Join ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.
ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John Lilliston
Join ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.
As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.
ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."
The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.
At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.
Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.
ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.
The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.
Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operations
Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974
Note: This story contains promotional content.Learn more.
Guests:
John Lilliston
Cybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com
______________________
Resources
Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker
ThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together!
Time: 7PM - 10PM | Location: Mandalay Bay Complex
RSVP below and we'll send you a confirmation email with all the details.
Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John Lilliston
Sean Martin: Marco, can you feel the energy?
Marco Ciappelli: Oh, I'm ready. I'm trying to decide what mixtape I'm gonna bring in the car.
Sean Martin: We keep talking about mixtapes, but I don't think the car is gonna have a tape player.
Marco Ciappelli: Why? It could be fun. A little retro could be fine.
Sean Martin: You tell me how it goes.
Marco Ciappelli: You know, the one that you had to remove because otherwise the thieves would come in and steal it. Removable. Literally zero trust - the tape, zero trust in the...
Sean Martin: Funny enough, I had a car broken into and my stereo was stolen 'cause it was removable and I didn't remove it.
Marco Ciappelli: And you weren't using ThreatLocker. That's the problem.
Sean Martin: Exactly. But we are, cassette tape radio or not, driving together to Las Vegas for Black Hat USA 2025. Our 11th year - our birthday. I always forget the number. Anyway, it's ITSP Magazine's birthday.
Marco Ciappelli: My birthday? No, your birthday is ITSP Magazine birthday number 11. We mentioned it already before. So very exciting. A lot of things going on. Black Hat is a tradition for us to be there, and it's becoming a tradition to connect with the team at ThreatLocker, except we got John today instead of Rob. I know what's going on.
John Lilliston: Hey, how you doing Marco? Sean?
Marco Ciappelli: Good. Good to see you.
John Lilliston: Good to see you.
Sean Martin: Yeah, likewise. So for those who know, we kind of get a sneak peek at what's coming at Black Hat. And we like to do that with keynote speakers and some of the folks we work with, like you, John, at ThreatLocker. There's never a lack of fun new things taking place at the booth, in the hallways, in the sessions, at events outside of the venue. And I think you guys have a busy year. Obviously, you continue to grow as an organization. You continue to bring on new clients, you continue to build new products and do really cool things. You need to share that with a lot of folks. We're gonna touch on some of that stuff today. So John, thanks for taking time. Maybe a quick moment from you just to tell us a little bit about your role at ThreatLocker. It's a job I want, by the way.
John Lilliston: Yeah, so I'm the Detect Product Director, so I head up our ThreatLocker Detect and Cloud Detect products, as well as oversee the operational teams like our threat intelligence team, as well as our managed detection and response offerings. So I've been here since February and, you know, we've come a long way and we got a long way to go. We're always looking to innovate and stay ahead of the industry, and we're really looking forward to sharing ways to do that at Black Hat.
Marco Ciappelli: And you know, we go a long way back, me and you, John. I remember Zero Trust World in Orlando. You were one of the first people that we met, and I remember you telling us, "Hey, I just got started here." And then we shared a meal, a good pizza with you, Rob and Heather and the ThreatLocker team at our RSA conference. I'm excited to see you there, and it doesn't seem like you've been with ThreatLocker only for a few months.
John Lilliston: Yeah, well, it's definitely been something where I had to hit the ground running. When Danny first told me he wanted me to attend Zero Trust World, I was kind of surprised. But after settling in, I see what kind of fast-paced environment we're working with, and it keeps me on my toes and I'm definitely happy to be here.
Sean Martin: So what are you excited about for Black Hat? A big booth, I presume, lots of people showing demos. What else are you doing there?
John Lilliston: Yeah, so we're really looking forward to meeting with cybersecurity professionals, reconnecting with the industry, and meeting with our current customer base, talking about default deny strategies and how ThreatLocker actually makes the zero trust implementation within enterprise environments.
Sean Martin: And can you expand on default deny? I think some folks might understand what that is, but an overview would be great.
John Lilliston: Yeah, so default deny is basically the entire approach of ThreatLocker. And what this says is we're going to deny by default and allow by exception. And so what we can do with that is we can actually lock down an enterprise environment to the point where we can only allow things that we know and are approved to run. We can do this at the network level as well as the application level and storage level. This is a really powerful, complementary product that, with the combination of those three things, will really harden your environment.
