We’re at #AWSSummit Sydney!

Find the Tailscale team at booth B19 at ICC Sydney on June 4–5. Let’s chat secure networking, access controls, or just grab some swag.

Big news: I’ve joined @tailscale as a Customer Support Engineer!

As a homelabber and self-hoster, I fell in love with Tailscale for how effortlessly it makes private networking just work. Now I get to be part of the team building the new internet—one that’s secure by default, peer-to-peer, and built around people, not infrastructure.

I’m beyond excited to be part of this team.

Always a pleasure spending time with Rob Allen and the whole ThreatLocker team - virtually or in person (better!!!)

Why Simplicity Might Be the Missing Ingredient in Your #ZeroTrust Strategy | An ITSPmagazine Brand Story with Rob Allen from ThreatLocker | #RSAC2025

At #RSAC Conference 2025, the ThreatLocker booth didn’t need flashing lights or gimmicks. Just a live PowerShell attack, a rubber ducky, and a crowd watching real protection in action. That’s how you cut through the noise.

In this Brand Story episode, Sean Martin, CISSP and Marco Ciappelli talk with Rob Allen, Chief Product Officer at ThreatLocker, about why Zero Trust doesn’t need to be complicated to be effective. Instead of piling on tools, Rob explains why proactive control, vendor consolidation, and human connection are the real differentiators.

Huge thanks to #ThreatLocker for sponsoring our RSA Conference 2025 coverage and supporting meaningful conversations like this one.

Watch the episode: https://youtu.be/pPZ2VEeTdBo

Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/why-simplicity-might-be-the-missing-ingredient-in-your-zero-trust-strategy-a-brand-story-with-rob-allen-from-threatlocker-an-rsac-conference-2025-post-event-brand-story

Read the full article: https://www.itspmagazine.com/their-stories/from-reactive-to-proactive-building-guardrails-that-actually-protect-a-brand-story-with-rob-allen-from-threatlocker-an-on-location-rsac-conference-2025-brand-story-8m334

We’re still reflecting on RSAC 2025 — and this conversation reminded us that sometimes, the simplest solutions are the most powerful.

Next stop: Infosecurity Europe 2025 in London!
Follow our coverage as it unfolds — and if you’re a cybersecurity company attending the show, reach out to connect with us on site. Let’s keep the conversations going.

#cybersecurity, #zerotrust, #RSAC2025, #ThreatLocker, #infosec, #endpointsecurity, #brandstory, #threatprevention, #vendorconsolidation, #itspmagazine, #infosecurityeurope2025, #infosecurityeurope

So I've looked into several so-called "zero-trust" solutions. They are aptly named: I have zero trust in them.

1) they depict the traditional approach as a flat network. This is a bad faith argument: in virtual environments, there is nothing stopping you from implementing tiered infrastructure except being lazy or incompetent.
2) "let's have one single cluster handling both dev and ops traffic, both dev and prod traffic!" What could go wrong? Oh yeah, a single vulnerability exploited and your attacker can escalate to the maximum privileges of your infrastructure.
3) "let's inject/broker credentials into your connections by performing a meddle-in-the-middle attack!" Because heartbleed never taught us anything about the risks of arbitrary memory read in a service exposed to the Internet!
4) "Let's replace your old OpenSSH daemon by our own agent that reverse-connect to our cluster, so that you can bypass your pesky firewalls!" Firewall rules are under your control, mate; maybe change them so that reading them gives you the correct list of authorized flows? Also, what about glass-break scenarios where your zero-trust cluster is down?
5) "Our proprietary coordination server hosted on our infrastructure is highly available!" Sure mate, but Internet is not highly available so a single BGP incident can prevent me from revoking access to my infrastructure. If I need to revoke access, I need to do it fast.

And the list goes on and on. What a shit show.

When can we declare IP Geo location / country code blocking practically dead as a mitigation strategy?

Sure it is still useful blocking script kiddies from Iran and other low hanging fruit, but do any serious APT crews actually launch attacks from their home country anymore?

With the use of zero trust, distributed attack and delivery networks (looking at you Cloudflare), and VPN usage country blocking feels less useful than in the past.

At #RSAC2025, the message was clear: it's time to move beyond legacy VPNs.

Discover how Tailscale is leading the charge towards modern, secure networking solutions.

Read our RSAC 2025 recap:
https://tailscale.com/blog/rsac-2025-recap

Missed our Zero Trust webinar on Least Privileged Access?

It’s now available on-demand.

