Podcasts about enterprise security weekly

Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-464

Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-464

Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-464

Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-464

Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-463

Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-463

Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-463

Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-463

Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-462

Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-462

Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462

Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-461

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-461

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-461

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-461

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-449

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Show Notes: https://securityweekly.com/bsw-449

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-449

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Show Notes: https://securityweekly.com/bsw-449

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-460

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-460

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460

Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-459

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-459

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. This segment is sponsored by BigID. Visit https://securityweekly.com/bigid to learn more about them! Show Notes: https://securityweekly.com/esw-459

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-459

Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette - The State of the Cybersecurity Market Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check. In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report. Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy! Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these! Weekly Enterprise News Finally, in the enterprise security news, funding announcements seem to be ramping up before RSA Should security architects be shifting right? How McKinsley's AI platform got hacked… by AI Amazon is having a bad time with AI lately Europe announces a Google Workspace/Microsoft 365 replacement Robot dogs are apparently guarding datacenters now Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-451

Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette - The State of the Cybersecurity Market Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check. In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report. Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy! Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these! Weekly Enterprise News Finally, in the enterprise security news, funding announcements seem to be ramping up before RSA Should security architects be shifting right? How McKinsley's AI platform got hacked… by AI Amazon is having a bad time with AI lately Europe announces a Google Workspace/Microsoft 365 replacement Robot dogs are apparently guarding datacenters now Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-451

Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette - The State of the Cybersecurity Market Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check. In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report. Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy! Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these! Weekly Enterprise News Finally, in the enterprise security news, funding announcements seem to be ramping up before RSA Should security architects be shifting right? How McKinsley's AI platform got hacked… by AI Amazon is having a bad time with AI lately Europe announces a Google Workspace/Microsoft 365 replacement Robot dogs are apparently guarding datacenters now Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-451

Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette - The State of the Cybersecurity Market Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check. In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report. Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy! Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these! Weekly Enterprise News Finally, in the enterprise security news, funding announcements seem to be ramping up before RSA Should security architects be shifting right? How McKinsley's AI platform got hacked… by AI Amazon is having a bad time with AI lately Europe announces a Google Workspace/Microsoft 365 replacement Robot dogs are apparently guarding datacenters now Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-451

Interview with Jeremy Snyder from FireTail about AI Governance Death by a thousand cuts: the AI shadow IT problem I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going. Segment 1 Resources: https://www.firetail.ai/ai-breach-tracker Interview with Allie Mellen about her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran. Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out! Pick up the book! from Wiley from Barnes & Noble from Amazon Allie's personal website The Weekly Enterprise News Finally, in the enterprise security news, Vibes and funding! Starting to see some disruption in the vuln mgmt space (finally!) Tons of new free tools lots of essays lots of reports logs of breaches the talks our hosts are giving at RSAC conference and someone is selling an actual cone of silence??? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-450

Interview with Jeremy Snyder from FireTail about AI Governance Death by a thousand cuts: the AI shadow IT problem I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going. Segment 1 Resources: https://www.firetail.ai/ai-breach-tracker Interview with Allie Mellen about her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran. Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out! Pick up the book! from Wiley from Barnes & Noble from Amazon Allie's personal website The Weekly Enterprise News Finally, in the enterprise security news, Vibes and funding! Starting to see some disruption in the vuln mgmt space (finally!) Tons of new free tools lots of essays lots of reports logs of breaches the talks our hosts are giving at RSAC conference and someone is selling an actual cone of silence??? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-450

Interview with Jeremy Snyder from FireTail about AI Governance Death by a thousand cuts: the AI shadow IT problem I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going. Segment 1 Resources: https://www.firetail.ai/ai-breach-tracker Interview with Allie Mellen about her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran. Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out! Pick up the book! from Wiley from Barnes & Noble from Amazon Allie's personal website The Weekly Enterprise News Finally, in the enterprise security news, Vibes and funding! Starting to see some disruption in the vuln mgmt space (finally!) Tons of new free tools lots of essays lots of reports logs of breaches the talks our hosts are giving at RSAC conference and someone is selling an actual cone of silence??? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-450

