While cybercriminals can (and do) infiltrate organizations by exploiting software vulnerabilities and launching brute force attacks, the most direct—and often the most effective—route is via the inbox. As the front door of an enterprise and the gateway upon which employees rely to do their jobs, the inbox represents an ideal access point for attackers.And it seems that, unfortunately, cybercriminals aren’t lacking when it comes to identifying new ways to sneak in. Abnormal Security’s Field CISO, Mick Leach, will discuss some of the sophisticated threats we anticipate escalating in the coming year—including cryptocurrency fraud, AI-generated business email compromise, and more.Mick and I dove into a lot of great topics, including:The evolution of email based attacks and why traditional tooling may fall shortHow attackers are leveraging GenAI and LLM’s to make more compelling email-based attacksHow defenders can utilize AI to improve their defensive capabilitiesThe role of tooling such as Secure Email Gateways and more, and how they still play a role but fail to meet the latest threat landscapeHow Abnormal is tacking email-based attacks and the outcomes they are helping customers achieve with streamlined integration and use

In this episode, we sit down with Rajan Kapoor, Field CISO of Material Security, to discuss the security risks and shortcomings of native cloud workspace security offerings and the role of modern platforms for email security, data governance, and posture management.Email and Cloud Collaboration Workspace Security continues to be one of the most pervasive and challenging security environments, and Rajan provided a TON of excellent insights. We covered:Why email and cloud workspaces are some of the most highly targeted environments by cyber criminals, what they can do once they do compromise the email environment, and the broad implications.The lack of security features and capabilities of native cloud workspaces such as M365 and Google Workspaces and the technical and resource constraints that drive teams to seek out innovative products such as Material Security.The tug of war between security and productivity and how Material Security helps address challenges of the native workspaces that often make it hard for people to do their work and lead to security being sidestepped.Particularly industries that are targeted and impacted the most, such as healthcare, where there is highly sensitive data, regulatory challenges, and more.Common patterns among threats, attacks, and vulnerabilities and how organizations can work to bolster the security of their cloud workspace environments.This is a fascinating area of security. We often hear “identity is the new perimeter” and see identity play a key role in trends such as zero trust. But, so often, that identity starts with your email, and it can lead to lateral movement, capturing MFA codes, accessing sensitive data, impacting business partners, phishing others in the organization, and more, all of which can have massive consequences for the organizations impacted.Raja brought his expertise as a Field CISO and longtime security practitioner to drop a ton of gems in this one, so be sure to check it out!

We’ve heard a ton of excitement about AI Agents, Agentic AI, and its potential for Cybersecurity. This ranges in areas such as GRC, SecOps, and Application Security (AppSec).That is why I was excited to sit down with Ghost Security Co-Founder/CEO Greg Martin.In this episode, we sit down with Ghost Security CEO and Co-Founder Greg Martin to chat about Agentic AI and AppSec. Agentic AI is one of the hottest trends going into 2025, and we will discuss what it is, its role in AppSec, and what system industry challenges it may help tackle.Greg and I chatted about a lot of great topics, including:The hype around Agentic AI and what makes AppSec, in particular, such a promising area and use case for AI to tackle longstanding AppSec challenges such as vulnerabilities, insecure code, backlogs, and workforce constraints.Greg’s experience as a multi-time founder, including going through acquisitions, but what continues to draw him back to being a builder and operational founder.The challenges of historical AppSec tooling and why the time for innovation, new ways of thinking, and leveraging AI is due.Whether we think AI will end up helping or hurting more in terms of defenders and attackers and their mutual use of this promising technology.And much more, so be sure to tune in and check it out, as well as check out his team at Ghost Security and what they’re up to!

Dylan Williams, a cybersecurity expert focused on security operations and large language models, and Filip Stojkovski, a seasoned professional in SecOps and threat intelligence, discuss the cutting-edge integration of Agentic AI in cybersecurity. They break down the concept of AI agents and multi-agent architectures, highlighting their potential to streamline operations. The conversation also touches on challenges like identity management and the necessity of human oversight, alongside practical tips for integrating AI into existing security frameworks.

