Podcasts about secops

In this episode, I sit down with SAIC Chief Technology Officer (CTO) and longtime Federal/Defense leader Bob Ritchie to discuss his experience securing public sector digital modernization, including everything from large multi-cloud environments to zero trust, identity, and where things are headed with AI.Bob starts discussing SAIC and his background there. He went from intern to CTO over 20 years with this public sector industry leader, including a brief stint with Capital One on the commercial side.We covered the current state of the federal cloud community across multiple clouds (e.g., Azure, AWS, and GCP) and some of the challenges and opportunities on the security front.We often hear phrases such as “identity is the new perimeter,” but the perimeter is porous and problematic, especially in large, disparate environments such as the Federal/Defense ecosystem. Bob touched on the current state of identity security in this ecosystem, where progress is being made and what challenges still need to be tackled.The government is doing a big push towards Zero Trust, with the Cyber EO 14028, Federal/Defense ZT strategies, and more. But how much progress is being made on ZT, and where can we look for examples of innovation and success?We dove into the rise of excitement and adoption of AI, GenAI, Agentic AI, and protocols such as MCP, A2A, and where the public sector community can lean into Agentic AI for use cases ranging from SecOps, AppSec, GRC, and more.Bob explains how he balances a good business focus while staying deep in the weeds and proficient in relevant emerging technologies and nuances required as a CTO.I've known Bob for several years, and you would be hard pressed to find a more competent technology leader. This is not one to miss!

Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Each week, we bring you a different expert guest who will share their invaluable insights on topics ranging from threat hunting and incident response to security operations and detection engineering. What makes these sessions special is their informal and interactive nature, allowing for an engaging dialogue between our guests, hosts, and the audience.You can sign up to join us for the live sessions at limacharlie.io/defender-fridays

On this episode of the Cybersecurity Defenders Podcast we speak with Filip Stojkovski, Staff Security Engineer at Snyk.Filip is a cybersecurity professional with over 15 years of experience. He began his career as a SOC analyst and now leads SecOps engineering at Snyk. Filip also advises organizations on SOAR, AI for SOC, and threat intelligence strategies. He holds multiple SANS certifications, including GSTRT, GCTI, and GCFA, and was recognized as “Threat Seeker of the Year.” He is the creator of the LEAD Threat Intelligence Framework and the Security Automation Development Life Cycle. Filip regularly shares his expertise through industry talks and on his blog: Cyber Security Automation and Orchestration

If you like what you hear, please subscribe, leave us a review and tell a friend!

If you like what you hear, please subscribe, leave us a review and tell a friend!

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Matt Muller, Field CISO at Tines. With over a decade of experience at companies like Material Security, Coinbase, and Inflection, Matt's got a strong track record of scaling SecOps teams, building threat detection and mitigation programs, and driving trust and safety initiatives. His knowledge impressed Thomas and the Tines team so much that they invited him to become the company's first Field CISO. In this episode: [02:41] The origins of Matt's insatiable appetite for all things security [04:05] Matt's path from business degree to Director of Trust at Inflection [07:07] Scaling Coinbase's security team from 3 to 50 [08:41] Addressing security's long-standing communication problem [10:55] Why “failure wasn't an option” when managing risk at Coinbase [14:14] What led Matt to a product role on Material Security's phishing protection team [17:31] Building what customers ask for vs. actually solving their problems [21:14] How Matt stays up to date with industry developments [22:35] Matt's favorite use cases for security automation [25:25] Matt's go-to automation best practices [27:33] Cutting through AI hype to drive meaningful adoption [30:32] How Matt keeps himself honest as a Field CISO [32:21] Why the traditional SOC is broken - and what needs to change [35:30] The role of diverse hiring in building a resilient security strategy [39:00] What security teams will look like in 2030 [41:35] How CISOs are evolving to become chief risk advisors to the business [43:30] Connect with Matt Where to find Matt: LinkedIn Building SecOps newsletter Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Blue Team Con Material Security's Ryan Noon on the Future of Security Operations podcast

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Guests: Eric Foster, CEO of Tenex.AI Venkata Koppaka, CTO of Tenex.AI  Topics: Why is your AI-powered MDR special? Why start an MDR from scratch using AI? So why should users bet on an “AI-native” MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices?  What's the current breakdown in labor between your human SOC analysts vs your AI SOC agents? How do you expect this to evolve and how will that change your unit economics?  What tasks are humans uniquely good at today's SOC? How do you expect that to change in the next 5 years? We hear concerns about SOC AI missing things –but we know humans miss things all the time too. So how do you manage buyer concerns about the AI agents missing things?  Let's talk about how you're helping customers measure your efficacy overall. What metrics should organizations prioritize when evaluating MDR?  Resources: Video EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 (quote from Eric in the title!) EP10 SIEM Modernization? Is That a Thing? Tenex.AI blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog The original ASO 10X SOC paper that started it all (2021) “Baby ASO: A Minimal Viable Transformation for Your SOC” blog “The Return of the Baby ASO: Why SOCs Still Suck?” blog "Learn Modern SOC and D&R Practices Using Autonomic Security Operations (ASO) Principles" blog

