Podcasts about field ciso

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year's conference. In this episode: -You Don't Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. -Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. -The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. -Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at “the speed of relevance.” -The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. -Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape.   Segment Resources ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more! This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-435

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year's conference. In this episode: -You Don't Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. -Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. -The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. -Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at "the speed of relevance." -The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. -Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape. Segment Resources ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more! This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-435

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year's conference. In this episode: -You Don't Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. -Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. -The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. -Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at "the speed of relevance." -The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. -Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape.   Segment Resources ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more! This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them! Show Notes: https://securityweekly.com/esw-435

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year's conference. In this episode: -You Don't Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. -Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. -The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. -Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at "the speed of relevance." -The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. -Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape.   Segment Resources ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more! This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them! Show Notes: https://securityweekly.com/esw-435

This episode features Nathan Wenzler, Field Chief Information Security Officer at Optiv.With nearly 30 years of experience leading cybersecurity programs across government agencies, nonprofits, and Fortune 1000 companies, Nathan has spent his career at the intersection of people, process, and technology. He's helped organizations redefine what it means to build security cultures that actually work.In this episode, Nathan explains why communication (not technology) s a CISO's most important skill, how to create a culture that values security without slowing innovation, and why empathy may be the most underrated tool in cybersecurity.This is an insightful look at the people-first mindset behind stronger, more resilient security programs.Guest Bio Nathan Wenzler is a field chief information security officer at Optiv, where he advises clients on how to strengthen and optimize every aspect of their cybersecurity program. With nearly 30 years of experience, he has built and led security initiatives for government agencies, nonprofits and Fortune 1000 companies.Wenzler has served as a CISO, executive management consultant and senior analyst, holding leadership roles at Tenable, Moss Adams, AsTech and Thycotic. He also spent more than a decade in public sector IT and security roles with Monterey County, California, and supported state and federal agencies.He is known for helping security leaders better communicate the measurable value and benefit of a mature, effective cybersecurity program to executives, technical stakeholders and nontechnical business partners. His approach emphasizes not only technical excellence but also the human and organizational factors that drive long-term security success.Wenzler has spoken at more than 400 events worldwide, educating security leaders and professionals on how to excel in their role as an organization's risk expert. He has also served on advisory boards, including the Tombolo Institute at Bellevue College, and is a former member of the Forbes Technology Council. His areas of expertise include vulnerability and exposure management, privileged access management and identity governance, cyber risk management, incident response, and executive-level communications and program managementGuest Quote  “If you can win the people over in your organization, you can make those big changes for better identity governance.”Time stamps 01:22 Meet Nathan Wenzler: Veteran CISO and Security Strategist 02:16 Redefining Identity in a World of Infinite Accounts 05:15 How Culture Can Make or Break Your Security Program 13:34 Winning Over the Business: Aligning Security and Culture 24:45 From “Department of No” to Trusted Partner: Fixing Cyber Communication 40:25 The Human Side of Incident Response 46:23 Leading with Empathy: Nathan's Advice for Security LeadersSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Nathan on LinkedInLearn more about OptivConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

In 2026, governments across Asia grapple with escalating cybersecurity challenges amid rapid digital transformation and geopolitical tensions. AI-powered threats, including sophisticated phishing and deepfakes, pose significant risks, with IDC forecasting that 76.5% of Asia/Pacific enterprises lack confidence in detecting such attacks. Ransomware continues to evolve, targeting critical infrastructure, while supply chain vulnerabilities expose sensitive data—Gartner predicts 45% of global organisations will face software supply chain attacks by 2025, a trend persisting into 2026. Cloud adoption amplifies hybrid environment breaches, compounded by espionage-driven incursions, as Verizon reports 25% of APAC cyberattacks motivated by spying, with public administration the most targeted sector. Regulatory mandates demand robust compliance, straining resources in an era of legacy systems and talent shortages.In this PodChats for FutureCISO, Aaron Bugal, Field CISO, APJ, Sophos, walks us through some of the coming cybersecurity issues government CISOs as well as those in the private sector, will find important in 2026.1.       How can government CISOs effectively measure and improve their cybersecurity resilience, moving beyond compliance-based checklists to ensure the continuous delivery of essential citizen services during an attack?2.       What strategies, have proven, most effective for securing legacy systems that remain critical to national operations, given they cannot be immediately replaced?3.       With Gartner highlighting that by 2026, 50% of C-level executives will have performance requirements tied to cybersecurity risk, how can government CISOs best align their security metrics with national-level outcomes? 4.       How can CISOs proactively defend against state-aligned (sponsored) actors who are increasingly targeting digital public services and critical infrastructure for espionage and disruption?5.       Name one CISO strategy for managing third-party and supply chain risk, particularly as organisations, both private and public, rely on an ecosystem of partners to deliver complex, cloud-native government services?6.       Given IDC's prediction that by 2026, 70% of organisations will consider environmental sustainability in their cloud purchase decisions, how can CISOs balance security, sovereignty, and sustainability in their technology procurements?7.       How are government CISOs addressing the critical cybersecurity skills gap, and what new models for talent acquisition and retention must be developed to compete with the private sector? a.       How to avoid burnout?8.       To what extent have CISOs integrated security into the entire application lifecycle (DevSecOps) for their national digital identity and other citizen-facing platforms?9.       Name a governance and technical framework for the safe and ethical adoption of AI, both to enhance a government's cyber defences and to mitigate its potential malicious use by threat actors?10.   How are government CISOs collaborating with regional counterparts and international bodies to share threat intelligence and establish coordinated response protocols for cross-border cyber incidents?11.   What is that one final advice for government CISOs as their update their cybersecurity strategies for 2026?

