Enterprise Security Weekly (Audio) Rethinking risk based vulnerability management, Black Hat expo insights, and the news - Snehal Antani - ESW #420
21 snips
Aug 18, 2025 Snehal Antani, CEO of Horizon 3 AI and former CIO at GE Capital, tackles the pitfalls of vulnerability management in organizations. He argues that traditional methods often lead to ineffective lists, suggesting a need for a more robust approach. The discussion also highlights insights from the recent Black Hat conference, focusing on innovative security tools and engagement strategies. Additionally, they touch on the role of AI in evolving cybersecurity, the skepticism around marketing claims, and the importance of risk-based management for better defenses.
AI Snips
Chapters
Books
Transcript
Episode notes
Infrastructure Over Web App Hype
- Most breaches stem from infrastructure and misconfigurations, not custom web app zero-days.
- Security focus often over-rotates to web apps despite attackers targeting known vendor flaws and credentials.
AI Compromised Goad In 14 Minutes
- Node Zero fully compromised the Goad cyber range in 14 minutes and 25 seconds with no prior knowledge.
- Snehal contrasts this with a senior human pen tester taking about 12 hours for the same challenge.
Make Production Tests Context-Aware
- Use dynamic guardrails and environment introspection to keep production testing safe.
- Bias toward gentle tests when environment safety is ambiguous and learn safety through repeated tests.
