No results found.
No results found.
No results found.

Podcasts

Episode 318 Deep Dive: Chuck Herrin | Staying Ahead of Surging API Attacks
byKBI.Media

In this episode, we sit down with Chuck Herrin, Field CISO and Customer Advocate at F5, as he unpacks the evolving threat landscape around APIs and AI in today’s organizations. Chuck explores how APIs have transformed from simple plumbing into the primary attack surface, often outpacing defenders due to historic silos between security and development teams. He highlights the acceleration of vulnerabilities and the widening gap created by tech debt, skill shortages, and the relentless push for innovation. Chuck also discusses the enormous pressure businesses face to adopt AI rapidly, often at the expense of security, and emphasizes the importance of leadership, board-level engagement, and foundational policy shifts to balance speed and safety.

Chuck Herrin is the Field CISO of F5. Prior to F5, Chuck was the CTO of Wib, an API security firm that created the second generation of API security solutions designed from the ground up to provide end to end visibility, testing, and context to discover, test, and secure all APIs across a customer ecosystem. Prior to Wib, Chuck spent 19+ years as a CISO in financial services and banking, including SVP and Head of IT Security, Risk, and Compliance for all of AIG’s consumer-facing divisions and EVP and CISO of Texas Capital Bank prior to being named “Most Trusted Bank in America” by Newsweek in 2022.

A lifelong learner, Chuck holds a litany of industry certifications gathered over the last 25 years, as well as a bachelor’s degree in biology from Lenoir Rhyne University. When not traveling to events and customer locations, Chuck is based out of his ranch in North Dallas.

No results found.
Microsoft’s Platforms and Services Prioritise Security from Inception, Rather than as an Afterthought

Microsoft’s Platforms and Services Prioritise Security from Inception, Rather than as an Afterthought

Overview Microsoft’s long-standing Executive, Bret Arsenault, Corporate Vice President and Chief Cybersecurity advisor at Microsoft, detailed Microsoft’s Secure Future Initiative (SFI) - their strategic approach to addressing emerging cyber threats and managing secure software development. With decades of experience at Microsoft, what Arsenault described as “...five different careers at the same company.”, Arsenault itemised the three core pillars of SFI: secure by design, secure by default, and secure in operations. These principles enable ...
No results found.

Business News ↓

Computer Emergency Response Teams and Their Critical Role in Protecting Australian Digital Assets

Introduction Computer Emergency Response Teams (CERTs) are the unsung heroes of cybersecurity. There are many myths about their role and function. Contrary to popular belief they don’t certify cybersecurity professionals, and many don’t do emergency response.   Operating in the background, CERTs provide vital functions in anticipating and reducing the impact of cyber-attacks. The first CERT, the CERT/CC, was...

Don’t Let Generative AI And LLMs Become A Third-Party Vulnerability

 Asadullah (Asad) Rathore, Head of Professional Services - cyber security and AI consulting, Excite Cyber (ASX:EXT)  As Large language models (LLMs) are increasingly being embedded into software development, organisations must ensure they understand the cyber security risks that come with it. Developer tools that have generative AI capability integrated to assist developers when writing code are on the rise. But...

How Unchecked Third-Party Access is Undermining Supply Chains

In the modern global economy, supply chains are no longer just physical networks but have become vast digital ecosystems. At the heart of these systems lies a challenge that is rapidly gaining prominence among cybersecurity professionals: third-party digital access. While companies have invested heavily in internal cybersecurity, the true vulnerability often lies just outside their walls, in the hands of partners,...

7 Reasons Certifications Are Critical to Secure Communications

Picture this scenario. You’re a government leader or a critical infrastructure operator. Suddenly, your communication systems go dark. The network has been breached, and sensitive information is exposed. Foreign adversaries are listening, decisions are delayed, and operations are paralyzed. Worse yet, you have no way of getting in touch with your employees to let them know what is going on. This is no hypothetical...

EOFY 2025: Australian Businesses Need To Mount Defences Against Rising Threat Of Cyberwarfare

With the new financial year approaching, Australian organisations face a pressing imperative to strengthen their cyber defences and heighten their vigilance against cyberwarfare. Modern cyberwarfare is marked by a surge in state-sponsored attacks, the weaponisation of artificial intelligence, and a growing emphasis on targeting critical infrastructure amid rising geopolitical tensions. Recent Armis research shows 9...

Insider Threats: The Silent Cybersecurity Crisis Facing Australian Businesses

In an increasingly digital world, Australian businesses are more vulnerable than ever to one of the most dangerous yet underestimated cybersecurity risks: insider threats. These threats, which originate from within an organisation, pose a unique challenge as they often fly under the radar due to the use of valid credentials and seemingly legitimate access.  However, they are potent and can result not just in loss...
Uncomfortable Truths Behind Cybersecurity Failures cover

Uncomfortable Truths Behind Cybersecurity Failures

In Episode 4 of the DevSecOops podcast, hosts Tom Walker and Scott Fletcher discussed what’s really dragging security down in modern organisations. And spoiler, it’s not the hackers. If you’re someone in tech, security, or just trying to make sense of how to run a safer, smarter organisation, this one is for you. No Longer A Departmental Concern Scott kicked things off by challenging the old school idea that...
When Priorities Collide, How Do You Make the Right Call? cover

When Priorities Collide, How Do You Make the Right Call?