Send us a textUptime. It's the lifeblood of manufacturing and the precise target of industrial sector hackers. By knocking systems offline, stealing credentials, holding data for ransom, or crippling supply chains, the bad guys know their ultimate goals of disruption or extortion will be realized.And as we've discussed numerous times here on Security Breach, keeping these bad actors out has become more and more difficult as new technology, connectivity and endpoints are added to the OT landscape.Hackers are getting smarter and more complex, but the good news is so are the tools and strategies for the good guys. Here to offer some perspective on dealing with the leading threats targeting the people, systems and data of the industrial sector is a collection of experts focused on minimizing disruptions and preparing you to react and respond to cyberattacks.Watch/listen as:Max Clausen, senior VP of Network Connectivity at Zayo dives into the factors and strategies driving DDoS or distributed denial of service attacks.John Carse, Field CISO at SquareX discusses the ongoing impact of developing and legacy vulnerabilities, as well as some of the novel strategies hackers are using to introduce new strands of highly disruptive malware.Amit Hammer, CEO of Salvador Tech talks about lessons learned from the recent Jaguar Land Rover attack and how response strategies will continue to play a key role in minimizing attack-related downtime.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.

The browser has quietly become the most critical—and most overlooked—attack surface in cybersecurity. In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with John Carse, Field CISO at SquareX, about the company's groundbreaking Browser Detection and Response (BDR) technology and why legacy tools like EDR and Secure Web Gateways can't see today's browser-native threats.John draws on his two decades of global cybersecurity experience—spanning the U.S. Navy, JPMorgan, Expedia, and Dyson—to explain emerging risks like Syncjacking, Polymorphic Extensions, and the coming wave of AI-powered browser agents. He also shares practical steps for CISOs to reduce risk from Shadow SaaS and unmanaged devices.If you think your browser is safe, this episode will make you think again.

Send us a textWhen talking to the experts and leading authorities that have participated in the 140+ episodes of Security Breach, there's always a slight pause when directing their attention specifically to the industrial sector. That's because, well, we're special. There's the unique juxtaposition of old and bleeding edge technology. There's the influx of greater connectivity combatting the struggles to identify and secure the growing number of endpoints. And there are the ongoing battles related to secure-by-design responsibilities, cloud networks and the ever popular building and breaking down of IT/OT silos. The good news is that we're getting better. Better at identifying the problems and better at elevating solutions from some of the sharpest minds in the sector. And we're fortunate to be able share these insights from an incredible collective on today's episode.Watch/listen as Max Clausen, senior VP of Network Connectivity at Zayo, John Carse, Field CISO at SquareX, Sophos' Chester Wisniewski and ExtraHop's Chad Lemaire tackle topics that include:VisibilitySecure-by-DesignArtificial IntelligenceIT/OT SilosPatchingLOTL and Phishing AttacksNon-standard OT ArchitectureAs a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.

For the last 30 years, email security has been stuck in the past, focusing almost entirely on stopping bad things from getting into the inbox. In this episode, Rajan Kapoor, Field CISO at Material Security and former Director of Security at Dropbox, argues that this pre-breach mindset is dangerously outdated. The real challenge today is post-breach: protecting the sensitive data that already lives inside your mailboxes.The conversation explores why we must evolve from "email security" to the broader concept of "workspace security" . Rajan explains how interconnected productivity suites like Google Workspace and Microsoft 365 have turned the inbox into a gateway to everything else Drive, accounts, and sensitive company data. We also discuss how the rise of AI co-pilots will create new risks, as they can instantly find and surface over-shared data that was previously hidden in plain sight .Guest Socials - ⁠⁠Rajan's Linkedin⁠Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:00) Who is Rajan Kapoor? Field CISO at Material Security(02:38) What is Email Security in 2025? The 30-Year-Old Problem(03:20) The Critical Shift: From Pre-Breach to Post-Breach Protection(04:20) The Rise of Workspace Security: Beyond the Inbox(06:00) Why Focusing on Email is "Not Even Half" The Problem(06:50) Are Microsoft 365 Security Challenges Different from Google's?(09:30) Rethinking the Approach to Email Security(11:40) How AI Co-Pilots Will Exploit Your Over-Shared Data(13:30) A Real-World Attack: From Email to Malicious OAuth App(17:00) How Should CISOs Structure Their Teams for Workspace Security?(19:25) The Role of CASB vs. API-Based Security for Data at Rest(23:10) How CISOs Can Separate Signal From Noise in a Crowded Market(24:45) Final Questions: Home Automation, Career Risks, and Ethiopian Food