Learn how to stop lateral movement, verify identity in real-time, and apply Zero Trust with Tailscale.

Watch now: https://tailscale.com/events-webinars/zero-trust-series-part-two
#ZeroTrust #CyberSecurity #Tailscale

We’re live at RSAC 2025!

Tailscale is redefining secure, seamless networking—and we’re here to show you how.

Stop by booth # N-4607 North Expo for a live demo and some exclusive Tailscale swag.

Zero trust networking without the hassle
Private, encrypted connections—zero config
Secure access that just works

Here’s the team—come say hi!

„Wenn es um das Zahlungssystem geht, das 400 Millionen Menschen nutzen sollen, sollte die Anonymität nicht nur von einer Absichtserklärung abhängen, sondern auch technisch garantiert sein. Das Taler-System würde Anonymität auch dann gewährleisten, wenn sich politische Strömungen durchsetzten, die die Anonymität der Zahlungen aufheben wollen.”

https://zevedi.de/ngi-taler-und-die-zukunft-des-digitalen-bezahlens/

So funktioniert gute Technikgestaltung! Ich mag meine Bank. @glsbank @NGI_Taler #ngitaler #gnutaler #taler #cbdc #zerotrust

Lightning talks at #RSAC!
Catch Tailscale at the Jamf booth (S-1835):

Tues @ 1:00–1:15 PM
Wed @ 12:15–12:30 PM

Hear how a joint customer secured their global workforce with Jamf + Tailscale. Let’s pack the booth! https://tailscale.com/rsac-2025
#ZeroTrust #Cybersecurity

The Digital Terrain Is Shifting — Are Your Apps and APIs Ready?

As AI adoption accelerates, so do AI-driven attacks.
In their new research report, Akamai Technologies uncovers the evolving threats facing web applications and APIs — and how organizations can respond before attackers get ahead.

State of Apps and API Security 2025: How #AI Is Shifting the Digital Terrain explores the sharp rise in automated, intelligent threats — and the new defenses emerging to meet them.

Download the full report here: https://itspm.ag/akamaixmwd
Research like this helps #security professionals, #leaders, and #developers stay ahead of the curve — and shape the future of #digital defense.

We’re also proud to feature Akamai in our RSAC 2025 coverage — with a Brand Story recorded pre-event and a follow-up conversation happening on location at the conference in San Francisco with Rupesh Chokshi, Sean Martin, CISSP, and Marco Ciappelli.

Watch the pre-event recording here: https://youtu.be/DMm6INJ_2Z8

A huge thank you to the Akamai team for sponsoring our coverage and sharing their insights with our global audience.

Check out the report and stay tuned for more from RSAC:

Download the Report: https://itspm.ag/akamaixmwd
Explore our RSAC 2025 Coverage: https://www.itspmagazine.com/events/rsac-2025

New Episode!
A Brand Story from the Road to #RSAC 2025 — Featuring Akamai Technologies

Every year, as we get ready for RSA Conference, we fire up the engine and the mics—not just to cover the #tech, but to capture the #business, the strategy, and most importantly, the human side of #cybersecurity.

Our latest Brand Story does just that.

In this pre-conference conversation, we sit down with Rupesh Chokshi, SVP & GM of Application Security at #Akamai, to talk about the shifting cybersecurity landscape as we move deeper into the #AI era. From #APIattacks and #LLM scraping to hybrid infrastructures and #zerotrust environments, it’s clear that security is no longer just a barrier—it’s a business enabler.

And Akamai is right at the center of that transformation.

We explore what it means to build real #cyberresilience, how organizations can rethink their security strategy in an AI-driven world, and why this year’s #RSAC2025 Conference is set to be a defining moment for both innovation and trust.

A special thank you to Akamai for sponsoring our RSAC 2025 coverage and continuing to support conversations that matter.

Watch the teaser: https://youtu.be/NH4APVuZfRc
Full episode: https://youtu.be/DMm6INJ_2Z8
Listen on the podcast: https://brand-stories-podcast.simplecast.com/episodes/ai-security-and-the-hybrid-world-akamais-vision-for-rsac-2025-with-rupesh-chokshi-svp-gm-application-security-akamai-a-rsac-conference-2025-brand-story-pre-event-conversation
Learn more about Akamai: https://www.itspmagazine.com/directory/akamai
Follow all of our RSAC 2025 stories: https://www.itspmagazine.com/rsac

We’ll see you in San Francisco for more conversations to share with your audience!

