In this episode, we take a practical look at how cyber insurance fits into the broader world of organizational risk. While we often talk about risk from a security and compliance perspective, insurance brings its own lens, which has become increasingly important as threats evolve, and claims grow more complex.

Today's guest, Mark Westcott, President & CEO of ACNB Insurance, breaks down the types of risks insurers care about most, how cyber policies are shaped and the key factors that influence underwriting decisions. We also explore how compliance frameworks and certifications play into premium pricing, risk scoring, and eligibility.

Learn about:

• The types of risks insurers prioritize—and why
• How insurers approach cyber insurance
• The connection between compliance standards, certifications and insurance rates
• Core benefits of cyber insurance beyond financial protection
• Whether regulations mandate cyber insurance and what drives adoption
• Key questions organizations should ask when evaluating cyber coverage

There's no shortage of cybersecurity tools, but most compromises don't happen because of technology failures, they happen because of a failure in organizational processes. In today's episode, we explore how penetration testing and red teaming expose the people, processes and operational weaknesses that technology alone cannot.

We discuss why security is ultimately a people problem, why organizations struggle to identify their own blind spots and how offensive testing reveals hidden vulnerabilities that technologies alone miss.

In today's broad ranging episode, we cover the following:

• Penetration testing vs. red team engagements
• What a real red team assessment looks like
• Attack vectors that still work surprisingly well
• Interesting "ins" from the real-world
• The ongoing role of social engineering
• Custom tooling vs. off-the-shelf frameworks
• Staying current with attacker techniques
• Finding business-logic flaws automated tools miss
• The hardest parts of offensive security work
• Common organizational mistakes that create risk
• Making findings actionable for engineering teams
• Skills the next generation of operators should build
• Soft skills that matter in offensive security
• How AI and cloud are changing modern red teaming
• Underestimated attack surfaces
• Whether offense will always outpace defense

In this episode, we dive into Zero Trust and how organizations can put it into practice. With the rise of cloud computing, traditional on-prem networking architectures began to fade. Yet the need for strong security never went away – it evolved. That's where Zero Trust comes in. At its core, Zero Trust isn't just about technology. It's about people, access, and trust – starting with the principle that no one is trusted by default.

Tune in to learn:

• Why Zero Trust is more of a mindset and not a technology or set of technologies
• The challenges organizations face when adopting it
• How Zero Trust technologies differ from traditional networking technologies

Reference material:

• NIST SP 800-207
• CISA Zero Trust Maturity Model