Be Fearless Podcast by SquareX

Jon Baker, Director & Co-founder of MITRE's Center for Threat-Informed Defense (CTID) joins us for a deep dive into the beginnings of the eponymous concept. In this episode, Jon shares how he started his journey in MITRE, discusses the intricacies of protecting the browser and practical advice on building threat-informed defense programs.0:00 Episode highlights and how the CTID started and how the concept of threat-informed defence came about8:45 Why chasing vulnerabilities is a losing battle15:24 Getting started with a threat detection cycle24:53 How MITRE ATT&CK became the industry standard and how it’s evolved35:39 Browser attacks in the SaaS-dominated world46:23 A mistake sophisticated security teams make: trying to do too much51:22 Closing and how you can get involved in the community🔔 Follow Jon and John on:https://www.linkedin.com/in/jonathanobaker/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

One of security’s most well-known figures, Anton Chuvakin, coined the term EDR (Endpoint Detection and Response) during his stint at Gartner, pioneering the “DR” naming convention we’re all familiar with today. Now Senior Security Staff at Google’s Office of the CISO, he shares his thoughts on securing the cloud, the need for observability with browsers, how AI has shifted from “helpful” to “indispensable” and more.0:00 Anton’s work in cybersecurity5:27 Securing the cloud and how “it’s a different beast”9:02 Evolution from EDR to XDR and the “something-DR” naming trend15:19 What constitutes "Detention and Response"?26:29 AI (and shadow AI) are here to stay32:29 The need for observability, detection and response in the browser37:43 “Active Directory plays a central role in most breaches”40:50 How startup vendors underestimate the complexity of enterprises45:05 Closing and how Gemini has become indispensable for Anton🔔 Follow Anton and Aleksandra on:https://www.linkedin.com/in/chuvakin/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Dr. Chenxi Wang, Founder and General Partner of Rain Capital, has fascinating patterns in cybersecurity investing that most people miss. In this conversation, we dive deep into the mismatch between what founders are building versus what CISOs actually need, female representation amongst cyber founders and why being fearless isn't just a podcast name - it's a practice to incorporate into your very life.0:00 Chenxi’s accidental start to cybersecurity in academia4:17 A rising trend in cybersecurity: securing AI and AI agents9:23 Unpacking the founder-investor mismatch15:37 Breaking barriers for women in cybersecurity21:48 Being data-driven and challenges in early-stage venture investing34:17 Why hardware security could be a rising investment area43:02 Common founder mistake: not focusing on user experience46:54 How personal habits can compromise browser security🔔 Follow Chenxi and Aleksandra on:https://www.linkedin.com/in/chenxiwang88/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Christopher Ahlberg, CEO and co-founder of Recorded Future (which was recently acquired by Mastercard), breaks down the evolving cybersecurity landscape with SquareX's field CISO John Carse. From his journey building Spotfire to creating the world's largest threat intelligence company, Ahlberg shares critical insights on nation-state actors today, the challenges facing modern CSOs, and why predictive threat intelligence is no longer a luxury in today’s world. 0:00 How a computer scientist went to hunt cyber criminals14:46 Your network is NOT safe if your neighbour’s isn’t27:43 How adversaries always find the weakest link39:26 “Some of the best hackers are actually pretty good social engineers”44:03 Bridging the gap between technical teams and executives51:46 Predictive threat intelligence is essential🔔 Follow Christopher and John on:https://www.linkedin.com/in/christopherahlberghttps://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Luke Shoberg took an unconventional path from studying biology to becoming Global CISO at Sequoia Capital. In this conversation, Luke explains what makes VC security uniquely challenging, why being "professionally paranoid" is essential in security, and how startups can implement scale-appropriate security without killing innovation. 0:00 Introduction and Luke’s path to cybersecurity in VC4:38 The unique challenge of cybersecurity in VC9:33 The common thread across cyber incidents15:31 Luke’s transition to Latacora19:04 What is ‘scale-appropriate security' for startups?25:56 The rise of browser-based attacks and stolen credentials34:02 Tailoring cybersecurity for diverse business models and communication platforms41:35 New technologies on the radar for Luke49:01 “It helps to be sceptical and approach things with an engineering mindset”🔔 Follow Luke and Aleksandra on:https://www.linkedin.com/in/lukeshoberg/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

