Business Security Weekly (Audio)

Rob Allen, Chief Product Officer at ThreatLocker, discusses the transformative potential of Zero Trust security, drawing on over two decades of tech expertise. He highlights new research showing that organizations could have reduced cyber losses by up to 31% with Zero Trust, resulting in $465 billion savings. Rob simplifies the complexities of this model, advocating for its ease of deployment through ThreatLocker’s platform. He also emphasizes the importance of client engagement in security strategies to balance protection with operational efficiency.

Jeff Pollard, an analyst specializing in security at Forrester, discusses strategies for CISOs to navigate volatility and effectively manage budgets. Pej Roshan, CMO of Menlo Security, emphasizes the importance of AI-driven threat detection and browser security. Deepen Desai, CSO at Zscaler, highlights the risks of AI-assisted attacks and advocates for Zero Trust strategies. The conversation covers the critical need for improved communication of security requirements and the importance of automation in enhancing operational efficiency.

Join Peter Hedberg, a senior underwriter at Corvus, Maury Haber, Chief Security Advisor at BeyondTrust, and Stephan Jou, Senior Director of Security Analytics at OpenText, as they dive into the complexities of cyber insurance and CISO empowerment. They discuss the record-breaking vulnerabilities in Microsoft's software and how organizations can address these risks. The conversation also highlights the evolving role of CISOs in integrating cybersecurity with corporate governance and the necessity for collaboration with underwriters to manage emerging threats effectively.

This week, it’s time for security money. The index is up, but the previous quarterly results were brutal. In the leadership and communications segment, Get out of the audit committee: Why CISOs need dedicated board time, Quietly Burning Out? What To Do When Your Leadership Starts Lacking, How to rethink leadership to energize disengaged employees, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-399

Alla Valente, Principal Analyst at Forrester Research, dives into the vital role of leadership in navigating business risks during challenging times. She introduces the Three E’s Framework for identifying what leaders can control amid volatility. The discussion covers the importance of cybersecurity in mergers and acquisitions, the evolution of the CISO role, and how leadership habits impact team dynamics. Valente emphasizes the need for emotional intelligence and presence to enhance communication and team performance.

Join Albert Estevez Polo, a tech innovator specializing in quantum computing, along with Chris Hickman, a digital identity guru, Jordan Avnaim, an expert in cybersecurity, and Amit Sinha, a machine identity visionary. They discuss the critical need for automated micro-segmentation to bolster network security against evolving threats. The guests also delve into the pressing challenges of adapting to post-quantum cryptography, the importance of risk intelligence, and strategies for effective identity verification amidst deep fake challenges. Tune in for expert insights and practical solutions!

Rohit Dhamankar, Vice President of Product Strategy at Fortra, shares insights on combatting the misuse of Cobalt Strike, resulting in an impressive 80% drop in cybercriminal activities. Theresa Lanowitz, Chief Evangelist at Level Blue, discusses the Level Blue Futures Report, emphasizing the importance of cyber resilience in business strategies and incident response. They explore how CISOs can secure board-level positions, the shift from technical expertise to business acumen, and promoting proactive cybersecurity measures to align with business goals.

In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet’s FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395

In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company’s latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He’ll also explore what this launch means for Axonius’ mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-394

Summer Fowler, CISO at Torque Robotics, shares her expertise in aligning cybersecurity with business goals. She discusses the complexity behind the phrase 'say easy, do hard,' emphasizing the challenges of implementing effective Objectives and Key Results (OKRs) in cybersecurity. Their conversation tackles the importance of transparency and collaboration in managing risks while aligning security measures with organizational objectives. With insights from her teaching experience, Fowler highlights the necessity of clear communication and the role of leadership in fostering a risk-aware culture.