Enterprise Security Weekly (Audio)

Topic Segment - What's new at Black Hat? We're coming live from hacker summer camp 2025, so it seemed appropriate to share what we've seen and heard so far at this year's event. Adrian's on vacation, so this episode is featuring Jackie McGuire and Ayman Elsawah! News Segment Then, in the enterprise security news, Tons of funding! SentinelOne picks up an AI security company weeks after Palo Alto closes the Protect AI deal Vendors shove AI agents into everything they’ve got Why SOC analysts ignore your playbooks NVIDA pinkie swears to China: no back doors! ChatGPT was allowing shared chat sessions to be indexed and crawled by search engines like Google Who is gonna secure all this vibe code? Who is gonna triage all these hallucinated bug reports? Perplexity and Cloudflare duke it out When you try to scrub your shady past off the Internet, it might just make things worse. All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-419

Guillaume Ross, owner and consultant at Caffeine Security, shares his expertise on building security programs from scratch, particularly in the fintech space. He discusses the daunting task of being a CISO with no existing frameworks and outlines essential first steps. The conversation also delves into recent funding news in cybersecurity, key acquisitions, and the role of detection engineers. Listeners gain insights into modern security practices and the importance of resilience over mere prevention in today’s evolving landscape.

Interview Segment - Lessons Learned from the tj-actions GitHub Action Supply Chain Attack with Dimitri Stiliadis Breach analysis is one of my favorite topics to dive into and I’m thrilled Dimitri is joining us today to reveal some of the insights he’s pulled out of this GitHub Actions incident. It isn’t an overstatement to say that some of the lessons to be learned from this incident represent fundamental changes to how we architect development environments. Why are we talking about it now, 4 months after it occurred? In the case of the Equifax breach, the most useful details about the breach didn’t get released to the public until 18 months after the incident. It takes time for details to come out, but in my experience, the learning opportunities are worth the wait. Topic Segment - Should the US Go on the Cyber Offensive? Triggered by an op-ed from Dave Kennedy, the discussion of whether the US should launch more visible offensive cyber operations starts up again. There are a lot of factors and nuances to discuss here, and a lot of us have opinions here. We'll see if we can do any of it justice in 15 minutes. News Segment Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-417

Helen Patton, Co-founder and Chief of Staff for the Cybersecurity Canon, dives into the fascinating world of cybersecurity literature, introducing a hall-of-fame for essential reads. She shares insights about her book, 'Navigating the Cybersecurity Career Path,' and discusses the controversial idea of ditching SOC 2 in favor of more effective industry-specific frameworks. The conversation also touches on current enterprise security news, including unexpected layoffs and vulnerabilities within the US railway system, showcasing the evolving landscape of cybersecurity.

Monzy Merza, CEO and co-founder of Krogel, brings his extensive experience from Databricks and Splunk to discuss the nuanced landscape of AI in cybersecurity. He shares insights on the right and wrong ways to implement AI in Security Operations Centers, stressing the need for transparency and ethical pricing models. The conversation also delves into the challenges of integrating AI, where many startups face barriers due to a lack of AI capabilities. Additionally, the importance of collaboration and innovative funding in cybersecurity is highlighted.

In this discussion, guests Treb Ryan, CEO of Cubeless, and Sagi Rodin, CEO of Frontegg, explore the broken barriers to access in cybersecurity. They advocate for simplifying Single Sign-On and Multi-Factor Authentication without hidden fees. Amir Ofek from AxoniusX highlights the need for actionable identity governance amidst AI advancements. Ajay Amlani shares insights on biometric technology's role in enhancing digital trust, while Ajay Gupta discusses strategic risk management approaches for enterprises. This lively exchange uncovers the future of identity and access in a digital landscape.

In this engaging discussion, Dave Lewis, Global Advisory CISO at 1Password, dives into the pitfalls of relying on SSO for security, exposing the lurking threats of shadow IT. He highlights real-world security failures and the human tendency to bypass controls for convenience. The conversation shifts to the looming impact of AI on jobs, tackling fears and misconceptions about automation. Lewis also advocates for tailored security solutions and user-centric practices to bolster enterprise defenses against evolving cyber threats.

Join industry experts Chip Hughes, Ashley Stevenson, John Pritchard, Amit Masand, Matt Caulfield, and David Lee as they tackle the ever-evolving world of identity and access management. They discuss the challenges of outdated access methods in critical sectors like healthcare, emphasizing the shift towards passwordless authentication for better security and user experience. Explore the importance of integrating PKI and IAM to build digital trust, and hear cutting-edge insights into the future of certificate management in an increasingly complex landscape.

Rob Allen, Chief Product Officer at ThreatLocker, specializes in insider threats and endpoint security. Yotam Segev, CEO of Cyera, leads discussions on cloud data security and its classification challenges. Matthew Warner, CEO of Blumira, focuses on making cybersecurity accessible to SMBs. They explore the rising trend of hybrid and edge computing, the significance of insider threats, and the critical evolution in data security practices. Insights from RSAC 2025 highlight how organizations can navigate emerging complexities in cybersecurity.

Joining the discussion are Dr. Tina Srivastava, an MIT-trained rocket scientist and co-founder of Badge, who advocates for passwordless authentication to reduce data breaches. Marty Momdjian, GM at ReadyOne, shares insights on incident response and crisis management in cybersecurity. Amit Saha, co-founder of Saviynt, emphasizes the evolution of identity governance in the digital age. The conversation highlights innovative strategies for eliminating stored credentials, enhancing security, and adapting to emerging technological challenges.