Episodios

  • Transforming Frontline Workflows with Passwordless Access, AI costs, and the News - Joel Burleson-Davis - ESW #431

    Transforming Frontline Workflows with Passwordless Access, AI costs, and the News - Joel Burleson-Davis - ESW #431
    Nov 3 2025
    Segment 1: Interview with Joel Burleson-Davis

    Frontline workers can't afford to be slowed down by manual, repetitive logins, especially in mission-critical industries where both security and productivity are crucial. This segment will explore how inefficient login methods erode productivity, while workarounds like shared credentials increase risk, highlighting why passwordless authentication is emerging as a game-changer for frontline access to shared devices. Joel Burleson-Davis, Chief Technology Officer of Imprivata, will share how organizations can adopt frictionless and secure access management to improve both security and frontline efficiency at scale.

    Segment Resources:

    • Putting Complex Passwords to Work For You

    This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivata to learn more about them!

    Topic Segment: The Economics of AI Agents

    Vendors are finding, after integrating agents into their processes, that agentic AI can get expensive very quickly. Of course, this isn't surprising when your goal is "review all my third party contracts and fill out questionnaires for me" and the pricing is X DOLLARS for 1M TOKENS blah blah context window, max model thinking model blah blah. No one knows what the conversion is from "review my contracts" to millions of tokens, so everyone is left to just test it out and see what the bill is at the end of the month.

    As we saw with Cloud when adoption started increasing in the early 2010s, we are naturally entering the era of AI cost optimization. In this segment, we'll discuss what that means, how it affects the market, and how it affects the use of AI in cybersecurity.

    Jackie mentions this story from Wired in the segment: https://www.wired.com/story/ai-bubble-will-burst/

    News Segment

    Finally, in the enterprise security news,

    1. we've got funding and acquisitions
    2. 7 red flags you're doing cloud wrong
    3. security standards for open source projects
    4. post mortems of attacks on open source supply chain
    5. some analysis on current and historic AWS outages
    6. a deep dive
    7. some dumpster fires
    8. and how much would you pay for a robot that puts away the dishes?

    All that and more, on this episode of Enterprise Security Weekly.

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-431
    Más Menos
    1 h y 42 m
  • Securing AI Agents with Dave Lewis, Enterprise News, and interviews from Oktane 2025 - Mike Poole, Conor Mulherin, Dave Lewis - ESW #430

    Securing AI Agents with Dave Lewis, Enterprise News, and interviews from Oktane 2025 - Mike Poole, Conor Mulherin, Dave Lewis - ESW #430
    Oct 27 2025
    Segment 1: Interview with Dave Lewis from 1Password

    In this week's sponsored interview, we dive into the evolving security landscape around AI agents, where we stand with AI agent adoption. We also touch on topics such as securing credentials in browser workflows and why identity is foundational to AI agent security.

    • 1Password Addresses a Critical AI Browser Agent Security Gap
    • 1Password Now Available in Comet - the AI Browser by Perplexity

    This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more!

    Segment 2: Enterprise News

    In this week's enterprise security news,

    1. one big acquisition, two small fundings
    2. not all AI is bad
    3. deepfakes are getting crazy good
    4. make sure you log what your AI agents do
    5. Copilot prompt injection
    6. NordVPN tries to pull a jedi mind trick on us
    7. failure rate in AI adoption is a feature not a bug?
    8. using facial recognition to find Tinder profiles
    9. a predictable squirrel story

    All that and more, on this episode of Enterprise Security Weekly.

    Segment 3: Two interviews from Oktane 2025

    Interview with Connor Mulherin of TechSoup

    The cybersecurity landscape in the nonprofit sector is evolving quickly, with organizations facing unique challenges due to limited resources, sensitive mission-driven work, and developing policies and training programs. Connor Mulherin, Director and GM of Validation Services at TechSoup, will discuss the industry's need for accessible and collaborative solutions to provide affordable technology leadership and security guidance. It will highlight how nonprofit organizations can build long-term digital resilience and combat these growing challenges.

    Segment Resources:

    • www.techsoup.org
    • Tech Impact Launch CTO Program For Small NPOs
    • Virtual Chief Technology Officer Program for the Nonprofit Sector

    Interview with Mike Poole, Director of Cyber Security at Werner Enterprises

    In today's digital landscape, cybersecurity is not just a technical issue—it's a business imperative. Organizations that prioritize cybersecurity culture see fewer incidents and stronger resilience against evolving threats. But how do you foster a security-first mindset across an organization?

