From Misconfigurations to Mission Control: Lessons from InfoSec World 2025 - Marene Allison, Dr. Ron Ross, Ryan Heritage, Patricia Titus, Perry Schumacher, Rob Allen - ESW #435

Dec 1, 2025

Guest

Ron Ross

Guest

In a dynamic discussion, cybersecurity leaders share insights from InfoSec World 2025. Perry Schumacher explores challenges for mid-sized companies, emphasizing AI for efficiency and resilience. Maureen Allison introduces Security Control Management, advocating for automated oversight. Ryan Heritage discusses operationalizing security and insider risks, notably among Gen Z. Patricia Titus highlights the rise of AI phishing and innovative behavioral defenses. Dr. Ron Ross stresses the importance of secure hardware and community diversity in building a robust cybersecurity framework.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Misconfigurations Are Silent Attack Vectors

Misconfigurations often remain invisible until attackers exploit them, making proactive detection essential.
Rob Allen's DAC maps misconfigurations to frameworks and gives actionable remediation steps.

ANECDOTE

Using DAC On Their Own Environment

ThreatLocker used its own DAC to find unpatched apps in users' downloads and portable apps.
That internal scan revealed many overlooked exposures other tools missed.

ADVICE

Control Employee Access To AI Tools

Block access to unauthorized web AI tools centrally via web controls to reduce shadow IT risk.
Alternatively, provision paid corporate access to approved AI tools instead of leaving employees to buy them.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year’s conference.

In this episode:

-You Don’t Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them.

-Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency.

-The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense.

-Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at “the speed of relevance.”

-The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises.

-Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape.

Segment Resources

ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations

Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more!

This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-435