Podcast: Security Weekly Podcast Network (Audio) (LS 47 · TOP 1% what is this?)Episode: OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448Pub date: 2026-03-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationInterview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk. Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time. This segment is sponsored by Airbus Protect. Visit https://securityweekly.com/airbusprotect to learn more about them! Topic: Where are the business incentives to build secure products and software? "It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down. In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products. https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products. The Weekly Enterprise Security News Finally, in the enterprise security news, RSA Innovation Sandbox hot takes Did AI solve cyber? fundings and acquisitions a free app to warn you about smart glasses deep thoughts about OpenClaw replacing US tech with EU equivalents is hard should you turn off dependabot? accidentally taking over 7000 robot vacuums the director of AI Safety at Meta loses her email somehow should you go back to using a blackberry? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-448The podcast and artwork embedded on this page are from Security Weekly Productions, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Interview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk. Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time. This segment is sponsored by Airbus Protect. Visit https://securityweekly.com/airbusprotect to learn more about them! Topic: Where are the business incentives to build secure products and software? "It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down. In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products. https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products. The Weekly Enterprise Security News Finally, in the enterprise security news, RSA Innovation Sandbox hot takes Did AI solve cyber? fundings and acquisitions a free app to warn you about smart glasses deep thoughts about OpenClaw replacing US tech with EU equivalents is hard should you turn off dependabot? accidentally taking over 7000 robot vacuums the director of AI Safety at Meta loses her email somehow should you go back to using a blackberry? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-448

Interview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk. Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time. This segment is sponsored by Airbus Protect. Visit https://securityweekly.com/airbusprotect to learn more about them! Topic: Where are the business incentives to build secure products and software? "It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down. In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products. https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products. The Weekly Enterprise Security News Finally, in the enterprise security news, RSA Innovation Sandbox hot takes Did AI solve cyber? fundings and acquisitions a free app to warn you about smart glasses deep thoughts about OpenClaw replacing US tech with EU equivalents is hard should you turn off dependabot? accidentally taking over 7000 robot vacuums the director of AI Safety at Meta loses her email somehow should you go back to using a blackberry? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-448

Interview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk. Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time. This segment is sponsored by Airbus Protect. Visit https://securityweekly.com/airbusprotect to learn more about them! Topic: Where are the business incentives to build secure products and software? "It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down. In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products. https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products. The Weekly Enterprise Security News Finally, in the enterprise security news, RSA Innovation Sandbox hot takes Did AI solve cyber? fundings and acquisitions a free app to warn you about smart glasses deep thoughts about OpenClaw replacing US tech with EU equivalents is hard should you turn off dependabot? accidentally taking over 7000 robot vacuums the director of AI Safety at Meta loses her email somehow should you go back to using a blackberry? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-448

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-447

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-447

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don't use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer's perspective All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-447

Segment 1: Interview with Mathias Katz What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised? Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him. Segment 2: Interview with Wolfgang Goerlich Addressing the nuanced, nefarious threats of AI Sure, we need to worry about AI prompt injection and AI data leakage, but what about the threats to our BRAINS? Seriously, as we start to have daily conversations with this technology, how are they going to shape how we think? What inherent biases in the training, fine tuning, guardrails, or lack of guardrails are going to affect our decisions or how we work? Wolfgang is concerned about this, so he performed a human/AI experiment. With almost 1000 people partaking in the experiment, the results are sure to be intriguing. Segment 3: This week's enterprise security news Finally, in the enterprise security news, survey results on how folks are feeling about openclaw some hidden drama discovered in KEV updates some new KEV tools is AI replacing traditional code scanning tools? remote code execution in notepad no, not notepad++, NOTEPAD.EXE you know, the one that ships preinstalled on Windows the RSAC innovation sandbox finalists dealing with legacy vulnerabilities Don't accept OpenClaw Mac Minis from strangers! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-446

Segment 1: Interview with Mathias Katz What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised? Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him. Segment 2: Interview with Wolfgang Goerlich Addressing the nuanced, nefarious threats of AI Sure, we need to worry about AI prompt injection and AI data leakage, but what about the threats to our BRAINS? Seriously, as we start to have daily conversations with this technology, how are they going to shape how we think? What inherent biases in the training, fine tuning, guardrails, or lack of guardrails are going to affect our decisions or how we work? Wolfgang is concerned about this, so he performed a human/AI experiment. With almost 1000 people partaking in the experiment, the results are sure to be intriguing. Segment 3: This week's enterprise security news Finally, in the enterprise security news, survey results on how folks are feeling about openclaw some hidden drama discovered in KEV updates some new KEV tools is AI replacing traditional code scanning tools? remote code execution in notepad no, not notepad++, NOTEPAD.EXE you know, the one that ships preinstalled on Windows the RSAC innovation sandbox finalists dealing with legacy vulnerabilities Don't accept OpenClaw Mac Minis from strangers! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-446

