In this episode, we sit down with Piyush Sharrma, CEO and co-founder of the Tuskira team. They're an AI-powered defense optimization platform innovating around leveraging an Agentic Security Mesh.We will dive into topics such as Platform vs. Point Solutions, Security Tool Sprawl, Alert Fatigue, and how AI can create "intelligent" layers to unify and enhance security tooling ROI.We discussed:What drove Piyush to jump back into the startup space after successfully exiting from a previous startup he helped foundThe industry debate around Platform vs. Point Solutions or Best-of-Breed and the perspectives between industry industry leaders and innovative startupsDealing with the challenge of alert fatigue security and development teams and the role of AI in reducing cognitive overload and providing insight into organizational risks across tools, tech stacks, and architecturesThe role of AI in providing intelligence layers or an Agentic Security Mesh across existing security tools and defenses and mitigating organizational risks beyond isolated vulnerability scans by looking at compensating controls, configurations, and more.Shifting security from a reactionary model around incident response and exploitation to a preemptive risk defense model that minimizes attack surface and optimizes existing security investments and architectures

We sit with Lasso Security CEO and Co-Founder Elad Schulman in this episode.Lasso focuses on secure enterprise LLM/GenAI adoption, from LLM Applications, GenAI Chatbots, Code Protection, Model Red Teaming, and more. Check them out at https://lasso.securityWe dove into a lot of great topics, such as:Dealing with challenges around visibility and governance of AI, much like previous technological waves such as mobile, Cloud, and SaaSUnique security considerations for different paths of using and building with AI, such as self-hosted models and consuming models as-a-service from SaaS LLM providersPotential vulnerabilities and threats associated with AI-driven development products such as Copilots and Coding assistantsSoftware Supply Chain Security (SSCS) risks such as package hallucinations, and both safeguarding the data that goes out to external coding tools, as well as secure consumption of the data coming into the organizationSecuring AI itself and dealing with risks and threats such as model poisoning and implementing model red teamingLasso discovered several critical concerns in their AI security research, such as Microsoft’s Copilot exposing thousands of private GitHub repos

In this episode, we sit with security leader and venture investor Sergej Epp to discuss the Cloud-native Security Landscape. Sergej currently serves as the Global CISO and Executive at Cloud Security leader Sysdig and is a Venture Partner at Picus Capital. We will dive into some insights from Sysdig's recent "2025 Cloud-native Security and Usage Report."Big shout out to our episode sponsor, Yubico!Passwords aren’t enough. Cyber threats are evolving, and attackers bypass weak authentication every day. YubiKeys provides phishing-resistant security for individuals and businesses—fast, frictionless, and passwordless.Upgrade your security:https://yubico.comSergj and I dove into a lot of great topics related to Cloud-native Security, including:Some of the key trends in the latest Sysdig 2025 Cloud-native Security Report and trends that have stayed consistent YoY. Sergj points out that while attackers have stayed consistent, organizations have and continue to make improvements to their securitySergj elaborated on his current role as Sysdig’s internal CISO and his prior role as a field CISO and the differences between the two roles in terms of how you interact with your organization, customers, and the community.We unpacked the need for automated Incident Response, touching on how modern cloud-native attacks can happen in as little as 10 minutes and how organizations can and do struggle without sufficient visibility and the ability to automate their incident response.The report points out that machine identities, or Non-Human Identities (NHI), are 7.5 times riskier than human identities and that there are 40,000 times more of them to manage. This is a massive problem and gap for the industry, and Sergj and I walked through why this is a challenge and its potential risks.Vulnerability prioritization continues to be crucial, with the latest Sysdig report showing that just 6% of vulnerabilities are “in-use”, or reachable. Still, container bloat has ballooned, quintupling in the last year alone. This presents real problems as organizations continue to expand their attack surface with expanded open-source usage but struggle to determine what vulnerabilities truly present risks and need to be addressed.We covered the challenges with compliance, as organizations wrestle with multiple disparate compliance frameworks, and how compliance can drive better security but also can have inverse impacts when written poorly or not keeping pace with technologies and threats.We rounded out the conversation with discussing AI/ML packages and the fact they have grown by 500% when it comes to usage, but organizations have decreased public exposure of AI/ML workloads by 38% since the year prior, showing some improvements are being made to safeguarding AI workloads from risks as well.

In this episode, we sit down with Investor, Advisor, Board Member, and Cybersecurity Leader Chenxi Wang to discuss the interaction of AI and Cybersecurity, what Agentic AI means for Services-as-a-Software, as well as security in the boardroomChenxi and I covered a lot of ground, including:When we discuss AI for Cybersecurity, it is usually divided into two categories: AI for Cybersecurity and Securing AI. Chenxi and I walk through the potential for each and which one she finds more interesting at the moment.Chenxi believes LLMs are fundamentally changing the nature of software development, and the industry's current state seems to support that. We discussed what this means for Developers and the cybersecurity implications when LLMs and Copilots create the majority of code and applications.LLMs and GenAI are currently being applied to various cybersecurity areas, such as SecOps, GRC, and AppSec. Chenxi and I unpack which areas AI may have the greatest impact on and the areas we see the most investment and innovation in currently.As mentioned above, there is also the need to secure AI itself, which introduces new attack vectors, such as supply chain attacks, model poisoning, prompt injection, and more. We cover how organizations are currently dealing with these new attack vectors and the potential risks.The biggest buzz of 2025 (and beyond) is Agentic AI or AI Agents, and their potential to disrupt traditional services work represents an outsized portion of cybersecurity spending and revenue. Chenxi envisions a future where Agentic AI and Services-as-a-Software may change what cyber services look like and how cyber activities are conducted within an organization.If you aren’t already following Chenxi Wang on LinkedIn, I strongly recommend you do. I have a lot of connections, but she is someone when I see a post, I am sure to stop and read because she shares a TON of great insights from the boardroom, investment, cyber, startups, AI, and more.I’m thankful to have her on the show to come chat!