Marco Ciappelli: Sean, it's kind of like me and you when you have an idea. I say, "No, deny." Actually, that's a good idea. It's something that I think is working because you guys are growing exponentially like we said at the beginning. And so it is something that's concrete. I don't know, maybe a few years ago the zero trust concept was kind of like, we don't know if it's gonna be one of those buzzwords and then it's gonna end up there. But no, it's something concrete and something that is working. So here's my question, usually for everybody that we talk to - and then we're gonna have a conversation on location and we will touch on that later - but what kind of questions and topics do you think are gonna be popular at your booth when people show up and say, "Okay, tell me what you do" and what is on their mind?
John Lilliston: Yeah, so I anticipate our visitors to be inquiring about our approach to zero trust, 'cause we really are doing things a little different versus the other competitors in the application control space. And in fact, that's one of the reasons I decided to come to ThreatLocker - when I was on the enterprise side of things, I evaluated the product and I really believed in the approach that ThreatLocker is taking with learning mode. And then of course also ring fencing and applying zero trust to our network policies as well as storage. So I anticipate a lot of visitors asking about those kind of things.
Sean Martin: And do you get a mix of endpoint and application and system level as well as network? Is it all kind of intertwined or what does that look like?
John Lilliston: Yeah, it does. So these are all modules that ThreatLocker offers. And the true power is when you have these modules working together in tandem, they create a very solid, hardened system, which ultimately is going to stop adversaries in their tracks. It's gonna prevent the initial execution. And then obviously we can lock down the network communication and the actual disk operations that an adversary might be able to perform in a traditional environment.
Marco Ciappelli: Okay, so I'm curious - tell me about your Detect product director role. Sounds like if zero trust fails and people get in, now you're gonna detect what's going on there. You're like the second blade?
John Lilliston: So this is just the whole approach to defense in depth. Obviously you want compensating controls where your primary controls may fail. And in the case of zero trust, that's quite irregular and infrequent. However, maybe there are specific conditions within an enterprise environment that you just absolutely have to allow a specific application to run that may have living off the land applications to it, or you have this application that has to connect to the internet and you don't necessarily have specific ranges of IP addresses or fully qualified domains it should be communicating with. So at that point, once you know that, "Hey, we have to let this run," then we want to actually monitor the behavior of what we're permitting to run and detect the irregularities and potential malicious activities. So Detect in conjunction with these products just makes it even harder for an adversary to get past.
And then of course one of the big advantages of Detect is our ability to orchestrate automated responses to specific detect policies with the rest of the portal. An example would be data exfiltration. If we detect irregular browser behavior, we can actually have a detect policy configured automatically to lock down the browser from reading content on disk or even communicating over the network until it's able to be reviewed by a security administrator.
Sean Martin: Great. I'm glad you actually gave an example. I was gonna ask you to share one with me, because sometimes, and I think this is where the value of something like Black Hat and having a booth and having the team on hand - sometimes it's hard to kind of visualize how a technology fits into an environment, fits into the workflow of the business, fits into the security operations and the IT operations, and the scenarios that they have to deal with. And that's hopefully what you're gonna be showing in the booth.
John Lilliston: Yeah, Sean, that's actually exactly right. We'll have quite a presence at our booth where we will be definitely doing hands-on demos, and I think one of the big advantages to what we'll be doing is, specifically with the scenarios I just talked about, on-demand hacking demos. For those who are willing to brave the challenge.
Sean Martin: No better place than at Hacker Summer Camp, where loads of great research is done. Step on it.
John Lilliston: Yep. Come on by. We're gonna be at Booth 1933. It's right at the front. And you won't be able to miss us.
Marco Ciappelli: Well, let's talk a little bit about other things that you guys are gonna be doing there. I know that there is Danny, which apparently - I mean, he is a busy guy and the CEO and founder of the company - and we are planning to have a conversation with him right there at the booth. So, good to know where it is, 'cause otherwise we'll miss it. I know that ThreatLocker's booth is pretty easy to find. So I'm not afraid of that, 'cause there are a couple of really big announcements that will be - you're not able to talk about right now, but he will be able to.
Sean Martin: Can I spill the beans?
Marco Ciappelli: Can you? No. Deny. Deny, deny, deny.