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-412

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Show Notes: https://securityweekly.com/bsw-412

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-412

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Show Notes: https://securityweekly.com/bsw-412

Matt Muller, Field CISO at Tines, knows all about revolutionizing security operations through strategic AI integration and intelligent automation. In his conversation with Jack, Matt explores how traditional SOC models create problematic feedback loops where junior analysts make critical decisions while senior practitioners handle escalations, limiting learning and growth opportunities.  Instead, Matt envisions AI-assisted workflows where senior expertise gets encoded into intelligent systems that teach junior team members while they work, transforming security operations from reactive alert-chasing to proactive strategic defense. He also emphasizes communication skills, relationship building, and moving beyond being perceived as the team of no to become strategic enablers. Topics discussed: Evolution from banning ChatGPT to strategic AI integration in security operations, emphasizing augmentation over replacement strategies. Model Context Protocol implementation challenges and the importance of safe-by-default approaches when integrating emerging AI technologies into production. Traditional SOC tier models create problematic feedback loops where junior analysts make critical decisions but lack learning opportunities. AI-assisted workflows can transform security operations by encoding senior expertise into systems that teach while automating routine tasks. Practical approaches to AI adoption including demystification techniques, validation methods, and breaking complex problems into manageable components. Strategic implementation of AI agents in security workflows, particularly for non-deterministic tasks like phishing investigation and alert triage. Importance of maintaining human oversight and guardrails when deploying AI systems in critical security operations and incident response. Communication skills and relationship building as fundamental competencies for security practitioners working with both AI systems and human stakeholders. Safe experimentation with AI technologies through controlled environments and understanding system limitations before production deployment. Listen to more episodes:  Apple  Spotify  YouTube Website

In this week's sponsor interview, Tines' Field CISO, Matt Muller, chats to Casey Ellis about the interesting and out-of-the-box ways they've seen people using the platform. Tines is a platform designed to automate repetitive tasks for IT and security teams. And, as it turns out, it can be used to … gamify shift handover? Show notes

Ed Bailey, Field CISO at Cribl, shares how Cribl and AWS are helping customers rethink their data strategy by making it easier to modernize, reduce complexity, and unlock long-term flexibility.Topics Include:Ed Bailey introduces topic: bridging gap between security data requirements and budgetCompanies face mismatch: 10TB data needs vs 5TB licensing budget constraintsData volumes growing exponentially while budgets remain relatively flat year-over-yearIT security data differs from BI: enormous volume, variety, complexityMany companies discover 600+ data sources during SIEM migration projects50% of SIEM data remains un-accessed within 90 days of ingestionComplex data collection architectures break frequently and require excessive maintenanceTeams spend 80% time collecting data, only 20% analyzing for valueData collection and storage are costs; analytics and insights provide business valuePoor data quality creates operational chaos requiring dozens of browser tabsSOC analysts struggle with context switching across multiple disconnected systemsTraditional vendor approach: "give us all data, we'll solve problems" is outdatedData modernization requires sharing information widely across organizational business unitsData maturity model progression: patchwork → efficiency → optimization → innovationData tiering strategy: route expensive SIEM data vs cheaper data lake storageSIEM costs ~$1/GB while data lakes cost ~$0.15-0.20/GB for storageCompliance retention data should go to object storage at penny fractionsDecouple data retention from vendor tools to enable migration flexibilityCribl platform offers integrated solutions: Stream, Search, Lake, Edge componentsCustomer success: Siemens reduced 5TB to 500GB while maintaining security effectivenessParticipants:Edward Bailey – Field CISO, CriblFurther Links:Cribl WebsiteCribl on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material […] The post The Google Workspace Security Gap: Why Traditional Tools Fall Short appeared first on Shared Security Podcast.

