Enterprise Security Weekly (Audio)

In this engaging discussion, Dave Lewis, Global Advisory CISO at 1Password, dives into the pitfalls of relying on SSO for security, exposing the lurking threats of shadow IT. He highlights real-world security failures and the human tendency to bypass controls for convenience. The conversation shifts to the looming impact of AI on jobs, tackling fears and misconceptions about automation. Lewis also advocates for tailored security solutions and user-centric practices to bolster enterprise defenses against evolving cyber threats.

Join industry experts Chip Hughes, Ashley Stevenson, John Pritchard, Amit Masand, Matt Caulfield, and David Lee as they tackle the ever-evolving world of identity and access management. They discuss the challenges of outdated access methods in critical sectors like healthcare, emphasizing the shift towards passwordless authentication for better security and user experience. Explore the importance of integrating PKI and IAM to build digital trust, and hear cutting-edge insights into the future of certificate management in an increasingly complex landscape.

Rob Allen, Chief Product Officer at ThreatLocker, specializes in insider threats and endpoint security. Yotam Segev, CEO of Cyera, leads discussions on cloud data security and its classification challenges. Matthew Warner, CEO of Blumira, focuses on making cybersecurity accessible to SMBs. They explore the rising trend of hybrid and edge computing, the significance of insider threats, and the critical evolution in data security practices. Insights from RSAC 2025 highlight how organizations can navigate emerging complexities in cybersecurity.

Joining the discussion are Dr. Tina Srivastava, an MIT-trained rocket scientist and co-founder of Badge, who advocates for passwordless authentication to reduce data breaches. Marty Momdjian, GM at ReadyOne, shares insights on incident response and crisis management in cybersecurity. Amit Saha, co-founder of Saviynt, emphasizes the evolution of identity governance in the digital age. The conversation highlights innovative strategies for eliminating stored credentials, enhancing security, and adapting to emerging technological challenges.

Chad Alessi, Managing Director of Cybersecurity at CTG, shares insights on the unique challenges mid-market companies face in cybersecurity. Nick Carroll, Cyber Incident Response Manager at Nightwing, discusses building resilience to stay ahead of emerging threats. Chris Peluso from Libra ESVA dives into the impact of generative AI on email security, while Eyal Benishti, CEO of Ironscales, addresses the evolution of phishing tactics. Finally, Tony Anscombe from ESET highlights the changing landscape of ransomware and the need for adaptive strategies.

Erik Bloch, CISO at Illumio, highlights the mismatched expectations around AI in Security Operations Centers, emphasizing alert fatigue and vendor discrepancies. HD Moore, CEO of runZero, shares insights on the broken state of vulnerability management, revealing blind spots and the need for better tools. Joel Burleson-Davis, CTO of Imprivata, discusses unique cybersecurity challenges across industries, stressing the importance of tailored solutions. They explore the skepticism surrounding AI's effectiveness and the evolving landscape of cybersecurity.

Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-407

Join Sergey Gorbaty, a Senior Principal Security Architect at Fastly, Chas Clawson, Field CTO at Sumo Logic, and Jawahar Sivasankaran, President of Cyware, as they tackle the critical role secrets play in infrastructure security. They discuss the risks of poor secret management and the importance of integrating it into system design. Chas explains how SOC teams can enhance detection and response, while Jawahar shares insights on a threat-centric approach that transforms security operations. Also, they delve into AI's impact on cybersecurity and the evolving strategies for integrating intelligence.

Now in its 18th year, the Verizon Business DBIR is one of the industry’s longest standing and leading reports on the current cybersecurity landscape. This year’s report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint’s latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint’s Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it’s now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren’t just hacking systems anymore—they’re hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today’s most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405

Jeff Shiner, Co-CEO of 1Password, shares his insights on the evolving landscape of access management as organizations navigate hybrid work and increasing cyber threats. He discusses the critical 'Access-Trust Gap,' emphasizing the need for Extended Access Management to ensure secure and seamless employee access. The conversation also touches on the importance of integrating multifactor authentication and device health checks, as well as highlights from the latest Verizon DBIR, giving listeners a comprehensive view of the current security landscape and the future of access control.