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Raymond Schippers. With 15 years of experience leading detection and response teams, Raymond is a seasoned security leader with high-impact roles at Check Point and Canva under his belt. He recently became co-founder of Huntabil.IT, a Melbourne-based company providing organizations with tailored advisory services to align with their unique threat landscapes and business goals. In this episode: [02:27] Landing his first security internship at Siemens as a teenager [03:18] Reflecting on some state-sponsored attacks he encountered while working IR at Check Point [04:45] Working with government partners to attribute and dismantle APTs [08:10] The challenges of remediating threats for anonymized customers [09:30] What inspired Raymond's move from Check Point to Canva [10:35] Building Canva's blue team during the company's phase of hypergrowth [12:40] Rethinking the interview process to prioritize diversity in hiring [18:02] Proven strategies for reducing burnout and alert fatigue in IR [21:09] How Raymond's team used automation to scale security operations at Canva [23:16] The state of AI in security - and its most effective use cases [28:53] What inspired Raymond to found Huntabil.IT [31:09] Raymond's approach to working with non-profit organizations [39:15] The under-reported threats that could reshape the future of SecOps [44:06] Anticipating the biggest challenges security teams will face over the next five years [46:42] Connect with Raymond Where to find Raymond Schippers: LinkedIn Huntabil.IT Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Cyber Threat Alliance Raymond's talk on avoiding team burnout at BSides Perth

Segment 1 - Secrets and their role in infrastructure security From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2 - Weekly Enterprise News In this week's enterprise security news, we have: Funding, mostly focused on identity security and ‘secure-by-design' Palo Alto acquires one of the more mature AI security startups, Protect AI LimaCharlie is first with a cybersecurity-focused MCP offering Meta releases a ton of open source AI security tooling, including LlamaFirewall Exploring the state of AI in the SOC The first research on whether AI is replacing jobs is out Some CEOs are requiring employees to be more productive with AI Are prompts the new IOCs? Are puppies the new booth babes? We get closure on two previous stories we covered: one about an ex-Disney employee, and one about a tiny dog Segment 3 - Executive Interviews from RSAC CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges. CERT Water Management Case Study Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report 2025 TIP Buyer's Guide This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo! SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic's Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps. Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations Blog: RSAC 2025 Intelligent Security Operations Brief: Sumo Logic Threat Intelligence Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world LinkedIn Live: Implications of AI in a modern defense strategy This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-406

Guest: Diana Kelley, CSO at Protect AI  Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better  when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks?  Top differences between LLM/chatbot AI security vs AI agent security?  Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem' Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents  (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes

Segment 1 - Secrets and their role in infrastructure security From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2 - Weekly Enterprise News In this week's enterprise security news, we have: Funding, mostly focused on identity security and ‘secure-by-design' Palo Alto acquires one of the more mature AI security startups, Protect AI LimaCharlie is first with a cybersecurity-focused MCP offering Meta releases a ton of open source AI security tooling, including LlamaFirewall Exploring the state of AI in the SOC The first research on whether AI is replacing jobs is out Some CEOs are requiring employees to be more productive with AI Are prompts the new IOCs? Are puppies the new booth babes? We get closure on two previous stories we covered: one about an ex-Disney employee, and one about a tiny dog Segment 3 - Executive Interviews from RSAC CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges. CERT Water Management Case Study Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report 2025 TIP Buyer's Guide This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo! SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic's Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps. Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations Blog: RSAC 2025 Intelligent Security Operations Brief: Sumo Logic Threat Intelligence Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world LinkedIn Live: Implications of AI in a modern defense strategy This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-406

Segment 1 - Secrets and their role in infrastructure security From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2 - Weekly Enterprise News In this week's enterprise security news, we have: Funding, mostly focused on identity security and ‘secure-by-design' Palo Alto acquires one of the more mature AI security startups, Protect AI LimaCharlie is first with a cybersecurity-focused MCP offering Meta releases a ton of open source AI security tooling, including LlamaFirewall Exploring the state of AI in the SOC The first research on whether AI is replacing jobs is out Some CEOs are requiring employees to be more productive with AI Are prompts the new IOCs? Are puppies the new booth babes? We get closure on two previous stories we covered: one about an ex-Disney employee, and one about a tiny dog Segment 3 - Executive Interviews from RSAC CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges. CERT Water Management Case Study Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report 2025 TIP Buyer's Guide This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo! SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic's Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps. Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations Blog: RSAC 2025 Intelligent Security Operations Brief: Sumo Logic Threat Intelligence Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world LinkedIn Live: Implications of AI in a modern defense strategy This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! Show Notes: https://securityweekly.com/esw-406

Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. Hear from leaders at Accenture, NEC, Orange Cyberdefense, Cirion Technologies, and Google Cloud as they tackle the biggest challenges facing telcos—from AI-powered attacks and SecOps complexity to securing cloud infrastructure and building a security-first mindset. Tune in and stay ahead of the threat curve. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance

In an era where data breaches cost organizations millions and threaten business continuity daily, the intersection of data storage and security has never been more critical. Hear from two industry experts: Nolan Necoechea, Product Marketing leader from Varonis, and returning guest Jason Walker from Pure Storage. Together, we unpack how intelligent data classification, threat detection, and automated remediation are changing the cybersecurity landscape – and why the foundation of effective security starts with how your data is stored and classified. This episode takes listeners from Varonis's fascinating origin story (involving disappearing high-resolution ocean floor images) to the cutting-edge of modern cybersecurity practices. Nolan breaks down Varonis's comprehensive platform that creates visibility and control over data access, while Jason explains why Pure Storage provides the ideal foundation for these security solutions. Learn how real-time threat detection, user behavior analytics, and automated remediation aren't just buzzwords but essential components of modern data protection strategy. As AI-powered threats continue to evolve, this conversation offers practical insights into how organizations can stay ahead of bad actors through strategic partnerships and integrated solutions. Discover why streamlined SecOps and robust data classification are becoming table stakes for business continuity, and get a preview of what's next in the Varonis-Pure partnership. Whether you're a CISO, IT administrator, or business leader concerned about data protection, this episode delivers actionable intelligence on safeguarding your organization's most valuable asset: its data.

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Josh Lemos, CISO at GitLab. Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation. In this episode: [02:05] His early career path from mechanic to electrical engineer to security leader [03:35] Josh's philosophy on hiring and mentoring, plus his tips for creating networking opportunities [05:30] How he applies technical foundations from his practitioner days to his work as CISO [07:40] Building product security at ServiceNow from the ground up [10:40] “Down and in” versus “up and out” - adopting a new leadership style as CISO at Square [12:17] Josh's experience as an early AI and security researcher at Cylance [16:15] What's surprised Josh most about the evolution of AI [18:50] Why Josh calls today's models “AI version 1.0” - and what he thinks it will take to upgrade to version 2.0 [22:45] The LLM security threats Josh is most worried about, as a board member with Hidden Layer [26:30] “Expressing exponential value” - what excited Josh most about becoming CISO at GitLab [27:45] Why GitLab prioritizes “intentional transparency” [32:45] How GitLab automates and orchestrates its Tier 1 and Tier 2 security processes [34:10] How GitLab's security team uses GitLab internally [37:35] The secret to recruiting, hiring, and managing a remote, global team [39:45] The importance of in-person collaboration for building trust and connection [41:45] Downsizing, bootstrapping, and problem-solving: Josh's predictions for the future of SecOps [46:10] Connect with Josh Where to find Josh: LinkedIn GitLab Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: GitLab's Security Handbook GitLab's GUARD Framework Netskope's security blog Jobs at GitLab Haroon Meer

Stay in control with Microsoft Defender. You can identify which AI apps and cloud services are in use across your environment, evaluate their risk levels, and allow or block them as needed—all from one place. Whether it's a sanctioned tool or a shadow AI app, you're equipped to set the right policies and respond fast to emerging threats. Defender XDR gives you the visibility to track complex attack paths—linking signals across endpoints, identities, and cloud apps. Investigate real-time alerts, protect sensitive data from misuse in AI tools like Copilot, and enforce controls even for in-house developed apps using system prompts and Azure AI Foundry. Rob Lefferts, Microsoft Security CVP, joins Jeremy Chapman to share how you can safeguard your AI-powered environment with a unified security approach. ► QUICK LINKS: 00:00 - Stay in control with Microsoft Defender 00:39 - Identify and protect AI apps 02:04 - View cloud apps and website in use 04:14 - Allow or block cloud apps 07:14 - Address security risks of internally developed apps 08:44 - Example in-house developed app 09:40 - System prompt 10:39 - Controls in Azure AI Foundry 12:28 - Defender XDR 14:19 - Wrap up ► Link References Get started at https://aka.ms/ProtectAIapps ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics   

Guests: No guests [Tim in Vegas and Anton remote] Topics: So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year? Thinking back to Next '24, what felt genuinely different this year versus just the next iteration of last year's trends? Last year, we pondered the 'Cloud Island' vs. 'Cloud Peninsula'. Based on Next 2025, is cloud security becoming more integrated with general cyber security, or is it still its own distinct domain? What wider trends did you observe, perhaps from the expo floor buzz or partner announcements, that security folks should be aware of? What was the biggest surprise for you at Next 2025? Something you absolutely didn't see coming? Putting on your prediction hats (however reluctantly): based on Next 2025, what do you foresee as the major cloud security focus or challenge for the industry in the next 12 months? If a busy podcast listener listening could only take one key message or action item away from everything announced and discussed at Next 2025, what should it be? Resources: EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps  