In a thought-provoking discussion, Walter Haydock, Founder of StackAware and an expert in AI governance, delves into the key challenges organizations face in AI adoption. He emphasizes the need for robust internal governance and security frameworks, sharing lessons from his fieldwork. A fascinating comparison between U.S. and EU regulatory approaches reveals how differing policies impact innovation and economic growth. Walter also highlights essential certifications for practitioners and offers actionable advice for navigating the evolving landscape of AI security.

In this discussion, Jim Dempsey, Managing Director of the Cybersecurity Law Center at IAPP and policy advisor at Stanford, dives into the evolving cyber regulatory landscape. He shares insights on the potential shifts post-U.S. Presidential election, highlighting a possible deregulation trend in commercial tech while emphasizing tighter cyber national security measures. Dempsey contrasts the U.S.'s voluntary regulatory approach with the EU's stringent frameworks, advocating for balanced regulations that promote innovation without sacrificing safety. He also discusses the need for cohesive regulations and the importance of educating policymakers.

Tyler Shields, a cybersecurity expert with over 20 years in offensive security, and James Berthoty, founder of Latio Tech, delve into the evolution and challenges of the 'shift left' movement in cybersecurity. They reflect on its historical context and discuss how its relevance is fading in today’s fast-paced tech landscape. The conversation highlights the role of vendors and tools, while advocating for more comprehensive security approaches, questioning if 'secure by design' can truly address industry discrepancies. It's a thought-provoking discussion on the future of secure software development.

In this episode we sit down Shyam Sankar, Chief Technology Officer (CTO) of Palantir Technologies. We will dive into a wide range of topics, from cyber regulation, software liability, navigating Federal/Defense cyber compliance and the need for digital defense of the modern national security ecosystem.- First off, for those unfamiliar with you and your background, can you tell us a bit about yourself, as well as Palantir?You're a big proponent on the role that software plays now, and will play in the future when it comes the fifth domain of warfare, cybersecurity, so let's give into some of those topics.- I know you've voiced some strong opinions on the role of cyber insurance and also compliance when it comes to its static nature, compared to the dynamic activity of malicious actors and the threat landscape. Can you expand on that?- You and I also chatted about the fact that most cyber issues tie back to hygiene, and that there are no silver bullets. Do you feel like this gets lost among the marketing hype of cyber?- I know you've talked about externalizing some of Palantir's software infrastructure to enable more companies with security infrastructure and toolchains. Can you tell us about some of those capabilities?- The enablement of more companies is key, as you know the DIB has seen massive consolidation in the past decade or more, largely with the small handful of players dominating the lions share of the work in the DoD. This arguably poses systemic concentrated risks, as well as doesn't give access for the DoD to commercial innovation.You called the DoD's most powerful ally America's commerical tech sector in a recent piece. We know that times have changed, and unlike eras of the past, most digital innovation comes from the commercial space, but DoD tends to have a not built here syndrome, no doubt driven by incumbents, incentives, fiefdom building and more. What do you think the national security risks of this are?- Given you've been around DoD for some time, you've no doubt been exposed to processes like ATO's and RMF and more. What are your thoughts on the current state of compliance in the DoD and how it could potentially hinder access to commercial innovation?

In this captivating discussion, Mark Simos, a Microsoft veteran with a wealth of experience in cybersecurity, shares insights from his provocative RSA Conference talk on common security anti-patterns. He emphasizes how a technology-centric mindset often neglects business assets, calls out the harmful 'silver bullet' mentality, and humorously addresses the paradox of blame in security settings. Mark also critiques the office of 'no' that resists new trends, urging a shift towards empathy and collaboration to break these recurring mistakes.

Helen Oakley, an expert in software supply chain security at SAP, discusses the complexities of securing AI supply chains in a rapidly evolving landscape. She highlights the need for transparency and risk assessment to mitigate vulnerabilities. Oakley introduces the concept of AI-BOMs, which provide critical insights into AI models and datasets, and contrasts them with traditional SBOMs. The conversation also touches on the implications of AI regulations in the U.S. and EU, underscoring compliance challenges in high-stakes sectors like healthcare and finance.