Business Security Weekly (Video)

This week, it's time for security money. The index is up, but the previous quarterly results were brutal. In the leadership and communications segment, Get out of the audit committee: Why CISOs need dedicated board time, Quietly Burning Out? What To Do When Your Leadership Starts Lacking, How to rethink leadership to energize disengaged employees, and more! Show Notes: https://securityweekly.com/bsw-399

During times of volatility, business leaders often don't know what they are able to change or even what they should change. At precisely these times, business leaders become risk leaders and need to quickly learn how to identify what is within their control and what isn't — to not only survive but thrive. Alla Valente, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss how to Regain Control Over Business Risk With The Three E's Framework, a report that provides a framework for identifying what is controllable and how to be smart when dealing with volatility. In the leadership and communications section, Cybersecurity for Mergers and Acquisitions – A CISO's Guide, Your Employees Aren't the Problem. Your Leadership Habits Are, When the Best Leadership Skill Is Just Being Present, and more! Show Notes: https://securityweekly.com/bsw-398

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-397

In the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them! Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra's collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide. Segment Resources: https://www.cobaltstrike.com/blog/update-stopping-cybercriminals-from-abusing-cobalt-strike This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluersac to learn more about them! Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving. Show Notes: https://securityweekly.com/bsw-396

In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Show Notes: https://securityweekly.com/bsw-395

In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company's latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He'll also explore what this launch means for Axonius' mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo. Show Notes: https://securityweekly.com/bsw-394

In today's ever-evolving business landscape, organizations face diverse risks, including cyber risks, that can significantly affect their operations and overall prosperity. Aligning risk management strategies with organizational objectives is crucial for effectively mitigating these potential threats and fostering sustainable growth. Easier said than done. In this Say Easy, Do Hard segment, we discuss the challenges of aligning security and risk to the business, a topic we discuss often on the show. But this time, we do the hard part, by defining Objectives and Key Results aligned to Business Goals. Show Notes: https://securityweekly.com/bsw-393

AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Show Notes: https://securityweekly.com/bsw-392

Zero Trust isn't a new concept, but not one easily implemented. How do organizations transform cybersecurity from a "default allow" model, where everything is permitted unless blocked, to a "default deny" model? Danny Jenkins, Co-founder and CEO at ThreatLocker, joins Business Security Weekly to discuss this approach. Deny by default means all actions are blocked by default, with only explicitly approved activities allowed. This shift enhances security, reduces vulnerabilities, and sets a new standard for protecting organizations from cyber threats. ‍ Danny will discuss how ThreatLocker not only protects your endpoints and data from zero-day malware, ransomware, and other malicious software, but provides solutions for easy onboarding, management, and eliminates the lengthy approval processes of traditional solutions. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! In the leadership and communications section, Bridging the Gap Between the CISO & the Board of Directors, CISO MindMap 2025: What do InfoSec Professionals Really Do?, How to Prevent Strategy Fatigue, and more! Show Notes: https://securityweekly.com/bsw-391

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/ In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Show Notes: https://securityweekly.com/bsw-390

Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Show Notes: https://securityweekly.com/bsw-389

Cybersecurity teams were under increasing strain in 2024. To alleviate this burden, 2025 will see greater reliance on automation to streamline workflows, enhance threat detection, and accelerate incident response. But some of these investments may come with risks. Greg Sullivan, Founding Partner at CIOSO Global, joins Business Security Weekly to discuss how the pace of investment will require better risk management. Greg will cover topics, including: The seismic C-level shift in interest will require a top-down approach to cybersecurity. The focus will shift from external cybersecurity solutions to building in-house resilience. The critical criteria needed to drive more refined defenses, smarter resource allocation, and wiser cybersecurity investments. In the leadership and communications segment, Boards Challenged to Embrace Cybersecurity Oversight, Why Cybersecurity Needs More Business-Minded Leaders, How to Build a Cybersecurity Resume that Gets You Hired, and more! Show Notes: https://securityweekly.com/bsw-388

In the leadership and communications segment, Smart cybersecurity spending and how CISOs can invest where it matters, Grading CISOs: Effective Metrics and Personal Growth Strategies, The Pandemic Proved that Remote Leadership Works, and more! Show Notes: https://securityweekly.com/bsw-387

Organizations continue to suffer from security breaches, too many of which contain a human element. But there's no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/ Show Notes: https://securityweekly.com/bsw-387