In this episode of Life of a CISO, Dr. Eric Cole welcomes a true cybersecurity trailblazer: Dan Lohrmann. With a career that spans the NSA, Lockheed Martin, the State of Michigan, and now Presidio, Dan brings a rare depth of experience in both government and the private sector. As the first Chief Security Officer for an entire U.S. state and now a Field CISO advising public sector clients across the country, Dan shares practical wisdom and compelling stories about navigating the evolving CISO landscape. Together, Dr. Cole and Dan explore what it takes to build lasting trust as a security leader, the importance of strengthening your personal brand, and how to overcome barriers when leadership resists public visibility. Dan emphasizes the power of public speaking, blogging, and storytelling—not just to elevate your own profile, but to position cybersecurity as a strategic business enabler. They also dive into the value of setting clear non-negotiables when evaluating job opportunities, the role of culture and leadership alignment in long-term success, and tactical advice for those trying to land their first CISO role. Whether you're in government, the private sector, or somewhere in between, this episode is a masterclass in influence, resilience, and leadership at the highest level.  

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Matt Muller, Field CISO at Tines. With over a decade of experience at companies like Material Security, Coinbase, and Inflection, Matt's got a strong track record of scaling SecOps teams, building threat detection and mitigation programs, and driving trust and safety initiatives. His knowledge impressed Thomas and the Tines team so much that they invited him to become the company's first Field CISO. In this episode: [02:41] The origins of Matt's insatiable appetite for all things security [04:05] Matt's path from business degree to Director of Trust at Inflection [07:07] Scaling Coinbase's security team from 3 to 50 [08:41] Addressing security's long-standing communication problem [10:55] Why “failure wasn't an option” when managing risk at Coinbase [14:14] What led Matt to a product role on Material Security's phishing protection team [17:31] Building what customers ask for vs. actually solving their problems [21:14] How Matt stays up to date with industry developments [22:35] Matt's favorite use cases for security automation [25:25] Matt's go-to automation best practices [27:33] Cutting through AI hype to drive meaningful adoption [30:32] How Matt keeps himself honest as a Field CISO [32:21] Why the traditional SOC is broken - and what needs to change [35:30] The role of diverse hiring in building a resilient security strategy [39:00] What security teams will look like in 2030 [41:35] How CISOs are evolving to become chief risk advisors to the business [43:30] Connect with Matt Where to find Matt: LinkedIn Building SecOps newsletter Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Blue Team Con Material Security's Ryan Noon on the Future of Security Operations podcast

Send us a text In this episode, Joe sits down with John Carse, Field CISO at SquareX, to dive into the often-overlooked world of browser security and the evolving landscape of cybersecurity. Recorded despite a 12-hour time difference (Singapore to the US!), John shares:The Browser Security Gap: Why 85% of user time in browsers is a growing risk for SaaS and cloud environments .SquareX's Solution: How SquareX acts as an EDR for browsers, detecting and responding to threats like polymorphic extensions .Career Journey: From early IT days to field CISO, John reveals how foundational IT skills (help desk, field services) make better cyber professionals .Real-World Insights: Lessons from working with the US Navy and the importance of understanding IT systems for effective cybersecurity . Check Your Browser Security: Visit SquareX Browser Security to assess your controls. Learn More About SquareX: Explore their solution at sqrx.com. Connect with John: Find him on X @JohnCarseChapters00:00 Introduction and Time Zone Challenges02:54 John Carse's Journey into IT06:05 Transitioning to Cybersecurity08:46 The Importance of Customer Service in IT11:36 Formative Experiences in Help Desk and Field Services14:35 Understanding IT Systems for Cybersecurity23:51 The Interplay Between IT Skills and Cybersecurity24:41 The Role of Security Engineers in IT28:43 Understanding the Complexity of Cybersecurity29:33 Exploring the Field CISO Role32:55 The Browser as a Security Frontier42:07 Challenges in SaaS Security46:20 The Importance of Browser Security AwarenessSubscribe for more cybersecurity insights and career tips! Share your thoughts in the comments—how are you securing your browser? Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

#SecurityConfidential #DarkRhiinoSecurityJohn Carse is the Field CISO at SquareX and a seasoned cybersecurity leader with over 20 years of experience spanning the U.S. Navy, JPMorgan, Expedia, Dyson, and Rakuten. With a background in securing critical naval systems during his 14 years in the Navy, John has since built and led global security programs across finance, tech, and e-commerce. He holds multiple cloud security patents and is currently helping develop the industry's first Browser Detection and Response (BDR) solution. With hands-on expertise and a global perspective from roles in the U.S., Japan, Singapore, Bahrain, and Europe, John is passionate about tackling emerging threats and sharing real-world insights that blend innovation with practical defense. 00:00 Introduction03:00 Protecting Intellectual Property 10:37 Understand the business, then look at the controls14:18 How different is cybersecurity across the country22:16 Browser Detection Response32:19 Does BDR replace other tools?36:10 What about virtual environments?39:30 More from John---------------------------------------------------------------To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com---------------------------------------------------------------

John Carse is the Field CISO at SquareX and a seasoned cybersecurity leader with over 20 years of experience spanning the U.S. Navy, JPMorgan, Expedia, Dyson, and Rakuten. With a background in securing critical naval systems during his 14 years in the Navy, John has since built and led global security programs across finance, tech, and e-commerce. He holds multiple cloud security patents and is currently helping develop the industry's first Browser Detection and Response (BDR) solution. With hands-on expertise and a global perspective from roles in the U.S., Japan, Singapore, Bahrain, and Europe, John is passionate about tackling emerging threats and sharing real-world insights that blend innovation with practical defense. 