Segment 1: Interview with Mathias Katz What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised? Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him. Segment 2: Interview with Wolfgang Goerlich Addressing the nuanced, nefarious threats of AI Sure, we need to worry about AI prompt injection and AI data leakage, but what about the threats to our BRAINS? Seriously, as we start to have daily conversations with this technology, how are they going to shape how we think? What inherent biases in the training, fine tuning, guardrails, or lack of guardrails are going to affect our decisions or how we work? Wolfgang is concerned about this, so he performed a human/AI experiment. With almost 1000 people partaking in the experiment, the results are sure to be intriguing. Segment 3: This week's enterprise security news Finally, in the enterprise security news, survey results on how folks are feeling about openclaw some hidden drama discovered in KEV updates some new KEV tools is AI replacing traditional code scanning tools? remote code execution in notepad no, not notepad++, NOTEPAD.EXE you know, the one that ships preinstalled on Windows the RSAC innovation sandbox finalists dealing with legacy vulnerabilities Don't accept OpenClaw Mac Minis from strangers! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-446

Interview Segment - Rob Allen - Clickfix "Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Interview Segment - Rob Allen - Zero Trust World Threatlocker's 6th annual Zero Trust World event is happening next month! This three day event runs from March 4th through the 6th once again in sunny Orlando, Florida. This year's event is packed with hands-on hacking workshops, competitions, prizes, and keynotes from Marcus Hutchins, and Linus and Luke from Linus Tech Tips. Security Weekly will be there as well, doing live interviews and recording an episode of ESW live! This segment is sponsored by ThreatLocker's annual Zero Trust World. Visit https://securityweekly.com/ztw to learn more about the conference and register with discount code ZTW26ESW! News Segment For this week's enterprise news, we discuss OpenClaw! funding! acquisitions! testing out AI models' offensive security capabilities more openclaw! the need for more transparency and testing in the vendor space A photobooth service leaks drunken pictures of wedding parties The salty snack that helps server uptime All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-445

Interview Segment - Rob Allen - Clickfix "Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Interview Segment - Rob Allen - Zero Trust World Threatlocker's 6th annual Zero Trust World event is happening next month! This three day event runs from March 4th through the 6th once again in sunny Orlando, Florida. This year's event is packed with hands-on hacking workshops, competitions, prizes, and keynotes from Marcus Hutchins, and Linus and Luke from Linus Tech Tips. Security Weekly will be there as well, doing live interviews and recording an episode of ESW live! This segment is sponsored by ThreatLocker's annual Zero Trust World. Visit https://securityweekly.com/ztw to learn more about the conference and register with discount code ZTW26ESW! News Segment For this week's enterprise news, we discuss OpenClaw! funding! acquisitions! testing out AI models' offensive security capabilities more openclaw! the need for more transparency and testing in the vendor space A photobooth service leaks drunken pictures of wedding parties The salty snack that helps server uptime All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-445

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Segment 1: Interview with Thyaga Vasudevan Hybrid by Design: Zero Trust, AI, and the Future of Data Control AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world. In this episode, we'll unpack why real-time visibility and control over data usage are now essential for safe AI adoption, accurate outcomes, and regulatory compliance. From preventing data leakage to governing how data is used by AI systems, security teams need controls that operate in the moment - across cloud, browser, SaaS, and on-prem environments - without slowing the business. We'll also explore how growing data sovereignty and regulatory pressures are driving renewed interest in hybrid architectures. By combining cloud agility with local control, organizations can keep sensitive data protected, governed, and compliant, regardless of where it resides or how AI is applied. This segment is sponsored by Skyhigh Security. Visit https://securityweekly.com/skyhighsecurity to learn more about them! Segment 2: Why detection fails Caleb Sima put together a nice roundup of the issues around detection engineering struggles that I thought worth discussing. Amélie Koran also shared some interesting thoughts and experiences. Segment 3: Weekly Enterprise News Finally, in the enterprise security news, Fundings and acquisitions are going strong can cyber insurance be profitable? some new free tools shared by the community RSAC gets a new CEO Large-scale enterprise AI initiatives aren't going well LLM impacts on exploit development AI vulnerabilities global risk reports floppies are still used daily, but not for long? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-443

Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity. Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure. Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen??? Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again! Segment Resources: [Mandiant - Best practices for incident response planning] (https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933) Beyond Cyberattacks: Evolution of Incident Response in 2026 Segment 3 - Weekly Enterprise News Finally, in the enterprise security news, Almost no funding… Oops, all acquisitions! Changes in how the US handles financial crimes and international hacking Mass scans looking for exposed LLMs The state of Prompt injection be careful with Chrome extensions and home electronics from unknown brands Is China done with the West? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-442