Be Fearless Podcast by SquareX

Adrian Sanabria, Principal Researcher at The Defenders Initiative joins Field CISO John Carse to dissect why security keeps failing despite massive investments in tools and compliance frameworks. In this episode, John turns the tables and puts Adrian (also the Main Host of Enterprise Security Weekly) in the hot seat — discussing why focusing on checklists keeps defenders perpetually behind, how cyber insurance might force real change and why AI has become the attacker's number one accomplice in 2025.0:00 On mission-driven security14:10 Cyber insurance as the next control enforcement25:35 Why ransomware is a great framework for attackers33:54 Prompt injection attacks are the next big problem40:29 Using the frameworks in the right way to guide security decisions and communication45:14 Why CISOs must avoid the "hoarding" mindset🔔 Follow Adrian and John on:https://www.linkedin.com/in/adrian-sanabria/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Royce Markose, CISO at Vistrada, shares his journey from breaking apart computers as a kid to leading cybersecurity for billion-dollar organizations. He dives into why hackers are shifting from endpoints to SaaS and browser attacks, how AI is transforming security risks, and how vendors should best pitch to CISOs and pull them into the conversation.00:00 Leading a security team with limited resources10:21 The mistake vendors make when selling to CISOs16:07 Building cybersecurity strategies at Vistrada25:10 The browser is the new battleground for breaches29:41 Redefining the CISO’s role as a business partner🔔 Follow Royce and Aleksandra on:https://www.linkedin.com/in/royce2020/https://www.linkedin.com/in/aleksandra-melnikova-1012/ 🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Alfredo Ramirez IV, Senior Director Analyst, Emerging Technologies & Trends at Gartner, sits with Audrey Adeline from the SquareX Founder’s Office to discuss the latest market trends from his vantage point: “agent washing” where vendors rebrand simple automation as AI agents, why machine identities are becoming the fastest-growing attack surface, and how both deepfakes and deepfake detection are rapidly evolving.0:00 Lessons from the metaverse bust13:41 When AI agents become insider threats21:22 How AI has transformed disinformation security25:45 Deepfakes don't just cover humans31:46 Alfredo's outlook for the next year37:50 Emerging threats shaping the future of cybersecurity🔔 Follow Alfredo and Audrey on:https://www.linkedin.com/in/alfredor/https://www.linkedin.com/in/audrey-adeline/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Bithal Bhardwaj, CEO at Gramax, spent over two decades as a cybersecurity leader across GE and GMR Group before making the leap to CEO. In this conversation, he reveals why the transition was surprisingly seamless, shares war stories from managing a 48-hour coordinated attack on critical infrastructure, and explains why security vendors shouldn't rely on marketing jargon. 0:00 Making the leap from CISO to CEO15:13 "Contextualize cyber threats from a geography standpoint"23:35 Why crisis management must be muscle memory beyond just a document26:32 What seasoned CISOs look for in vendors33:16 Advice for CISOs who want to transition to a higher leadership role🔔 Follow Bithal and Aleksandra on:https://www.linkedin.com/in/bithal-bhardwaj-622a523/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Marian Newsome, Founder of Ethical Tech Matters and an IEEE CertifAIEd Lead Assessor (Top 100 Globally), sits down with SquareX Field CISO John Carse to unpack why most organizations are dangerously unprepared for AI governance. They dive into real-world failures, discuss the three fundamental principles for AI governance, and why browser security should be on your threat model right now. 0:00 AI innovation should not outpace governance12:25 Three principles for AI governance21:55 Compliance should not be complex30:22 Procurement can be a gateway into enterprise data leakage44:39 Closing and Marian's podcasting experience🎙️ Listen On:Apple Podcasts: https://podcasts.apple.com/us/podcast/be-fearless-podcast-by-squarex/id1750854064Spotify: https://podcasters.spotify.com/pod/show/getsquarex🔔 Follow Marian and John on:https://www.linkedin.com/in/mariannewsome/Ethical Tech Matters: https://ethicaltechmatters.com/Tech Aunties Podcast: https://creators.spotify.com/pod/profile/the-tech-aunties/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

