In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Timothy Shields, Partner at Kelley Kronenberg, to unpack what data privacy law really looks like when it meets real-world technology, security, and business constraints.

Timothy brings a rare perspective to privacy law, having started his career as a software developer and academic before becoming a tech and data privacy attorney. That technical background shapes how he advises companies today—moving away from unrealistic “zero-risk” thinking and toward practical, defensible decision-making.

The conversation explores where organizations most often misunderstand data privacy requirements, why documentation and intent matter as much as tools, and how companies can reduce legal exposure before something goes wrong. Valentina and Timothy also discuss breach response, AI-related legal risk, and why small companies are just as exposed as large enterprises.

Key topics covered in this data privacy episode:

• Why legal risk in tech is rarely “zero risk” — and why that mindset fails
• How a technical background changes the way privacy law is applied in practice
• Common privacy blind spots engineers and executives overlook
• The biggest legal mistakes companies make after a breach
• Why proactive security testing and planning matter more than perfection
• The critical role of documentation when regulators or courts get involved
• Why not doing what you said you would do creates more liability than getting breached
• Where AI liability is headed and what companies should be doing now
• Why “we’re too small to be a target” is one of the most dangerous privacy myths

Who should listen?

This episode is essential for founders, executives, legal teams, engineers, security leaders, and anyone responsible for handling customer data, building software, or managing cyber risk. If your company collects, processes, or stores data—or is experimenting with AI—this conversation offers practical guidance you can actually act on.

About Ctrl-Alt-Secure

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Learn more about Kelly Kronenberg: https://www.kelleykronenberg.com/
🔗 Contact Red Sentry

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Madison Morrow, Director of Business Development at Blue Sages, and Farshad Esnaashari, a medical device full–lifecycle consultant, to break down one of the most urgent topics in the med-tech industry: cybersecurity requirements for FDA medical device submissions.

The conversation explores why the FDA is increasing its cybersecurity expectations, the most common mistakes manufacturers make, and how device makers can integrate security early in the product lifecycle. Madison explains how Blue Sages supports medical device companies through engineering best practices, software documentation, testing, and compliance, while Farshad brings over 30 years of experience in architectural security, risk management, and interpreting FDA cybersecurity guidance.

Key topics covered in this FDA cybersecurity episode:

• Why cybersecurity must start early in medical device design (not at the end)
• What the FDA now expects: SPDF, SBOM, traceability, threat modeling, and vulnerability management
• Why shallow SBOMs, missing traceability, and late pentesting delay submissions
• How penetration testing and offensive security strengthen FDA submissions
• Practical guidance for med-tech startups balancing speed, safety, and compliance
• How AI introduces new cybersecurity risks in medical devices and what the FDA expects for model updates, rollback plans, and integrity checks

Who needs this episode?

This discussion is essential for anyone involved in medical device development, regulatory submissions, FDA compliance, cyber risk, software validation, or connected device security. If you’re preparing a 510(k), De Novo, or PMA submission in 2025–2026, this episode gives you a clear roadmap of what to prioritize.

About Ctrl-Alt-Secure

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Connect with Blue Sages to explore their engineering and regulatory support for medical device companies: https://www.bluesages.com/

🔗 Contact Red Sentry: https://redsentry.com/contact

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Dr. Bennett Hammer, founder and president of Hammer IT, for a deep dive into one of today’s most common yet misunderstood risks: email security. They break down the evolving threat landscape, from the rise of phishing and ransomware to the ways AI is now being used by both attackers and defenders.

The conversation explores why email remains one of the most effective entry points for cybercriminals, how remote and hybrid work environments have expanded the attack surface, and the practical steps organizations can take to strengthen their defenses. Dr. Hammer highlights the importance of proactive measures, continuous user education, and building a culture where employees are empowered to question suspicious activity.

A handful of valuable takeaways:
• Phishing and ransomware continue to top the list of email-based threats
• AI is accelerating both offensive and defensive capabilities in cybersecurity
• Remote work has created new vulnerabilities in email workflows
• User training and awareness remain essential for preventing breaches
• Strong filtering, verification protocols, and layered defenses make a measurable difference

To explore more of Dr. Hammer’s work or try his free tools, visit hammeritconsulting.com, hammersecure.com, or HammerSpam, his spam email analyzer.

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered pentesting firm helping companies identify and fix vulnerabilities before attackers can exploit them.

Find more about Red Sentry.