In Episode 2 of the DevSecOops podcast, hosts Tom Walker, James Vincent, and Scott Fletcher explored one of the biggest yet most overlooked challenges in organisations today: how to make the right decisions, especially when business, technology, and security priorities clash or collide. So, how can organisations balance these three? Equal Understanding on All Fronts The conversation kicked off with a message that...

How a Veteran Project Manager Tames Cyber Chaos

Recently, on DevSecOops podcast; Hosts Tom Walker, James Vincent, and Scott Fletcher bring on a guest a special guest Natalie Haslam, an industry veteran with 25 years of project management experience within traditional IT, application development, and more recently, cybersecurity. Natalie’s reflection on the challenges of delivering cyber projects in the high-speed project delivery world. Despite investment in...

How Analysing 700,000 Security Incidents Helped Our Understanding of Living Off the Land Tactics

This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted this analysis as foundational research during the development of our GravityZone Proactive Hardening and Attack Surface Reduction (PHASR) technology. techniques. Our team at...
What Makes You Board Ready? cover

What Makes You Board Ready?

Serving on a corporate board is often seen as the pinnacle of a professional career, the natural, coveted ‘next step’ after decades of climbing the corporate ladder. For many, it is the picture of executives in sharp suits, convening in a high-rise building, and making decisions that shape industries and economies. But beneath these ‘glamour’ and ‘prestige’ lies a more important question: Why do you want to be...

Why Australian Boards Need to Rethink Risk in the Age of AI

Introduction The nature of corporate risk in Australia is evolving rapidly at a strategic, reputational, and liability level. As the next five years shape up to be even more disruptive in the world of risk management, Australian boards need to begin paying swift attention not only to how artificial intelligence (AI) is going to reshape the risk environment itself, but also how AI can assist them in combatting and...

Shadow Data Is The New Insider Threat: What CISOs Overlook In SaaS Sprawl

Companies maintain internal databases for sensitive information. However, sometimes employees want to take work home or believe it is easier to save files on their systems. These seemingly minor and understandable oversights introduce a new and growing threat to all industries: Shadow Data. Typical security protocols do not address these scenarios, leading to unexpected gaps and increased risk of breach. A New Kind...

The New Priorities Driving Organisations To Uplift Web Application Security

While compliance ensures steady improvements to application security, the cadence of upgrades is not enough to meet best practice or evolving customer expectations. Internet-based applications might run the digital world, but their security is an ever-present concern, and the consensus is that more needs to be done, and fast, to build (or rebuild) a foundation of trust. Modern digital experiences are powered by...

Can Cyber Security Be a Platform for Innovation and Growth?

Introduction The rapidly evolving cyber-risk landscape sees a cyber attack every six minutes in Australia, with a new wave of threats enabled by AI.1 The ability to manage cyber risks whilst at the same time delivering technological transformation places CISOs and CTOs in the driver’s seat of fast, sustainable organisational growth. This concept, known as "cyber agility," is the foundation of resilient and adaptive...

Digitally Marked: Australia’s Sensitive Position in the Global Cyberwar

Strategic advisor at Semperis, Simon Hodgkinson, discussed the ongoing state-sponsored cyberattacks, particularly in Australia. With decades of experience as a cybersecurity leader in software, financial services, and energy industry, Hodgkinson shared valuable perspectives and reflected on previous incidents, highlighting hard-learned lessons and best practices. His message is clear: cyber conflict is no longer a...
No results found.
No results found.
No results found.
No results found.
No results found.

Markets & Trading

YOUR SECURITY NEWSFEED

The KBI Dossier

The Cybersecurity news feed delivered straight to your Inbox.

Technology News ↓

Computer Emergency Response Teams and Their Critical Role in Protecting Australian Digital Assets

Introduction Computer Emergency Response Teams (CERTs) are the unsung heroes of cybersecurity. There are many myths about their role and function. Contrary to popular belief they don’t certify cybersecurity professionals, and many don’t do emergency response.   Operating in the background, CERTs provide vital functions in anticipating and reducing the impact of cyber-attacks. The first CERT, the CERT/CC, was...

Don’t Let Generative AI And LLMs Become A Third-Party Vulnerability

 Asadullah (Asad) Rathore, Head of Professional Services - cyber security and AI consulting, Excite Cyber (ASX:EXT)  As Large language models (LLMs) are increasingly being embedded into software development, organisations must ensure they understand the cyber security risks that come with it. Developer tools that have generative AI capability integrated to assist developers when writing code are on the rise. But...

Creating Infrastructure Foundations For A Scalable Future

GenAI, automation and Machine Learning (ML) are driving generational change – reshaping the future of business and society as we know it. However, for these capabilities to accelerate innovation at an organisational level, Australian enterprises must overcome a critical hurdle first: getting their network fundamentals right to fully embrace the future. Truth is, businesses here in Australia can’t make the most of...

Why Securing Digital Identities Is Now a Business-Wide Imperative

In an era where cyberattacks are growing in scale and sophistication, digital identities have emerged as the new battleground.   Once the exclusive domain of Identity and Access Management (IAM) teams, identity security is now a core cybersecurity and business concern. As organisations grapple with rising threats, they must look beyond traditional IAM tools to adopt a unified, proactive approach that secures...
No results found.
No results found.
No results found.
No results found.
No results found.
What in the Cloud?

What in the Cloud?

DevSecOops podcast hosts Tom Walker, James Vincent, and Scott Fletcher debate which cloud platform reigns supreme. ...
No results found.
No results found.
No results found.
No results found.