In this episode, we sit down with Vijay Jajoo, a partner at KPMG with over two decades of experience in cyber data and tech containment. Vijay shares his unique journey into cybersecurity, the biggest challenges facing large organisations today, and the best leadership advice he ever received.0:00 The Flyer that Led to a Cybersecurity Career11:20 The qualities necessary for a cybersecurity consultant20:24 How attack surfaces have evolved over the years24:07 How the browser is now a prime target, Vijay’s approach to browser security30:12 The 3 elements attackers exploit the most34:37 Contributing via the Purple Book Community40:22 Closing, leadership advice and how "it all boils down to people"🔔 Follow Vijay and Aleksandra on:https://www.linkedin.com/in/vijay-jajoo-73b346/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Cecil Su, Director of Cybersecurity and CTI at BDO Advisory and co-lead of OWASP Singapore Chapter, brings nearly two decades of experience from his start in hospitality systems to becoming the cybersecurity leader he is today. In this episode, Cecil breaks down why the browser has become the new perimeter, insights on Singapore's vibrant cybersecurity community, red flags that signal poor security posture, and why prevention-first thinking needs to evolve into resilience-first strategy.0:00 How a hospitality tech role led Cecil into cybersecurity10:36 Inside Singapore's small but thriving cyber network14:41 How localizing the OWASP Testing Guide spiked adoption rates24:47 Browsers are now the biggest enterprise security blindspot29:17 Hidden dangers with SaaS integrations37:33 The biggest red flags in an organization's security posture43:59 Convincing executives to care about cybersecurity49:14 “Phishing isn't the disease, it's how the disease enters”55:43 Advice for security professionals1:00:16 Prevention will fail, focus on detection, response and resilience1:06:18 Black Hat AI Summit and the future of cybersecurity🔔 Follow Cecil and John on:https://www.linkedin.com/in/cecilsu/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Andrea Bergamini, VP and CIO of Orbia, started as a telco engineer 20 years ago when cybersecurity barely existed, but went into the field due to his audit work at GE, which sparked his fascination with risk and controls. Fast forward to today, and he's not just the VP and CISO at Orbia—a $8 billion purpose-driven company—but he recently made the leap to CIO as well, adding infrastructure to his security responsibilities. In this conversation, we dive deep into the balance between friction and protection being part of a purpose-driven company, and the importance of taking calculated risks.0:00 Episode highlights and introduction2:16 From telco engineer to CISO: Andrea's cybersecurity journey6:29 Orbia's purpose-driven mission and Andrea’s motivation for joining14:37 The CISO’s next chapter: Becoming a CIO21:44 Handling unmanaged assets and browser security32:10 Navigating the balance between user friction and security40:59 Using an Executive MBA to reopen closed career paths43:57 Why risk taking is crucial for aspiring CISOs🔔 Follow Andrea and Aleksandra on:https://www.linkedin.com/in/bergamini/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Aamir Niazi, Executive Director and CISO at SMBC Capital Markets, shares his unfiltered 18-year journey from engineer to leading cybersecurity teams in financial services. Aamir gets honest about hiring mistakes, building remote teams during COVID, browser security challenges, getting executive buy-in, and the challenges of transitioning from hands-on practitioner to strategic leader.0:00 Transiting from IT engineer to cybersecurity6:14 “You must build the team that has integrity”12:24 Emerging cybersecurity tech and browser security20:47 Getting the buy-in for cybersecurity tools27:18 Compliance does not equate to sound security🔔 Follow Aamir and Aleksandra on:https://www.linkedin.com/in/aniazi/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

What if most organizations are testing their security tools against the wrong threats entirely?As the leader behind the industry standard program that helps organizations understand how security tools perform against real-world threats, William Booth, General Manager and Director of MITRE's ATT&CK Evaluations, shares common misconceptions in adversary emulation, the gap between compliance and actual security effectiveness, and practical advice for security leaders trying to make sense of vendor claims and build truly effective defense strategies.0:00 Episode highlights and introduction0:56 How a money laundering investigation inspired William to enter the field6:11 What MITRE ATT&CK evaluations actually test and why participation matters23:07 Selecting the right adversary for emulation in your organization35:11 Compliance goes beyond security controls44:18 Browser attacks in ATT&CK evaluations58:37 AI's impact on evaluations and security tool performance1:10:07 Closing: advice for security leaders evaluating vendor claims🔔 Follow William and John on:https://www.linkedin.com/in/williambbooth/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0