    This session will explore the critical components of building and maintaining a robust cybersecurity culture, starting with executive leadership buy-in—a fundamental step in securing resources and driving organizational change. We'll then dive into the power of monthly phishing exercises, which reinforce awareness and preparedness. Attendees will also learn how to develop effective training programs that engage employees at all levels and create lasting behavioral change. Finally, we'll discuss the role of cybersecurity-themed events, particularly during Cybersecurity Awareness Month, as a powerful tool to capture attention and reinforce key security principles.

    This segment is sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more about them!

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-430
    Más Menos
    1 h y 39 m
  • Mitigating attacks against AI-enabled Apps, Replacing the CIA triad, Enterprise News - David Brauchler - ESW #429

    Mitigating attacks against AI-enabled Apps, Replacing the CIA triad, Enterprise News - David Brauchler - ESW #429
    Oct 20 2025
    Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, Slow week for funding, older companies raising via debt financingA useful AI framework from the Cloud Security Alliancetwo interesting essays, one of which is wrongFolks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture itgetting hacked during a job interviewLLM poisoning is far easier than previously thoughtF5 got breachedBe careful when patching your Jeep ('s software) All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-429
    Más Menos
    1 h y 38 m
  • New book from Dr. Anand Singh, why CISOs buy, and the latest news - Anand Singh - ESW #428

    New book from Dr. Anand Singh, why CISOs buy, and the latest news - Anand Singh - ESW #428
    Oct 13 2025
    Segment 1 - Interview with Dr. Anand Singh

    We're always thrilled to have authors join us to discuss their new book releases, and this week, it is Dr. Anand Singh. He seriously hustled to get his new book, Data Security in the Age of AI, out as soon as possible so that it could help folks dealing with securing AI rollouts right now! We'll discuss why he wrote it, how he got it done so quickly, and who needs to read it.

    Segment Resources:

    • Get the book on Amazon: Data Security in the Age of AI (available in Kindle and print)
    Segment 2 - Topic: The reasons why CISOs buy (and the things that don't matter to them)

    Val Tsanev, founder of ExecWeb, part of the CyberRisk Alliance family, posted shared some VERY spicy insights about how CISOs buy products. This elicited some passionate responses.

    There are many interesting insights, but the biggest and most interesting is that 76% of CISOs choose products that presents the least risk to them, personally. Career safety trumps product performance, it would seem.

    Segment 3 - News

    In the enterprise security news,

    1. Shifting Zero
    2. Cyber insurance, unlike cyber crime, doesn't pay
    3. New AI security categories are popping up to serve Agentic and MCP servers
    4. how tech companies measure AI impact
    5. first malicious MCP server in the wild
    6. is your computer mouse listening to you?
    7. The Korean government did not follow the backup rule of three
    8. Think you've seen the absolute worst idea for a mobile app? Wait until you hear about Neon.
    9. We have no less than three squirrel stories involving bullets, lasers, and greasy snacks

    All that and more, on this episode of Enterprise Security Weekly.

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-428
    Más Menos
    1 h y 44 m
  • AI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) - Matt Immler, Heather Ceylan, Alexander Makarov, Nitin Raina, Dor Fledel, Aaron Parecki - ESW #427

    AI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) - Matt Immler, Heather Ceylan, Alexander Makarov, Nitin Raina, Dor Fledel, Aaron Parecki - ESW #427
    Oct 6 2025

    At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today's AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks.

    In this special Enterprise Security Weekly episode, we bring together insights from top experts:

    • Dor Fledel (Okta) explains how teams can gain visibility into AI agents, uncover risks, and enforce appropriate access controls.
    • Alexander Makarov (Adyen) shares how a global fintech unified and streamlined identity with Okta, improving both security and employee experience across 200+ countries.
    • Aaron Parecki (Okta) highlights the importance of open standards—like IPSIE, MCP, and A2A—for building secure, interoperable AI ecosystems and centralized control over AI-driven interactions.
    • Heather Ceylan (Box) discusses how Box embeds AI into workflows to enhance data protection, even for highly regulated industries.
    • Matt Immler (Okta) offers lessons from the field on strengthening defenses with behavioral monitoring, automation, and a security-first culture to counter attackers who now "log in" instead of hacking in.
    • Nitin Raina (Thoughtworks) warns about AI-driven social engineering—from deepfakes to multi-channel phishing—and shares practical strategies like phishing-resistant MFA, zero-trust architecture, and better employee training.

    From open standards to privileged access management and AI-powered defense, these Oktane 2025 conversations explore how identity-driven strategies are shaping the future of enterprise security.

    Segment Resources: https://www.okta.com/newsroom/articles/old-security-challenges--new-ai-risks--managing-authorization-in https://www.okta.com/newsroom/press-releases/okta-introduces-cross-app-access-to-help-secure-ai-agents-in-the/ https://www.okta.com/blog/ai/securing-the-ai-agent-ecosystem/ https://www.okta.com/customers/adyen/ https://www.okta.com/newsroom/?sort=featured&filters=okta%3Acategories%2Fidentity-security https://www.okta.com/customers/thoughtworks/

    This segment is sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more about them!