John Lilliston: Yeah, you're definitely right about one thing, Marco. Danny is a busy person. And so there are some major announcements that are gonna be kind of game changers for the organization and our client base. So we are very, very excited to share that news with everybody at Black Hat. I would also like to point out that Danny is actually going to be holding a session at Black Hat. It's gonna be at Mandalay Bay J on Thursday the 7th from 10:15 to 11:05. And that's going to be on simplifying cybersecurity, so I'm looking forward to that. Danny's always very entertaining to watch and he's very informative, so I would highly recommend you and your listeners to go check him out.
Sean Martin: We've seen Danny in action and it's an experience and a treat all in one. And we'll include a link to that session so folks can easily find that there at Black Hat on Thursday. And we're gonna be talking to him on Wednesday. So I can't spill the beans now, but we'll share with everybody the two announcements and anything else that's on Danny's mind. I'm sure he has loads of ideas on where the industry's headed and how his team, including you, John, are helping organizations achieve that ultimate goal of zero trust to help organizations protect the business. I think you're also doing an event one night. Invite some folks to that.
John Lilliston: Yeah, so we have a welcome reception on Tuesday the 5th. It's gonna be from 7 to 10 PM at the Mandalay Bay Complex. What I would recommend is for anybody who's interested in coming, there's going to be a link to register, and come on out. We'd love to see you there. It should be a good time. There'll be definitely some food and refreshments. So we're looking forward to that.
Marco Ciappelli: Yeah, we're actually planning to be there ourselves and spend some time with you guys and meet people that are interested in getting to know ThreatLocker for the first time. I mean, we luckily - it's not our first meeting with you guys as we mentioned at the beginning, and we're super excited to be there.
Sean Martin: If it's even a smidgen like Zero Trust World, it's gonna be a good time. Lots of fun. And good conversations too. The amount of people that we're talking about how they approach zero trust - and yes, we're having fun, but we are talking business as well. And it's a good time.
Marco Ciappelli: Yeah. But you know, you don't wanna be bored. I get bored very easily. So I'd rather get some good company and a couple of drinks. Anyway, as far as we are concerned, we're gonna be talking with other sponsors while we're there. We're gonna be making some editorial content, the usual recap or something like that. Every day, me and Sean, sometimes it's silly. Sometimes we actually get very philosophical and talk about the industry and sometimes again, it's a little bit of both.
Sean Martin: Very silly philosophical. That's what we do.
Marco Ciappelli: Yeah, very excited to be there. Very excited to meet you guys. And Sean, for the people that can't be in Las Vegas because not everybody can get in the car and cross the desert and cross their fingers that actually the car is gonna work all the way and that the tape player works.
Sean Martin: Yeah, the tape player works. Exactly. So itspmagazine.com/bh-usa-25 is where all of our coverage will be, including this story and all the links to connect with ThreatLocker and their team and to go to the welcome reception and find them at the booth and to meet Danny and see his session. So all that stuff will be available through that one link. And I encourage everybody to see us there if you're there, visit the ThreatLocker team at their booth if you're available to do that. And if not, stay tuned to everything we put out before, during, and after the show.
Marco Ciappelli: Yeah, of course John is gonna be there. I don't think there's gonna be pizza, but maybe we'll make it happen.
Sean Martin: We're gonna have to do a pizza thing. We'll see.
Marco Ciappelli: We'll see. We'll let everybody know after that in one of our recaps if we eat pizza or not.
Sean Martin: All right. Before we close, I don't wanna miss anything. I wanna be sure that we gave you room for announcing everything you had to announce. We got embargoed news, we got everything that's gonna be happening at the booth. Anything else?
John Lilliston: Yeah. Nothing except that, like I said, come by booth 1933, we'll be right at the front. We are going to be giving away some merchandise. So this was really popular at RSA. It's a ThreatLocker zero trust endpoint protection platform bag. We'll also have some other stuff. So come on by - it definitely goes fast. And we want everybody to get one.
Sean Martin: Cool. I'm assuming everything you put in there is gonna be protected. Zero trust.
Marco Ciappelli: That's the idea. That's right. Zero trust - I trust you.
Marco Ciappelli: Well, stay tuned. Have fun. And of course, thank you so much, John, for being part of this and to the team at ThreatLocker. See you there. See you soon.
John Lilliston: Thank you. All right. Looking forward to it.
Marco Ciappelli: See ya.