Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With Microsoft officially ending support for many Windows 10 versions on October 14, 2025, public sector organizations are racing to modernize their environments. But Fulton County, Georgia, isn’t racing—they’re leading. In this episode, we sit down with Terrence Slaton, CISO of Fulton County, to unpack how his team successfully executed a large-scale migration to Windows 11 across critical government systems—with speed, certainty, and zero disruption to essential services.

As AI and automation reshape how work gets done, security and IT teams are facing a critical shift. But here’s the truth: AI won’t eliminate roles - it will transform them. Today, junior analysts, IT admins, and senior engineers alike are being freed from toil and empowered to build smarter, faster systems.

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

One-third of critical and high vulnerabilities remain open for 180+ days from the time they are discovered. When it comes to business growth vs security, business always wins by prioritizing features over vulnerabilities. This gives hackers enough time to exploit the vulnerabilities, putting the organization at risk. However, most of these vulnerabilities can be virtually patched within a few hours using solutions like AppTrana's SwyftComply, with zero impact on business continuity.

A real-world API vulnerability let a user change the asset type in a major crypto exchange—bypassing expected controls. Watch how a simple tweak to API parameters enabled unauthorized trades and exposed critical flaws. Learn why detailed schema validation and input checks are essential for protecting sensitive financial APIs.

Think you can tell cybersecurity heavyweights from sci-fi legends? @Etay Maor, Chief Security Strategist at Cato, thought so too, until a quote left him speechless (and slightly heartbroken). Watch on and test your own cyber + pop culture instincts.

What are false positives in cybersecurity — and why do they matter? In this video, we break down the concept of false positives: those annoying alerts that cry wolf when there’s no real threat. You’ll learn how they happen, the difference between false positives and false negatives, and the hidden costs they create for security teams. We’ll also walk through real-world examples, explore how false positives impact SOC efficiency, and share practical strategies to reduce them using better configurations, machine learning, and smarter alert triage.

Insider threats are one of the most underestimated cybersecurity risks facing organizations today—and they’re coming from the inside. In this video, we break down exactly what insider threats are, the different types (including malicious, negligent, and compromised insiders), and why they’re so hard to detect. You’ll also hear about real-world examples like Edward Snowden and the Capital One breach, and learn how businesses can protect themselves with practical, real-world strategies.

Think credit card fraud is the biggest threat to eCommerce? Think again. Loyalty fraud cost businesses $4B in 2024, and most companies didn't see it coming. Why? Because the attack vector isn't obvious. It's: Credential stuffing + password spraying Poorly managed APIs connecting loyalty platforms to 3rd parties No real-time detection when the bad guys cash in points for untraceable gift cards.

This week on the podcast, we discuss some recent research into a new zero day vulnerability in the popular WinRAR utility under active exploit. After that, we give a round up on everything we know about the SonicWall SSLVPN attacks from the last few weeks before ending with a review of a new ChatGPT vulnerability. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.