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-427
    Más Menos
    1 h y 34 m
  • Live interviews from Oktane 2025: threats, AI in apps, and AI in cybersecurity tools - Brett Winterford, Shiv Ramji, Damon McDougald - ESW #426

    Live interviews from Oktane 2025: threats, AI in apps, and AI in cybersecurity tools - Brett Winterford, Shiv Ramji, Damon McDougald - ESW #426
    Sep 29 2025

    How identity security can keep pace with the evolving threat landscape, with Brett Winterford

    Today's threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team's most recent investigations, as well as recommendations for organizations looking to strengthen their defenses.

    Segment Resources

    • https://www.okta.com/newsroom/articles/okta-threat-intelligence-exposes-genai-s-role-in-dprk-it-scams/
    • https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/
    • https://sec.okta.com/articles/uncloakingvoidproxy/

    How to navigate app development in the AI era with Shiv Ramji

    As AI reshapes how applications are built and consumed, developers and engineering leaders face a new set of challenges: enabling innovation while maintaining security. In this interview, Auth0 President Shiv Ramji will discuss the shifting landscape of application development in the AI era. He'll discuss the shift toward developing AI agents that are secure by design and standards-first so they can thrive within an interconnected web of applications and systems.

    How AI agents are reshaping cybersecurity from the inside out with Damon McDougald

    AI is being harnessed to transform cybersecurity operations—from automating routine tasks to closing skills gaps and accelerating incident response. Damon McDougald, Global Security Services Lead at Accenture, shares how agents can cut through alert fatigue and proactively defend against threats at scale. Damon also outlines the identity risks these agents introduce—and what cybersecurity leaders must do now to secure their access and maintain control in an increasingly autonomous environment.

    All three segments are sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more!

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-426
    Más Menos
    1 h y 35 m
  • Disruption is Coming for the Vulnerability Management Market - Tod Beardsley - ESW #425

    Disruption is Coming for the Vulnerability Management Market - Tod Beardsley - ESW #425
    Sep 22 2025
    Interview with Tod Beardsley

    This interview is sponsored by runZero.

    Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM.

    Check out https://securityweekly.com/runzero to learn more!

    Topic Segment: NPM Incidents

    In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks.

    I recently published a roundup of these incidents over on my Substack.

    Weekly Enterprise News

    Finally, in the enterprise security news,

    1. funding and acquisitions are going crazy
    2. an exciting new canarytoken
    3. banks have a more sedate approach to agentic
    4. MCP security
    5. the future Subprime Code crash of 2028
    6. is security worried about the wrong risks?
    7. botnets are back in the headlines
    8. some bs research
    9. journalists getting duped by AI
    10. Animal crossing villagers are organizing against Tom Nook

    All that and more, on this episode of Enterprise Security Weekly.

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-425
    Más Menos
    1 h y 47 m
  • Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424

    Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424
    Sep 15 2025
    Segment 1 - Interview with Jeff Pollard Introducing Forrester's AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security For this episode's interview, we're talking to Forrester analyst Jeff Pollard. I'm pulling this segment's description directly from the report's executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won't be as simple or as straightforward as mobile and cloud — and that's bad news for security leaders who in some cases still find themselves challenged by cloud security. Segment 2 - Weekly News Then, in the enterprise security news, there's funding and acquisitions, but we're not going to talk about themAI's gonna call the cops on youand everyone's losing money on itand Anthropic agreed to pay for all the copyright infringement they did when training modelsand Otter.ai got sued for recording millions of conversations without consentBurger King got embarrassed and their lawyers didn't like itNPM package mayhemcertificate authority hijinksAI darwin awards All that and more, on this episode of Enterprise Security Weekly. Segment 3 - Executive Interviews from Black Hat 2025 Interview with Rohit Dhamankar from Fortra Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape. Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures. Whether you're building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more! Interview with Michael Leland from Island At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity's most urgent realities: compromised credentials aren't a possibility — they're a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren't "breaking in" anymore… they're logging in. Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island's enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins. Key takeaways: Why credential compromise is inevitable — and how to stop credential useHow presentation layer DLP prevents data leaks inside and outside appsReal-time blocking of phishing logins and unsanctioned SaaS accessPlug-in risk scoring, version pinning, and selective extension controlEnabling BYOD securely — even after a catastrophic laptop lossWhy many users never go back to Chrome, Edge, or Safari after switching Segment Resources: https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-424
    Más Menos
    1 h y 41 m