A special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about his background in the security industry, grants insight into attacks on browsers, and talks about the work his team at SquareX is doing to detect and mitigate browser-based attacks.

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/ In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-390

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/ In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Show Notes: https://securityweekly.com/bsw-390

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/ In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-390

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/ In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Show Notes: https://securityweekly.com/bsw-390

Automating SecOps processes and procedures - free your people, improve retention and increase productivityWhere creativity and diversity is keeping your SecOps one step ahead of the attackersMatching your effectiveness to organisational objectives - aligning your internal SOC metrics with those required by the boardThis episode is hosted by Thom Langford:https://www.linkedin.com/in/thomlangford/Prince Adu, Board Member - ISACA Accra Chapter, ISACAhttps://www.linkedin.com/in/prince-adu-ccsp-cisa-crisc-3759a520/Garrett Smiley, Chief of Staff to CDIO / Vice President of Digital Infrastructure and Technology Strategy, Maximushttps://www.linkedin.com/in/garrettsmiley/Matt Muller, Field CISO, Tines https://www.linkedin.com/in/matthewrmuller/

While cybercriminals can (and do) infiltrate organizations by exploiting software vulnerabilities and launching brute force attacks, the most direct—and often the most effective—route is via the inbox. As the front door of an enterprise and the gateway upon which employees rely to do their jobs, the inbox represents an ideal access point for attackers.And it seems that, unfortunately, cybercriminals aren't lacking when it comes to identifying new ways to sneak in. Abnormal Security's Field CISO, Mick Leach, will discuss some of the sophisticated threats we anticipate escalating in the coming year—including cryptocurrency fraud, AI-generated business email compromise, and more.Mick and I dove into a lot of great topics, including:The evolution of email based attacks and why traditional tooling may fall shortHow attackers are leveraging GenAI and LLM's to make more compelling email-based attacksHow defenders can utilize AI to improve their defensive capabilitiesThe role of tooling such as Secure Email Gateways and more, and how they still play a role but fail to meet the latest threat landscapeHow Abnormal is tacking email-based attacks and the outcomes they are helping customers achieve with streamlined integration and use

In this episode, we sit down with Rajan Kapoor, Field CISO of Material Security, to discuss the security risks and shortcomings of native cloud workspace security offerings and the role of modern platforms for email security, data governance, and posture management.Email and Cloud Collaboration Workspace Security continues to be one of the most pervasive and challenging security environments, and Rajan provided a TON of excellent insights. We covered:Why email and cloud workspaces are some of the most highly targeted environments by cyber criminals, what they can do once they do compromise the email environment, and the broad implications.The lack of security features and capabilities of native cloud workspaces such as M365 and Google Workspaces and the technical and resource constraints that drive teams to seek out innovative products such as Material Security.The tug of war between security and productivity and how Material Security helps address challenges of the native workspaces that often make it hard for people to do their work and lead to security being sidestepped.Particularly industries that are targeted and impacted the most, such as healthcare, where there is highly sensitive data, regulatory challenges, and more.Common patterns among threats, attacks, and vulnerabilities and how organizations can work to bolster the security of their cloud workspace environments.This is a fascinating area of security. We often hear “identity is the new perimeter” and see identity play a key role in trends such as zero trust. But, so often, that identity starts with your email, and it can lead to lateral movement, capturing MFA codes, accessing sensitive data, impacting business partners, phishing others in the organization, and more, all of which can have massive consequences for the organizations impacted.Raja brought his expertise as a Field CISO and longtime security practitioner to drop a ton of gems in this one, so be sure to check it out!

Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and neuroscience reshape how we approach security awareness, reducing risks in ways tech alone never could. In this episode, Ron and David examine why people, not technology, are at the core of effective cybersecurity. David teaches us about the SCARF model, warns us about the dangers of overconfidence in training, and explains how gamification can drive meaningful behavior change when it comes to cybersecurity awareness and risk reduction.    Impactful Moments: 00:00 – Introduction 02:00 – David Shipley's journey from journalist to cybersecurity leader 06:10 – Why motivation outshines knowledge in security training 08:20 – The Dunning-Kruger effect: Overconfidence in cybersecurity 11:17 – How overreliance on tech increases click rates 17:03 – Cybercriminals' evolving tactics and emotional manipulation 25:00 – Gamification in cybersecurity: Changing security behaviors 30:56 – Using the SCARF model to enhance security culture 39:45 – Emotional intelligence as a defense against AI threats Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: www.beauceronsecurity.com/partner   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

In this episode of the Security Podcast of Silicon Valley, a YSecurity Production, Jon and Sasha sit down with Jacob Berry, Field CISO at Clumio, to explore the intricate balance between security and business growth. Jacob shares his journey from a "punk hacker" to leading security for a cutting-edge cloud data protection company. We delve into the evolving role of the CISO, the complexities of managing security for cloud-based services, and the importance of balancing confidentiality, integrity, and availability. Jacob also discusses the human side of security, from customer conversations to the challenges and opportunities in the fast-paced world of startups. Tune in to learn how Jacob navigates the intersection of technology, privacy, and business strategy.

Jason Mar-Tang is the AVP, Field CISO at Pentera. In this episode, he joins host Heather Engel to discuss measuring ROI in cybersecurity, including some of the biggest challenges, the preparations organizations will need to take, cost-effective methods, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.

Join us in this episode of the Security Podcast in Silicon Valley, where host Jon McLachlan sits down with Kayne McGladrey, Field CISO at Hyperproof. Kayne shares his unique journey from theater to cybersecurity, offering insights into risk management, regulatory compliance, and the evolving landscape of cyber threats. Discover how his background in improv and theater has shaped his approach to cybersecurity, the importance of SEC 10-K disclosures, and practical advice for startups and security professionals. Don't miss this engaging and informative conversation! #Cybersecurity #CISO #RiskManagement #TheaterToTech #Hyperproof #SecurityLeadership #Podcast #Ysecurity

In this episode of Breaking Badness, we dive into the rapidly evolving world of cybersecurity with three industry leaders: Raymond Dijkxhoorn, CEO of SURBL; Nabil Hannan, Field CISO at NetSPI; and Jason Mar-Tang, Field CISO at Pentera. They explore the critical role of domain reputation in combating phishing and spam, how AI is reshaping both offensive and defensive cybersecurity strategies, and the growing threat of ransomware in today's digital landscape. With insights from BlackHat and beyond, we discuss everything from the future of phishing defense to the challenges AI poses in securing sensitive data, as well as how ransomware continues to evolve. Tune in to gain actionable insights on staying ahead of cyber threats and protecting your digital domain.

Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the adversary sees?  In this episode, Jason Haddix, Field CISO at Flare, shares his experiences in red teaming, accessing dark web credentials, and protecting against malicious actors. Whether you're curious about data exposure or how threat actors operate, this conversation offers insights into the constant changes in cybersecurity.   Impactful Moments: 00:00 - Introduction 01:11 - The Basics of the Dark Web and How Criminals Operate 07:16 - Flare's Role in Cybersecurity 11:14 - Common Security Mistakes 20:04 - Pen Testing with Flare 21:33 - Exploiting Exposed Credentials 22:19 - Reconnaissance Tools and Techniques 24:38 - Email Security Concerns 28:43 - The Power of Stealer Logs 38:21 - Dark Web Tactics and AI 39:33 - Advice for Cybersecurity Leaders 42:04 - Exploring Flare's Platform for Threat Intelligence 44:26 - Conclusion and Final Thoughts Links: Connect with our guest, Jason Haddix: https://www.linkedin.com/in/jhaddix/ Check out Flare here: https://flare.io Check out Arcanum here: https://www.arcanum-sec.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

In this episode of Brass Tacks - Talking Cybersecurity, Daniele Mancini, Field CISO at #Fortinet explains the three main drivers of change for #cybersecurity and the challenges these present for the #CISO: ➡️ The explosion in data volumes ➡️ The increasing speed of innovation ➡️ The growing interconnection of the digital ecosystem Tune in for a discussion on the importance of balancing technological innovation and business strategy and creating resilience to a broad range of cybersecurity incidents through a joined-up strategy supported by the three essential pillars of people, processes, and technology. Learn more: https://www.fortinet.com/blog/ciso-collective/building-cyber-resilience?utm_source=Social&utm_medium=YouTube&utm_campaign=BrassTacks-GLOBAL-Global&utm_content=BG-YouTubeGlobal-U&utm_term=Org-Social&lsci=7012H0000021nOIQAY&UID=ftnt-5649-736091 More about Fortinet: https://ftnt.net/6056oiHQE Read our blog: https://ftnt.net/60529liW2 Follow us on LinkedIn: https://ftnt.net/60549liW4