In the leadership and communications segment, CISO vs. CIO: Where security and IT leadership clash (and how to fix it), The CISO's bookshelf: 10 must-reads for security leaders, The CISO's bookshelf: 10 must-reads for security leaders, and more! Show Notes: https://securityweekly.com/bsw-386

Noam Krasniansky, the visionary founder of Komposite Blockchain, joins Business Security Weekly to explore Web3's transformative potential. Noam delves into the basics of blockchain technology, Bitcoin and the meteoric rise of Ethereum, and the critical role of decentralized systems in safeguarding brands against counterfeiting—a global issue costing companies $1.7 Trillions annually. The conversation will shed light on blockchain can be designed to enhance transactional efficiency and security. Noam highlights how verification technologies are key to combating counterfeiting, protecting intellectual property, and fostering trust in an increasingly digital economy. He also provides practical insights into how businesses and individuals can embrace blockchain innovations, redefining digital ownership, the making of new wealth, and empowering communities. In today's dynamic markets, innovation is essential to maintaining a competitive edge. As Web3 technologies rapidly advance, businesses must adapt or risk falling behind. Understanding the foundational principles of blockchain is no longer optional—it's a necessity. Segment Resources: 1) https://finance.yahoo.com/news/komposite-blockchain-launches-whitepaper-bridge-163600646.html 2) https://www.youtube.com/watch?v=OOokN0XwpWE 3) https://rumble.com/v66x6ly-interview-komposite-a-fix-for-blockchain-limitations.html Show Notes: https://securityweekly.com/bsw-386

In the leadership and communications segment, The CISO Transformation — A Path to Business Leadership, The CISO's dilemma of protecting the enterprise while driving innovation, When Hiring, Emphasize Skills over Degrees, and more! Show Notes: https://securityweekly.com/bsw-385

After Sophos acquires Secureworks, Sailpoint's IPO saves the index. The Security Weekly 25 index is now made up of the following pure play security vendors: SAIL SailPoint Ord Shs PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Show Notes: https://securityweekly.com/bsw-385

This week: CISOs struggling to balance security, business objectives, Signs Your Organization's Culture is Hurting Your Cybersecurity, Servant Leadership: Putting Trust at the Center, and more! Show Notes: https://securityweekly.com/bsw-384

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification. In part 2, we discuss the steps involved in data inventory and classification, including: Data discovery: Identify all data sources across the organization using data mapping tools. Data profiling: Analyze data attributes to understand its content and characteristics. Data classification: Assign appropriate sensitivity levels to each data set based on predefined criteria. Data tagging: Label data assets with their classification level for easy identification. Data ownership assignment: Determine who is responsible for managing each data set. Show Notes: https://securityweekly.com/bsw-383

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification. In part 1, we discuss the challenges of data inventory and classification, including: identifying all data sources within an organization, including databases, applications, cloud storage, physical files, etc., and documenting details like data type, location, and volume categorizing all data based on its sensitivity level, usually using classifications like "public," "internal," "confidential," or "restricted," which determines the necessary security measures to protect it prioritizing security measures and protecting critical information more effectively Show Notes: https://securityweekly.com/bsw-383

This week, we tackle a ton of leadership and communications articles: Why CISOs and Boards Must Speak the Same Language on Cybersecurity, The Hidden Costs of Not Having a Strong Cybersecurity Leader, Why Cybersecurity Is Everyone's Responsibility, Leadership is an Action, not a Position, and more! Show Notes: https://securityweekly.com/bsw-382

In the leadership and communications segment, Cybersecurity Responsibilities Across the C-Suite: A Breakdown for Every Executive, Humble Leaders Inspire Others to Step Up, Effective Communication in the Workplace, and more! Show Notes: https://securityweekly.com/bsw-381

From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption — whether due to cyberattacks, system failures, or operational incidents— can have severe consequences.    The Digital Operational Resilience Act (DORA) provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole. Madelein van der Hout, Senior Analyst at Forrester, joins Business Security Weekly to discuss why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU, including fines up to 2% of global annual turnover or €10 million—whichever is higher. Show Notes: https://securityweekly.com/bsw-381

In the leadership and communications segment, How CISOs can elevate cybersecurity in boardroom discussions, Nearly half of CISOs now report to CEOs, showing their rising influence, Steve Jobs Shared 1 Crystal Clear Way You'll Spot an Exceptional Leader, and more! Show Notes: https://securityweekly.com/bsw-380

