Enterprise Security Weekly (Audio)

Helen Patton, Co-founder and Chief of Staff for the Cybersecurity Canon, dives into the fascinating world of cybersecurity literature, introducing a hall-of-fame for essential reads. She shares insights about her book, 'Navigating the Cybersecurity Career Path,' and discusses the controversial idea of ditching SOC 2 in favor of more effective industry-specific frameworks. The conversation also touches on current enterprise security news, including unexpected layoffs and vulnerabilities within the US railway system, showcasing the evolving landscape of cybersecurity.

Monzy Merza, CEO and co-founder of Krogel, brings his extensive experience from Databricks and Splunk to discuss the nuanced landscape of AI in cybersecurity. He shares insights on the right and wrong ways to implement AI in Security Operations Centers, stressing the need for transparency and ethical pricing models. The conversation also delves into the challenges of integrating AI, where many startups face barriers due to a lack of AI capabilities. Additionally, the importance of collaboration and innovative funding in cybersecurity is highlighted.

In this discussion, guests Treb Ryan, CEO of Cubeless, and Sagi Rodin, CEO of Frontegg, explore the broken barriers to access in cybersecurity. They advocate for simplifying Single Sign-On and Multi-Factor Authentication without hidden fees. Amir Ofek from AxoniusX highlights the need for actionable identity governance amidst AI advancements. Ajay Amlani shares insights on biometric technology's role in enhancing digital trust, while Ajay Gupta discusses strategic risk management approaches for enterprises. This lively exchange uncovers the future of identity and access in a digital landscape.

In this engaging discussion, Dave Lewis, Global Advisory CISO at 1Password, dives into the pitfalls of relying on SSO for security, exposing the lurking threats of shadow IT. He highlights real-world security failures and the human tendency to bypass controls for convenience. The conversation shifts to the looming impact of AI on jobs, tackling fears and misconceptions about automation. Lewis also advocates for tailored security solutions and user-centric practices to bolster enterprise defenses against evolving cyber threats.

Join industry experts Chip Hughes, Ashley Stevenson, John Pritchard, Amit Masand, Matt Caulfield, and David Lee as they tackle the ever-evolving world of identity and access management. They discuss the challenges of outdated access methods in critical sectors like healthcare, emphasizing the shift towards passwordless authentication for better security and user experience. Explore the importance of integrating PKI and IAM to build digital trust, and hear cutting-edge insights into the future of certificate management in an increasingly complex landscape.

Rob Allen, Chief Product Officer at ThreatLocker, specializes in insider threats and endpoint security. Yotam Segev, CEO of Cyera, leads discussions on cloud data security and its classification challenges. Matthew Warner, CEO of Blumira, focuses on making cybersecurity accessible to SMBs. They explore the rising trend of hybrid and edge computing, the significance of insider threats, and the critical evolution in data security practices. Insights from RSAC 2025 highlight how organizations can navigate emerging complexities in cybersecurity.

Joining the discussion are Dr. Tina Srivastava, an MIT-trained rocket scientist and co-founder of Badge, who advocates for passwordless authentication to reduce data breaches. Marty Momdjian, GM at ReadyOne, shares insights on incident response and crisis management in cybersecurity. Amit Saha, co-founder of Saviynt, emphasizes the evolution of identity governance in the digital age. The conversation highlights innovative strategies for eliminating stored credentials, enhancing security, and adapting to emerging technological challenges.

Chad Alessi, Managing Director of Cybersecurity at CTG, shares insights on the unique challenges mid-market companies face in cybersecurity. Nick Carroll, Cyber Incident Response Manager at Nightwing, discusses building resilience to stay ahead of emerging threats. Chris Peluso from Libra ESVA dives into the impact of generative AI on email security, while Eyal Benishti, CEO of Ironscales, addresses the evolution of phishing tactics. Finally, Tony Anscombe from ESET highlights the changing landscape of ransomware and the need for adaptive strategies.

Erik Bloch, CISO at Illumio, highlights the mismatched expectations around AI in Security Operations Centers, emphasizing alert fatigue and vendor discrepancies. HD Moore, CEO of runZero, shares insights on the broken state of vulnerability management, revealing blind spots and the need for better tools. Joel Burleson-Davis, CTO of Imprivata, discusses unique cybersecurity challenges across industries, stressing the importance of tailored solutions. They explore the skepticism surrounding AI's effectiveness and the evolving landscape of cybersecurity.

Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-407