Resilient Cyber

In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.Kenny and I dove into a lot of topics, including:What FedRAMP is and why it mattersWhat FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressingThe various aspects of FedRAMP 20x, including its phased rolloutChanges via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”FedRAMP’s modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMPThe importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon), and more for practical GRC EngineeringThe role of GRC platforms when it comes to modernizing GRCWhat are the implications of FedRAMP 20x for other public sector compliance programs, such as DoD’s SWFT, SRG, and RMFSubscribe now

Snehal Antani, Co-founder and CEO of Horizon3.ai, is an expert in autonomous penetration testing and proactive security. He delves into the evolution of AI in pen testing, highlighting the importance of balancing human intuition with automated processes. Snehal shares insights on the critical bottleneck of remediation and discusses the rise of threat-informed defense strategies. He also emphasizes the risks posed by misconfigurations and the necessity of securing software tools. Horizon3’s growth reflects a market shift towards continuous testing, showcasing innovation in automated remediation.

In this episode of Resilient Cyber, I sit down with Astrix Security Co-Founder and CEO Alon Jackson to discuss the need for secure agentic adoption across the enterprise. This includes Astrix’s approach, which involves enabling enterprises to discover, secure, and deploy AI agents responsibly at scale.

In this episode of Resilient Cyber, I sit down with Binalyze Founder/CEO Emre Tinaztepe.We will discuss how AI and automation are impacting the future of the SOC and the role that forensics-level data can play in incident response and recovery, as well as proactive threat hunting.

In this episode, I sit down with Andy Ellis, a longtime industry security leader who has turned investor, advisor, and mentor. We will discuss how security vendors can build effective marketing and sales teams and Andy's experience identifying and investing in industry-leading security startups. Don't miss this chance to hear from an industry legend who has worn multiple hats and excelled as an operating, investor, and overall security leader.

- One of the biggest SaaS security incidents recently of course is the Salesloft Drive/Salesforce incident, which impacted hundreds of organizations and involved compromised OAuth tokens. Can you tell us a bit about the incident and the fallout?- In an AppOmni blog on the incident, you all discuss attackers taking advantage of persistent OAuth access, over-permissive access, limited monitoring, and unsecured secrets. Why do these problems continue to plague organizations despite incidents like this?This is part of a broader trend of increased SaaS supply chain attacks. What makes these attacks so enticing for malicious actors and challenging for organizations to prevent entirely?You recently published your State of SaaS Security Report, which projects SaaS to grow 20% YoY between 2025 and 2032. This is despite 75% of organizations reporting a SaaS security incident in the past year. Why do you think we're seeing continued growth in adoption but still lagging in SaaS security to accompany the adoption?The report discusses the rise of NHIs and GenAI and how this will exacerbate problems around SaaS Access and incidents. Can you unpack that for us?I was shocked to see the report find that just 13% of organizations use SSPM tooling despite SaaS's widespread adoption. When you talk to enterprises, for example, nearly everyone is doing some CSPM activity for IaaS. Why are so many neglecting hygiene and posture for their SaaS footprint?

Rob T. Lee, the Chief of Research and Chief AI Officer at the SANS Institute, dives into AI's transformative influence on cybersecurity and the workforce. He discusses the SANS Critical AI Security Guidelines, addressing the need for effective risk management in light of AI advancements. Lee highlights the dual nature of AI, noting both potential job displacement and new opportunities in cybersecurity governance. He emphasizes the importance of community collaboration and innovative training to adapt to this evolving landscape.

In this episode of Resilient Cyber, I sit down with Gianna Whitver and Maria Velasquez to chat about the state of marketing in the cybersecurity industry, as well as their popular event "Cyber Marketing Con"In this episode, we discussed:The background of the CyberMarketingCon and what led Gianna and Maria to co-found the event and communityWhere marketers typically fall short and what can be done to drive more effective marketing and selling to security practitioners and leadersWhat practitioners can learn their marketing peers when it comes to communication, empathy, story telling, and building relationshipsThe importance of marketing, brand and broader GTM for security vendors to stand out from their competitorsWhat to keep an eye out for at the upcoming CyberMarketingCon in December in Austin Texas

Michael Bargury, Co-Founder and CTO at Zenity, dives into the critical issues of AI agent security. He reveals emerging vulnerabilities, including the dangerous zero-click exploit known as Agent Flayer. The conversation highlights risks associated with popular AI tools like Salesforce Einstein and ChatGPT, emphasizing the potential for identity hijacking. Bargury discusses the challenges of assessing AI vulnerabilities through the AIVSS project and advocates for stronger security measures and collaboration among experts in the rapidly evolving AI landscape.

In this episode, I sit down with Andrew Carney, Program Manager for DARPA's AI Cyber Challenge (AIxCC). DARPA's AIxCC recently concluded at Black Hat, and it brought together the industry's leading experts on AI and Cybersecurity with a focus on securing software that is critical to all Americans.Teams had to create novel AI systems to secure critical code, include software involved in critical infrastructure.