashley discuss how to empower employees and transform them from a potential liability into an organization's greatest security asset, creating a stronger, more resilient workforce.Send us a textSupport the show