#SecurityConfidential #DarkRhiinoSecurity Dan Lohrmann is an internationally recognized cybersecurity leader, keynote speaker, and author with over 30 years of experience. He served as Chief Security Officer, CTO, and CISO for Michigan's government and received numerous national awards, including CSO of the Year and Computerworld Premier 100 IT Leader. He has advised top-level government and business leaders, including at the White House and U.S. Department of Homeland Security. Currently, Dan is the Field CISO for Presidio and co-author of Cyber Mayday and the Day After, a guide for managing business disruptions. 00:00 Snippet 01:59 Our Guest 09:13 Was Cybersecurity a term back then? 13:05 Everybody keeps getting breached, Why? 19:00 Creating a culture 32:50 Trust but Verify mentality 45:53 Stopping Online Fraud 52:13 Bring your own AI 57:05 Cyber Mayday ---------------------------------------------------------------------- To read about Dan visit https://www.govtech.com/authors/dan-lohrmann.html To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​

Ever wondered how the best defenders become unstoppable? They think like the attackers. In this episode with Jason Haddix, we reveal the strategies hackers don't want you to know about and show you how to use them to your advantage. Jason, CEO of Arcanum Information Security and Field CISO at Flare, helps us step into the mind of a hacker. With stories and insights that will change how you think about cybersecurity, he talks about the tactics that can turn any security program into a fortress. From exploiting the overlooked to using AI for unbeatable defense, this conversation will revolutionize your approach to cybersecurity.   00:00 Introduction 01:29 Jason Haddix, CEO at Arcanum and Field CISO for Flare 04:48 Origins of Arcanum 07:04 Recon in Cybersecurity 12:22 Recon Discoveries 27:41 Flare's Role in Credential Management 33:47 Tooling for Small Businesses 35:47 Using AI for Cybersecurity 41:23 Flare Platform Deep Dive 43:20 Conclusion   Links: Connect with our guest, Jason Haddix: https://www.linkedin.com/in/jhaddix/ Check out Flare here: https://flare.io Check out Arcanum here: https://www.arcanum-sec.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

On this episode of The Cybersecurity Defenders Podcast, we unpack the hacker mindset with Ken Westin, Senior Solutions Engineer at LimaCharlie.Ken is a seasoned thought leader in cybersecurity who has spent years analyzing and understanding the intricacies of cyber threats and the methods behind them. Ken has a unique ability to identify emerging trends in the industry and for figuring out how businesses can protect themselves before they fall victim to attacks. Previous to his current role, Ken was the Field CISO at Panther, where he developed workshops and delivered them around the world. His career also includes significant contributions at Cybereason, Elastic, and Splunk, where he drove security growth, developed innovative tools, and shaped industry conversations on cybersecurity. Ken has been a key spokesperson in the industry, frequently quoted in the media and featured at major conferences like Black Hat and DEF CON.Ken recently joined the team at LimaCharlie as a Senior Solutions Engineer, with the intent to use his deep expertise to help organizations build robust security strategies.Ken's reading list:“Daemon” - Daniel Suarez“Cryptonomicon” - Neal Stephenson“The Myth of Normal” - Gabor Maté“Threats: What Every Engineer Should Learn From Star Wars” - Adam Shostack“The Mitrokhin Archive” Christopher Andrew & Vasili Mitrokhin“The Road” - Cormac McCarthyThe song at the end of the podcast:Decrypted Savant - Mercator Misconceptions

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guest: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91Britive: https://itspm.ag/britive-3fa6AppDome: https://itspm.ag/appdome-neuv___________________________Episode NotesIn the latest episode of the CISO Circuit Series on the Redefining CyberSecurity Podcast, Sean Martin and Michael Piacente join forces in Las Vegas during the Black Hat USA 2024 Conference to engage in an insightful conversation about the evolving role of the Field CISO. Sean Martin is joined by Michael Piacente, Managing Partner and Co-Founder at Hitch Partners, as they dissect the significance and responsibilities of Field CISOs in today's cybersecurity landscape.A primary focus of the episode is understanding what a Field CISO actually entails. Michael Piacente explains that the role of Field CISO varies widely across organizations, but it generally falls into two categories: customer engagement and sales enablement. Companies might hire Field CISOs to build operational risk assessments and customer relationships, or to drive the technical sales process. For instance, Field CISOs play a pivotal role in product companies by acting as trusted advisors who help communicate complex technical topics in a digestible manner to potential clients.Michael also highlights key attributes that make a Field CISO successful, such as genuine cybersecurity experience, deep technical knowledge, a reputable name in the community, and robust networking skills. Successful Field CISOs can seamlessly transition between discussing technical details and broader strategic goals with stakeholders. Their role often includes influencing product development by bringing practical insights from customers back to the engineering teams.One crucial point raised during the discussion is the integrity and trustworthiness required for a Field CISO. Sean and Michael emphasize that maintaining trust within the CISO community is paramount. Field CISOs should avoid crossing lines between promotional activities and genuine advisory roles. They assert that integrity and transparency remain foremost in these roles, as they are often looked to for unbiased, independent advice.Another topic discussed is how organizations should approach hiring for the Field CISO role. Michael Piacente points out the importance of setting clear expectations, understanding the balance between operational duties and sales enablement, and ensuring that the Field CISO is genuinely aligned with the company's mission and capable of maintaining community trust.Overall, this episode sheds light on the nuanced nature of the Field CISO role, providing valuable insights for both aspiring Field CISOs and organizations looking to hire one. As the role continues to evolve, Michael and Sean underscore the need for a thoughtful approach to defining responsibilities and fostering an environment where integrity and expertise thrive.____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Bil Harmer, operating partner and CISO, Craft Ventures. In this episode: A time and a place for Field CISOs This isn't a new role Consulting the Field CISO Words mean things Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