The last five weeks have seen a flurry of news on Artificial Intelligence, especially this last week. It started on December 17, 2024 when the Bipartisan House Task Force on Artificial Intelligence (AI) released a report on “[g]uiding principles, forward-looking recommendations, and policy proposals to ensure America continues to lead the world in responsible AI innovation.” Then a new administration, which: revoked more than 50 prior executive orders, including Executive Order 14110 of October 30, 2023 (Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence). announced a private-sector $500 billion investment in AI infrastructure tasked federal agencies with drafting a new AI action plan within 180 days signed an executive order on developing artificial intelligence ‘free from ideological bias' The Business Security Weekly crew tries to make sense of it all. Show Notes: https://securityweekly.com/bsw-380

Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team, and Jess Burn, Principal Analyst, both from Forrester Research join Business Security Weekly to discuss the second part of The Future Of The CISO report. What if you don't like the future of the CISO role and want to get out? The report also provides guidance on what comes after the CISO role, as leaders contemplate the next step in their career. If you think it's a board role, you better know what skills are needed, as cybersecurity by itself is not enough. Join in for part 2. Show Notes: https://securityweekly.com/bsw-379

Becoming a CISO is a lofty goal for many security and risk pros, and the role brings new sets of challenges. CISOs who accept the wrong opportunities will be forced to conform, rather than excel, and take on outsized liability for the scope of responsibilities. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team, and Jess Burn, Principal Analyst, both from Forrester Research join Business Security Weekly to discuss The Future Of The CISO report. This report outlines the six most common types of CISOs based on Forrester Research and interactions with security leaders, including the characteristics and competencies of each type. This report helps security leaders define who they are, their values, and optimal situations for their skill set. Show Notes: https://securityweekly.com/bsw-379

In the leadership and communications segment, New Year, New Cyber Threats: How Boards Are Stepping Up (or Not), Why CISOs should build stronger bonds with the legal function in 2025, New Managers: You Don't Need to Know It All, and more! Show Notes: https://securityweekly.com/bsw-378

In the leadership and communications segment, The Business of Cybersecurity: The CISO's Role in Alignment and Pervasive Governance, CISO Priorities for 2025: Budget Wisely, How Do I Position Myself to Influence Senior Leadership?, and more! Show Notes: https://securityweekly.com/bsw-377

Data is the fastest growing enterprise attack surface, and is projected to surpass 181 Zettabytes in 2025. Couple data growth with the growing demands of Artificial Intelligence, and the attack surface expands even more. How should organizations adapt their security programs to safeguard their data? Lamont Orange, Chief Information Security Officer at Cyera, joins Business Security Weekly to help you solve your biggest data security challenges. By starting with inventory and classification, data access review can help you answer your biggest data security questions, including: what data you have, where it's stored, who, or what, can access it, and which data risks exist. Show Notes: https://securityweekly.com/bsw-377

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities: Asset Management Patch Management IAM/MFA/PIM/PAM EDR/MDR/XDR Backup/Recovery Risk Management Show Notes: https://securityweekly.com/vault-bsw-16

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities. Show Notes: https://securityweekly.com/vault-bsw-15

In the leadership and communications segment, CISOs need to consider the personal risks associated with their role, CISOs: Don't rely solely on technical defences in 2025, The Questions Leaders Need to Be Asking Themselve, and more! Show Notes: https://securityweekly.com/bsw-376

The local network is no more. Neither is the corporate firewall. Users are not only working from the office but also remotely, meaning the network we utilize has quickly become the internet, leaving devices and data vulnerable to cyber threats. But how do we monitor this new, expanded network? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how the dissolution of the business perimeter makes network access controls essential to protect your devices and, by extension, your data. Network Access Control helps protect business assets whether employees are in the office or remote. ThreatLocker Network Control provides a direct connection between the client and server, as opposed to a VPN that goes through a central point. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/bsw-376

In the leadership and communications segment, How Good Leaders Become Great By Never Leading Alone, How Leaders Can Prepare Their Teams For 2025, Nervous About Public Speaking? Here's How to Use Notes Like a Pro, and more! Show Notes: https://securityweekly.com/bsw-375