— Marco Ciappelli & Sean Martin, CISSP
ITSPmagazine Co-Founders

Software Microsegmentation Promises Security—But Is It Falling Short?
https://youtu.be/dYJUWje-Y1g #cybersecurity #microsegmentation #zerotrust #riskmanagment #FIPS-140-2 #hardware #software #BYOS #manufacturing #legacynetworks #energy #healthcare #ICS #OT

New Brand Story with ThreatLocker!

Think #ZeroTrust is too rigid to work in the real world? Think again.

In this Brand Story episode, Sean Martin, CISSP and Marco Ciappelli chat with Rob Allen, Chief Product Officer at ThreatLocker, about what it really takes to move from “trust but verify” to a block-first, permission-based approach to #endpointsecurity.

We break down how his team builds tools that don’t just protect environments—they give security teams back their time and sanity. From web control to patching to user-friendly policy exceptions, it’s all about delivering control without complexity.

Listen in to hear how this mindset shift helps organizations operate securely—without getting in their own way.

Watch the teaser:
https://youtu.be/4VUW68Wb7fs

Watch the full video
https://youtu.be/A2ZiUtKRRoY

Listen to the podcat:
https://brand-stories-podcast.simplecast.com/episodes/from-chaos-to-control-what-if-your-cyber-program-helped-you-sleep-at-night-a-threatlocker-brand-story-with-rob-allen

Read the blog:
https://www.itspmagazine.com/their-stories/from-chaos-to-control-what-if-your-cyber-program-helped-you-sleep-at-night-a-threatlocker-brand-story-with-rob-allen

Visit Threatlocker on ITSPmagazine:
https://www.itspmagazine.com/directory/threatlocker

Hey #NixOS #Cloudflare #ZeroTrust

edit: I have not yet sorted out getting Docker running on NixOS yet, so for the moment I'm gonna get that installed and use the available container, which has latest build. I would like to stick to pure Nix on everything, but there is a need to be, umm, clean on opsec.

I was trying to install cloudflared from unstable repo. It installed and works from 24.11, but when I ran the command to create the credentialsFile it complained about the older version and suggested upgrading to 2025.4.0 rather than the 2024.10.0 that is in nixos.

Unstable has 2025.2.1, which is better, but is not 2025.4.0. Two branching questions from here.

1 - the unstable package returned that error: Package ‘cloudflared-2025.2.1’ in /nix/store/vxwsnfg5mys9v1qrxvim13ddmnhd4z1g-unstable/unstable/pkgs/applications/networking/cloudflared/default.nix:97 is marked as broken, refusing to evaluate.

Conveniently, it included instructions for allowing packages marked broken through. Is that considered normal in dealing with Cloudflare on NixOS? Cause it reads to me like an outtake from "How To Get Your Website Pwned By L33t H4krz".

2 - considering that even if I allow the "broken" package in, I'm still not getting the version recommended by cloudflared's error message, perhaps there's a flake or something I should try, that would get the daily build or whatever?

I'm off to do more searches and maybe poke my head into one of the actual support forums, but this seems like a pretty common task for NixOS admins to be doing, so it's probably an easy answer that I just haven't found yet.

Probably been looking at nixos.wiki again or something.

More Big News!

Please join us in welcoming Beachhead Solutions as an official sponsor of ITSPmagazine.

Beachhead Solutions provides hashtag#cloud-managed device security that enables businesses to enforce hashtag#encryption, control data access remotely, and instantly prove regulatory compliance across all endpoints—PCs, Macs, servers, phones, tablets, and USBs.

Explore their brand page on ITSPmagazine:
https://lnkd.in/gP2RfpCa

Help us spread the word—tag your team, your peers, your fellow defenders.

Visit Beachhead Solutions Website https://itspm.ag/beachhead-solutions-r49e

Welcome aboard, Beachhead Solutions!

— Sean Martin, CISSP & Marco Ciappelli
#cybersecurity #infosec #infosecurity #technology,#dataprotection,#zerotrust #endpointsecurity #managedsecurity #MSPs

Agentic AI isn’t theoretical—it’s already reshaping how businesses operate and secure systems. I sat down with Ken Huang to explore how autonomous agents impact development, governance, and security.

Watch the full episode here: https://youtu.be/csVUnyA_UmI

Listen to the podcast here: https://redefiningcybersecuritypodcast.com/episodes/building-and-securing-intelligent-workflows-why-your-ai-strategy-needs-agentic-ai-threat-modeling-and-a-zero-trust-mindset-a-conversation-with-ken-huang-redefining-cybersecurity-with-sean-martin