Enterprise Security Weekly (Audio)

Dr. Anand Singh, CISO at Symmetry Systems and author of 'Data Security in the Age of AI', discusses the urgency behind his new book focused on securing AI implementations. He reveals five foundational steps to reshape data governance in the AI landscape and emphasizes the vital role of AI in incident response and risk management. The podcast also delves into the surprising purchasing behaviors of CISOs, highlighting that personal career safety often influences their choices more than product performance. Key insights into evolving security practices round out the conversation.

This discussion features Dor Fledel from Okta, who dives into identity sprawl and automated remediation for AI agents. Alexander Makarov from Adyen shares insights on phishing-resistant authentication and identity automation. Standards expert Aaron Parecki emphasizes the importance of interoperable identity frameworks. Heather Ceylan of Box talks about embedding AI into workflows while maintaining data governance. Finally, Matt Immler discusses insider threats and the need for a security-focused culture, while Nitin Raina warns about AI-driven social engineering.

How identity security can keep pace with the evolving threat landscape, with Brett Winterford Today’s threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team’s most recent investigations, as well as recommendations for organizations looking to strengthen their defenses. Segment Resources https://www.okta.com/newsroom/articles/okta-threat-intelligence-exposes-genai-s-role-in-dprk-it-scams/ https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/ https://sec.okta.com/articles/uncloakingvoidproxy/ How to navigate app development in the AI era with Shiv Ramji As AI reshapes how applications are built and consumed, developers and engineering leaders face a new set of challenges: enabling innovation while maintaining security. In this interview, Auth0 President Shiv Ramji will discuss the shifting landscape of application development in the AI era. He’ll discuss the shift toward developing AI agents that are secure by design and standards-first so they can thrive within an interconnected web of applications and systems. How AI agents are reshaping cybersecurity from the inside out with Damon McDougald AI is being harnessed to transform cybersecurity operations—from automating routine tasks to closing skills gaps and accelerating incident response. Damon McDougald, Global Security Services Lead at Accenture, shares how agents can cut through alert fatigue and proactively defend against threats at scale. Damon also outlines the identity risks these agents introduce—and what cybersecurity leaders must do now to secure their access and maintain control in an increasingly autonomous environment. All three segments are sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-426

Tod Beardsley, VP of Security Research at RunZero and an expert in security, discusses the shortcomings of traditional vulnerability management. He emphasizes the failure of CVE-centric approaches and highlights the importance of addressing issues like default credentials and misconfigurations. The conversation dives into recent NPM supply chain attacks, the fragility of the ecosystem, and community-driven solutions. Beardsley also touches on the latest trends in AI acquisitions and the cautious embrace of agentic AI within the banking sector.

This installment features Jeff Pollard, VP at Forrester Research and co-author of the AEGIS Framework, which addresses the challenges AI poses for security leaders. Rohit Dhamankar from Fortra highlights the importance of offensive security in regulatory compliance. Michael Leland of Island sheds light on compromised credentials and browser security. The discussion dives into the urgent need for proactive measures against AI-driven risks, recent funding news, and the balance between technological advancements and privacy concerns, making for a thought-provoking conversation.

Join Doug White as he chats with a powerhouse lineup: Theresa Lanowitz from LevelBlue sheds light on the critical risks of software supply chains, while Yuval Wollman from CyberProof dives into how AI agents are reshaping cyber threats. Mickey Bresman of Semperis discusses the evolution of ransomware and extortion tactics. J.J. Guy explores asset visibility challenges, and Jason Passwaters emphasizes the need for precise threat intelligence. Together, they highlight the integration of AI and the increasing complexity of cybersecurity in today's digital landscape.

Dave Lewis, Global Advisory CISO for 1Password, dives into the crucial role of cybersecurity in mergers and acquisitions. He highlights common pitfalls and emphasizes the need for thorough security assessments to safeguard organizational value. The conversation also touches on the importance of transparency in breach disclosures, arguing that shared insights could enhance industry learning. Additionally, Lewis discusses the challenges of integrating security measures during organizational shifts and the evolving threats posed by AI in the cyber landscape.

Harish Peri, SVP of Product Marketing at Okta, dives into the future of AI in identity management and previews the upcoming Oktane conference. He discusses the intriguing challenges of integrating agentic AI while maintaining security, particularly how to manage AI agents without granting excessive privileges. The conversation also highlights the risks of indirect prompt injection vulnerabilities, the evolving landscape of identity management in conservative industries, and the excitement surrounding new AI-driven security solutions.

Snehal Antani, CEO of Horizon 3 AI and former CIO at GE Capital, tackles the pitfalls of vulnerability management in organizations. He argues that traditional methods often lead to ineffective lists, suggesting a need for a more robust approach. The discussion also highlights insights from the recent Black Hat conference, focusing on innovative security tools and engagement strategies. Additionally, they touch on the role of AI in evolving cybersecurity, the skepticism around marketing claims, and the importance of risk-based management for better defenses.

Topic Segment - What's new at Black Hat? We're coming live from hacker summer camp 2025, so it seemed appropriate to share what we've seen and heard so far at this year's event. Adrian's on vacation, so this episode is featuring Jackie McGuire and Ayman Elsawah! News Segment Then, in the enterprise security news, Tons of funding! SentinelOne picks up an AI security company weeks after Palo Alto closes the Protect AI deal Vendors shove AI agents into everything they’ve got Why SOC analysts ignore your playbooks NVIDA pinkie swears to China: no back doors! ChatGPT was allowing shared chat sessions to be indexed and crawled by search engines like Google Who is gonna secure all this vibe code? Who is gonna triage all these hallucinated bug reports? Perplexity and Cloudflare duke it out When you try to scrub your shady past off the Internet, it might just make things worse. All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-419