For over 15 years, Okta has led the charge in securing digital identities through more sophisticated sign-in solutions. Our latest 2024 Secure Sign-In Trends Report offers insights into the rapidly evolving world of identity security, specifically on how organizations across industries are embracing modern, phishing-resistant methods like Multi-Factor Authentication (MFA) and passwordless sign-ins. In this year's report, we explore: - The surge in MFA adoption across industries, and what it means for the future of secure authentication. - Phishing-resistant authentication methods gaining traction, signaling that the passwordless future is possible. - Why a seamless user experience and strong security are no longer in opposition. - How industries compare in their adoption of modern authentication, and who's setting the pace. Segment Resources: Secure Sign-In Trends Full Report: https://www.okta.com/resources/whitepaper-the-secure-sign-in-trends-report/ Todd McKinnon Blog on the Secure Sign-In Trends Report: https://www.okta.com/blog/2024/10/phishing-resistant-mfa-shows-great-momentum/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Show Notes: https://securityweekly.com/bsw-375

In the leadership and communications segment, Should the CISO Role Be Split?, CISO's tips for building a culture of cybersecurity, Personal Leadership and Cyber Risk — Top 3 Traits that Deliver Enterprise Level Results, and more! Show Notes: https://securityweekly.com/bsw-374

This week, it's time for Security Money. Of course Okta should be in the Security Weekly 25 Index, Duh! Here are all the companies that now comprise the index: SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Show Notes: https://securityweekly.com/bsw-374

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes: https://securityweekly.com/vault-bsw-14

In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more! Show Notes: https://securityweekly.com/bsw-373

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including: Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors. Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks. The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks. The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings. This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them! Show Notes: https://securityweekly.com/bsw-373

In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team's Productivity by Hiring Force Multiplier, and more! Show Notes: https://securityweekly.com/bsw-372

Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health? Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health. Show Notes: https://securityweekly.com/bsw-372

In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more! Show Notes: https://securityweekly.com/bsw-371

Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal transaction into a costly headache for the acquiring company post-merger. So how do you assess the potential cyber risks of the transaction? Craig Davies, Chief Information Security Officer at Gathid, joins Business Security Weekly to review the five crucial cyber questions to ask before finalizing any deal. If you're in a merger or acquisition, or plan to merge or acquire another company, don't miss this episode. Show Notes: https://securityweekly.com/bsw-371

Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat landscape, what he's seeing across Okta and our customers and what security leaders need to know about identity threats to stay one step ahead of threat actors today. Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/ Though 75% of cybersecurity professionals say the threat landscape today is the most challenging they've seen in the last five years, cutbacks on the cybersecurity workforce and widening skills gaps are creating challenges for the industry. It is becoming harder to find people with the right skills to meet growing and evolving needs. Erin Baudo Felter, Vice President, Social Impact & Sustainability at Okta, joins Security Weekly's Mandy Logan to discuss the widening cybersecurity skills gap and the initiatives Okta has in place to help companies develop, recruit and retain talent within the cybersecurity workforce. Segment Resources: https://www.okta.com/oktane/ This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane. Show Notes: https://securityweekly.com/bsw-370

In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert's Proven Method, The Problem with Mandating Office Presence Without Purpose, and more! Show Notes: https://securityweekly.com/bsw-370

In the leadership and communications section, Joe Sullivan: CEOs must be held accountable for security too, More tech chiefs have success measured by profitability, cost management, Is Your Career Heading in the Right Direction?, and more. Show Notes: https://securityweekly.com/bsw-369

Getting C-Suite execs aligned on cyber resilience and cybersecurity can be a challenge. LevelBlue's recent Futures™️ report sought to uncover the barriers that prevent companies from achieving cyber resilience in the enterprise today. The report not only surveyed C-Suite execs (CIOs, CTOs, and CISOs), but non-C-Suite leaders from engineering and architecture roles as well. Segment Resources: LevelBlue Finds CISOs Challenged Most by Cybersecurity Tradeoffs, AI Implementation Pressures, and Reactive Budgets Compared to C-Suite Peers - Report Summary and Press Release Executive Accelerator: C-Suite Cyber Resilience Responsibilities Report This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! Show Notes: https://securityweekly.com/bsw-369

In the leadership and communications segment, The CEO's Role in Setting Tone at the Top, CISOs, C-suite remain at odds over corporate cyber resilience, Warren Buffett's Secret To Success? Run It 'Like A Small Family Business,' Says One Of His CEOs, and more! Show Notes: https://securityweekly.com/bsw-368