Jeremiah Roe has held many roles in cybersecurity:  Field CISO, Red Teamer, Advisor, Consultant, Etc.  He currently advises for OffSec, who provide quality cybersecurity training.  Drew Simonis and Allan Alford determined that Jeremiah would be a great guest for launching a 3-part mini series - each of the three shows exploring People, Process and Technology respectively. The three cover the following topics in a lively conversation that journeys into several aspects of People as they relate to cybersecurity: People, Process, and Technology - Which is most important? If they knew what we knew about cybersecurity, would they behave differently? How to leverage training budges for a win-win-win. People gonna peop, businesses gonna biz. Incentivization, Positive Reinforcement and Deputization Enabling camaraderie - not just good culture Groupthink and Tribalism Join the three as they ride the cyber trails of "People" in the PPT triad! Y'all be good now!

"How do you drive trust in a digital first or software first world?" This is the question that Francis Ofungwu, Global Field CISO at GitLab, helps customers answer every day. Securing software development is unlike enterprise security, where CISOs have strong visibility into the environment and can exercise direct control. To secure software, leaders must convince those outside of their department to buy-in on their strategy and implement needed changes. Learn Francis' secrets for winning support and securing the SDLC in this episode of The CISO's Gambit.   

Jake Bernardes, Field CISO of Anecdotes, joins the Breaking Badness Cybersecurity Podcast in this week's episode! We're sharing Jake's background and path within infosec along with what's intriguing him about the industry currently, how conferences and in-person events can still play a role in community involvement, and we'll touch briefly on American history.

Break through? No, PUNCH through the AI hype in cybersecurity this week's guest, Mani Keerthi, Field CISO.George K and George A talk to Mani about:

“If you think about it from a cybersecurity perspective, how do you defend as an organization what you don't thoroughly understand?” asks Stephen Aiello, Field CISO at AHEAD. “For most organizations, when you think about the age of a lot of large-scale organizations, they've grown, they have developed over time. A lot of them have grown through acquisition and just the legacy infrastructure and the size and complexity of the infrastructure is really, really challenging for most organizations to manage. You build and build and build over time. And then people retire, people move. It just worked with a large insurance firm, a global insurance firm. And they were talking about one of their cloud environments. And they said, you know, none of the people that built this environment work here anymore. Like nobody really knows how it was stood up.” Steven Aiello In this podcast, a frontline CISO and an active member of the Cisco Advisory Board, describes the challenge from the inside out, including the real-world challenge of kit-bashed networks, assembled over time and different IT leadership teams, along with the ongoing challenge of a cybersecurity threat that changes by the hour. Stephen Aiello walks us through the issues and discusses Cisco Hypershield. “We've been saying that we want to get security as close to the asset or as close to the data as possible.” We discuss how Cisco Hypershield answers that need, especially in light of industries that not only have special IoT needs, but also operate under a rigorous regulatory structure. Visit www.cisco.com

Jason Mar-Tang is the AVP, Field CISO at Pentera. In this episode, he joins host Charlie Osbourne to discuss Pentera's annual pentesting report, "The State Of Pentesting 2024." Findings including that 51 percent of enterprises admitted to being compromised by a cyberattack over the past 2 years, the frequency gap between the rate of security testing and the rate of organizational change, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.

This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to where she is today. Before working at Lacework Merritt served in the Office of the CISO at Amazon Web Services, as part of a small elite team that formed a Deputy CISO. She provided technical cloud security guidance to AWS' largest customers, like the Fortune 100, on security as a bottom line proposition. She also has experience in all three branches of government and the private sector and served as Lead Cyber Advisor to the Federal Communications Commission. Merritt shares some amazing advice for up and comers into the field, saying "my personal philosophy is that no one has to go down for you to go up. I'm always encouraging my colleagues, um, and other executives to be thinking about how we can, you know, steal, sharpen, steal, how we can be good for each other, how we can collaborate, how we can, um, create more strengths in one another." We thank Merritt for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices