Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career.

Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career:

• on Amazon
• on Barnes & Noble
• and on the publisher's website

After a cybersecurity career in various roles, doing everything from product management to malware analysis training, Lenny spent 6 years in the CISO seat at Axonius, from near the inception of the company through its growth from its modest Series A stage in 2019 to the present, with nearly a billion in funding today.

Lenny's CISO Essays:

• What Being a CISO Taught Me About Security Leadership
• As a CISO, Are You a Builder, Fixer, or Scale Operator?
• The Chief Insecurity Officer

The gold standard for third party cyber risk management has long been the humble questionnaire. While we've seen security rating services companies generate scores by scanning a company's external resources. Both approaches are widely considered inaccurate for either creating trust relationships or determining the true risk of doing business with a third party.

Every analysis of this problem comes to the same conclusion: without internal data about the state of systems and the security program, TPCRM can't improve substantially. Most this believe this to be an impossible problem: third parties would never share data this sensitive with a customer and first parties assume the same.

What if they did?

That's exactly the premise behind Tenchi Security, and Alexandre joins us to talk about how they've accomplished the 'impossible' in Brazil and aim to expand their success to the US.

Resources:

• Thoughts from a panel discussion at a recent FS-ISAC event, shared on LinkedIn
• Predicts 2026: Third-Party Cybersecurity Risk Management Evolves for the AI Era (Gartner Subscribers only, sorry)

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-452

Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses.

Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check.

In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report.

Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy!

Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these!

Finally, in the enterprise security news,

1. funding announcements seem to be ramping up before RSA
2. Should security architects be shifting right?
3. How McKinsley's AI platform got hacked… by AI
4. Amazon is having a bad time with AI lately
5. Europe announces a Google Workspace/Microsoft 365 replacement
6. Robot dogs are apparently guarding datacenters now
7. Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-451

Death by a thousand cuts: the AI shadow IT problem

I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going.

Segment 1 Resources:

• https://www.firetail.ai/ai-breach-tracker

We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran.

Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out!

Pick up the book!

• from Wiley
• from Barnes & Noble
• from Amazon
• Allie's personal website

Finally, in the enterprise security news,

1. Vibes and funding!
2. Starting to see some disruption in the vuln mgmt space (finally!)
3. Tons of new free tools
4. lots of essays
5. lots of reports
6. logs of breaches
7. the talks our hosts are giving at RSAC conference
8. and someone is selling an actual cone of silence???

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-450