In this episode, we sit down with Lior Div and Nate Burke of 7AI to discuss Agentic AI, Service-as-Software, and the future of Cybersecurity. Lior is the CEO/Co-Founder of 7AI and a former CEO/Co-Founder of Cybereason, while Nate brings a background as a CMO with firms such as Axonius, Nagomi, and now 7AI.Lior and Nate bring a wealth of experience and expertise from various startups and industry-leading firms, which made for an excellent conversation.We discussed:The rise of AI and Agentic AI and its implications for cybersecurity.Why the 7AI team chose to focus on SecOps in particular and the importance of tackling toil work to reduce cognitive overload, address workforce challenges, and improve security outcomes.The importance of distinguishing between Human and Non-Human work, and why the idea of eliminating analysts is the wrong approach.Being reactive and leveraging Agentic AI for threat hunting and proactive security activities.The unique culture that comes from having the 7AI team in-person on-site together, allowing them to go from idea to production in a single day while responding quickly to design partners and customer requests.Challenges of building with Agentic AI and how the space is quickly evolving and growing.Key perspectives from Nate as a CMO regarding messaging around AI and getting security to be an early adopter rather than a laggard when it comes to this emerging technology.Insights from Lior on building 7AI compared to his previous role, founding Cybereason, which went on to become an industry giant and leader in the EDR space.

In this episode, we sit down with Rob Shavell, CEO and Co-Founder of DeleteMe, an organization focused on safeguarding exposed personal data on the public web and addressing user privacy challenges.We dove into a lot of great topics, such as:The rapidly growing problem of personal data ending up on the public web and some of the major risks many may not think about or realizeTrends contributing to personal data exposure, from the Internet itself to social media, mobile phones/apps, IoT devices, COVID, and now AIWhere to get started when it comes to taking control of your personal data and privacyPotential abuses and malicious uses for personal data and how threat actors are leveraging itHow DeleteMe can help, as well as free resources and DIY guides that individuals can use to mitigate risk associated with their personal data being exposed

In this episode of Resilient Cyber, we sit down with Steve Martano, Partner in the cyber Security Practice at Artico Search, to discuss the recent IANS & Artico Search Publications on the 2025 State of the CISO, security budgets, and broader security career dynamics.Steve and I touched on some great topics, including:The 2025 State of the CISO report and key findingsBoard reporting cadences for CISO’s and the importance of Boardroom involvement in CybersecurityThe three archetypes of CISO’s: Tactical, Functional and StrategicHow security leaders can advance their career to becoming strategic CISO’s as well as key considerations for organziation’s looking to attract and retain their security talentThe growing scope of responsibility for CISO roles from not just Infosec but to broader IT, business risk, and digital strategy and implications for CISO’sSecurity budget trends, spending, macroeconomic factors and allocationsHere are a list of some of the great resources from IANS and Artico below on various areas of interest for CISO’s and Security leaders alike!https://www.iansresearch.com/resources/ians-security-budget-benchmark-reporthttps://www.iansresearch.com/resources/ians-ciso-compensation-benchmark-reporthttps://www.iansresearch.com/resources/ians-state-of-the-ciso-reporthttps://www.iansresearch.com/resources/ians-leadership-organization-benchmark-report

Katie Norton, an Industry Analyst at IDC specializing in DevSecOps and software supply chain security, shares her insights on the evolving AppSec landscape. She discusses key trends for 2024, including the ongoing debate of platform versus point products, the impact of 'Developer Tax' on productivity, and the role of AI in automating code fixes. Katie also highlights her research focus for 2025, touching on Application Security Posture Management and the significance of storytelling to bridge the gap between security and development teams.

In this episode of Resilient Cyber, Ed Merrett, Director of Security & TechOps at Harmonic Security, will dive into AI Vendor Transparency.We discussed the nuances of understanding models and data and the potential for customer impact related to AI security risks.Ed and I dove into a lot of interesting GenAI Security topics, including:Harmonic’s recent report on GenAI data leakage shows that nearly 10% of all organizational user prompts include sensitive data such as customer information, intellectual property, source code, and access keys.Guardrails and measures to prevent data leakage to external GenAI services and platformsThe intersection of SaaS Governance and Security and GenAI and how GenAI is exacerbating longstanding SaaS security challengesSupply chain risk management considerations with GenAI vendors and services, and key questions and risks organizations should be consideringSome of the nuances between self-hosted GenAI/LLM’s and external GenAI SaaS providersThe role of compliance around GenAI and the different approaches we see between examples such as the EU with the EU AI Act, NIS2, DORA, and more, versus the U.S.-based approach

In this episode, we sit down with Sounil Yu, Co-Founder and CTO at Knostic, a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI.Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix.Sounil and I dug into a lot of interesting topics, such as:The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S.The different approaches to AI security and safety we’re seeing unfold between the U.S. and EU, with the former being more best-practice and guidance-driven and the latter being more rigorous and including hard requirements.The age-old concept of need-to-know access control, the role it plays, and potentially new challenges implementing it when it comes to LLM’sOrganizations rolling out and adopting LLMs and how they can go about implementing least-permissive access control and need-to-knowSome of the different security considerations betweenSome of the work Knostic is doing around LLM enterprise readiness assessments, focusing on visibility, policy enforcement, and remediation of data exposure risks----------------Interested in sponsoring an issue of Resilient Cyber?This includes reaching over 16,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business ExecutivesReach out below!-> Contact Us! ----------------