J Wolfgang Goerlich, CISO for Oakland County Michigan Government, shares his unconventional path from wanting to be a hacker after watching the movie "Hackers" to leading government cybersecurity. In this conversation, Wolfgang breaks down why LLMs are surprisingly easy to manipulate using the same social engineering tactics that work on humans, why he believes good security starts with people not technology, and his fascinating approach to building security culture one conversation at a time. He also reveals how peer pressure made an AI image generator go rogue and why government employees might actually care more about security than private sector workers.0:00 Why communities help you get out of the cyber echo chamber15:12 Social engineering works on LLMs too26:51 AI psychosis risk and cognitive manipulation31:13 Using behavioural science to make security stick38:57 The five pillars of good security awareness🔔 Follow Wolfgang and John on:https://www.linkedin.com/in/jwgoerlich/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Kane Narraway, Head of Enterprise Security at Canva, shares how he went from digital forensics in UK law enforcement to protecting millions of users' creative workflows today. He breaks down why marketing and sales teams are more vulnerable than engineers to attacks, his framework for balancing security with velocity and culture, and why security awareness training should “only do the required amount, and then tailor that to the individuals”. 0:00 Every country’s cybersecurity quirks are different9:59 Canva's unique security challenge: data protection in physical printing14:21 Stealer malware and mitigation with device-bound session credentials24:05 Why most acquisitions fail from a security view35:08 Finding balance between security, culture and velocity44:57 Security awareness: the importance of targeted training🔔 Follow Kane and Aleksandra on:https://www.linkedin.com/in/kane-n/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Join us as Dr. Nathan Fisk, Associate Professor of Cybersecurity Education of USF and Cyber Florida Academic Director, discusses the importance of community in cybersecurity education. In this episode, Nathan explains how formal education has drifted away from the hacker culture that actually builds effective security professionals. He shares insights on why passion beats certifications, how community connections trump degrees, and what parents need to know about their kids' shrinking attention spans in the age of AI.0:00 How a computer infection got Nathan into his career5:32 Generational differences in approaching cybersecurity11:38 The decline of the "hacker mindset" in cybersecurity28:55 How community makes better security professionals36:01 Nate's inspiration to start the 502 Project49:50 Most cybersecurity degrees fail industry needs57:18 What must we get right in cybersecurity education🔔 Follow Nate and John on:https://www.linkedin.com/in/nwfisk/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Cezary Piekarski, Group CISO at Standard Chartered, joins us to share hard-earned wisdom from 25+ years securing financial institutions globally. In this episode of the Be Fearless podcast, Cezary shares how Standard Chartered scales security without becoming a bottleneck, draws fascinating parallels between today's AI security challenges and buffer overflow attacks and why curiosity is the hallmark of all great CISOs.0:00 Scaling security without bottlenecks7:19 How the browser (and browser security) has evolved14:13 AI security parallels to buffer overflow attacks of the past16:16 Outsourcing accountability to users doesn’t work20:56 Why crisis communication must take outside events into account28:49 Closing and how “security is a study of failure”🔔 Follow Cezary and Audrey on:https://www.linkedin.com/in/cpiekarski/https://www.linkedin.com/in/audrey-adeline/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Eric Mizell, Field CTO and VP Field Engineering at Keyfactor, breaks down why digital certificates are the security blind spot most companies don't know they have. From his early days fixing Novell networks to helping enterprises manage millions of IoT identities, Eric shares war stories about expired certificates that couldn't send breach alerts, private keys stored in network folders with the same password, and how AI is intelligently helping threat actors make decisions on how to attack. 0:00 PKI hierarchies matter for enterprise security14:09 Expired code signing certificates are still risky17:53 Should you run your own CA or outsource it?25:08 The importance of knowing your "cryptographic posture"36:49 Death of passwords and the trust crisis in browsers45:05 AI-driven attacks in the cybersecurity arms race🔔 Follow Eric and John on:https://www.linkedin.com/in/eric-mizell-8864977/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0