Most organizations don't fail because of technology. They fail because decision authority is unclear in the first critical minutes. "Being careful" is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure?

Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss:

• Where Paralysis Actually Comes From
• What "Being Careful" Looks Like in Practice
• Why the First 20 Minutes Matter
• How Paralysis Becomes Business Damage
• Why Existing Plans Don't Hold
• What Actually Fixes It

Then, we rebroadcast two interviews from RSAC 2026.

Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We'll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself.

This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!

Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance.

This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-441

With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Say Easy, Do Hard segment, we discuss the quantum-safe journey using a framework for crypto-agility.

In part 1, we define cryptographic agility, or crypto-agility for short, and why it's important. Crypto-agility is not just about transitioning to quantum-safe cryptography in the nimblest way possible, and it's not something that can be achieved merely by updating encryption algorithms and protocols. Instead, you need to adapt your organization's cryptographic architecture, automation, and governance to allow for greater control and flexibility.

In part 2, we discuss a framework for discovery, prioritization, and remediation while keeping crypto-agility in mind. A quantum-safe journey requires:

• Inventory of Systems With Non-Quantum-Safe Algorithms And Protocols
• System Prioritization, Leading To A Migration Roadmap
• Remediation, Including Vendors And Partners

Once a distant possibility, Q-Day is quickly approaching. Are you ready for 2030?

Segment Resources:

• https://pqcc.org/wp-content/uploads/2025/05/PQC-Migration-Roadmap-PQCC-2.pdf
• https://pqcc.org/wp-content/uploads/2025/06/PQCC-Inventory-Workbook.xlsx
• https://qramm.org/learn/cryptoscan-guide.html
• https://research.ibm.com/blog/quantum-safe-cbomkit

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-440

Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable?

Ben Wilcox, CTO & CISO at ProArch, joins Business Security Weekly to help us speak the language of the board. Ben will cover how to develop measurable, strategic, and AI-ready security metrics.

In the leadership and communications segment, Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short, When the Team Gets the Recognition, Your Leadership Is Working, The communication lesson that changed my career, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-439

AI has created a dilemma for security teams. Attackers are using AI to develop exploits to newly disclosed vulnerabilities faster than security teams can patch them. Security teams have not fully leveraged the capabilities of AI to autonomously prevent these attacks. Without a radical change in approach, organizations will be exposed to an exponentially increasing attack surface. How long can your organization tolerate being exploitable?

Myke Lyons, CISO at Cribl, joins Business Security Weekly to discuss why organizations need to embrace AI to understand the behavior of attacks to effectively prevent them. For decades, we've focused on the Indicators of Compromise (IoCs) and have played whack-a-mole to try and patch them. Instead, we should focus on the Tactics, Techniques, and Procedures (TTPs) and leverage LLMs to understand the behavior of the attack. Once we understand the behaviors, we can implement preventative controls to minimize exposure. And yes, AI can also help us automate patching, when we're ready to trust it.

In the leadership and communications segment, Your Risk Tolerance Has Changed. Does Your Leadership Team Know That? , The New Leadership Structures that Unblock Innovation, How CISOs can build a resilient workforce, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-438

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust?

Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of "machine mistakes."

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-437

Most organizations view security as a cost center, a "check-the-box" expense rather than a strategic investment. This mindset leads to chronic underfunding, reactive, panic-driven decision-making, and high staff turnover. It also hampers innovation, strategic initiatives, and customer trust. What if security was viewed as a business enabler, not a cost center?

Elyse Gunn, CISO at Nasuni, joins Business Security Weekly to discuss how to make security a business enabler, turning security from a cost center into a profit center. Elyse discusses why aligning security initiatives to business drivers is the key to addressing trust, both internally and externally, and how it solves the biggest security priorities for organizations, including:

• Data Privacy
• AI Security, and
• Nth Party Risk

In the leadership and communications segment, With CISOs stretched thin, re-envisioning enterprise risk may be the only fix, To Lead Through Uncertainty, Unlearn Your Assumptions, Leaders, Consider Pausing Before Acting on Employee Feedback, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-436

The Security Weekly 25 index and the NASDAQ diverge. Funding and acquisitions continue shift to AI. Are security stocks out of favor? Netskope enters the index, but does not replace CyberArk, as Thoma Bravo buys Verint. We'll dig into all of this and more!

The index is now made up of the following 25 stocks:

SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies Inc FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc NTSK Netskope Inc CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-435

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?"

With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now?

Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization.

Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/

In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-434