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane. Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise. Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's. Finally, we'll discuss the future of AI and try to end on a positive or hopeful note! What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like: disconnects between vulnerability analysts and asset owners gaps and issues in vulnerability discovery and asset management different options for workflows between security and IT: which is best? patching it like you stole it Oh, did we mention Matt built an open source vuln scanner? https://sirius.publickey.io/ In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-403

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane. Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise. Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's. Finally, we'll discuss the future of AI and try to end on a positive or hopeful note! What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like: disconnects between vulnerability analysts and asset owners gaps and issues in vulnerability discovery and asset management different options for workflows between security and IT: which is best? patching it like you stole it Oh, did we mention Matt built an open source vuln scanner? https://sirius.publickey.io/ In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-403

In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-403

In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-403

In this episode, we sit down with the Co-Founder and CPO of Seemplicity, Ravid Circus, to discuss tackling the prioritization crisis in cybersecurity and how AI is changing vulnerability management.We dove into a lot of great topics, including:The massive challenge of not just finding and managing vulnerabilities but also remediation, with Seemplicity's Year in Review report finding organizations face 48.6 million vulnerabilities annually and only 1.7% of them are critical. That still means hundreds of thousands to millions of vulnerabilities need to be remedied - and organizations struggle with this, even with the context of what to prioritize.There's a lot of excitement around AI in Cyber, including in GRC, SecOps, and, of course, AppSec and vulnerability management. How do you discern between what is hype and what can provide real outcomes?What practical steps can teams take to bridge the gap between AI's ability to find problems and security teams' ability to fix them?One of the major issues is determining who is responsible for fixing findings in the space of Remediation Operations, where Seemplicity specializes. Ravid talks about how, both technically and culturally, Seemplicity addresses this challenge of finding the fixer.What lies ahead for Seemplicity this year with RSA and beyond

In this episode, we sit down with David Melamed and Shai Horovitz of the Jit team. We discussed Agentic AI for AppSec and how security teams use it to get real work done.We covered a lot of key topics, including:What some of the systemic problems facing AppSec are, even before the widespread adoption of AI, such as vulnerability prioritization, security technical debt and being outnumbered exponentially by Developers.The surge of interest and investment in AI and agentic workflows for AppSec, and why AppSec is an appealing space for this sort of investment and excitement.How the prior wave of AppSec tooling was focused on findings problems, riding the wave of shift left but how this has led to alert fatigue and overload, and how the next-era of AppSec tools will need to focus on not just finding but actually fixing problems.Some of the unique capabilities and features the Jit team has been working on, such as purpose-built agents in areas such as SecOps, AppSec and Compliance, as well as context-graphs with organizational insights to drive effective remediation.The role of Agentic AI and how it will help tackle some of the systemic challenges in the AppSec industry.Addressing concerns around privacy and security when using AI, by leveraging offerings from CSPs and integrating guardrails and controls to mitigate risks.

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Joe McCallister. Joe's journey in security is truly unique - in less than a decade, he pivoted from selling BMWs to his current role as Senior Manager of Cybersecurity Operations at The Trade Desk. He's also led impactful initiatives in risk management, threat hunting, and incident response at Synoptek. In this episode: [02:18] Transitioning from selling BMWs to leading a security team [06:14] Moving from practitioner to manager and leaning into the role of the "communications guy" [09:52] Balancing security team priorities with company goals [11:40] The threats that keep Joe up at night [14:06] How The Trade Desk's rapid growth has affected day-to-day operations [16:10] Ensuring security stays top of mind for other business units [19:32] Practical tips for strengthening collaboration with IT and other teams [22:13] Joe's approach to hiring and building a resilient team [26:30] Enabling his incident response team to thrive, even when he's not there [30:58] Joe's top three leadership principles [33:22] Tips for salary negotiation, both as a practitioner and a manager [39:58] Navigating imposter syndrome and anxiety [42:37] How AI is fueling Joe's optimism for the future of SecOps [44:29] Connect with Joe The Future of Security Operations is brought to you by Tines, the orchestration, automation, and AI platform that powers some of the world's most important workflows.  Where to find Joe: LinkedIn Rocky Mountain Information Security Conference (May 28 - 30, 2025) Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Colorado=Security Annual Salary Surveys & Resources

Guest: Henrique Teixeira, Senior VP of Strategy, Saviynt, ex-Gartner analyst Topics: How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present?  ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Management) are emerging areas in IAM. How do you see these fitting into the overall IAM landscape? Are they truly distinct categories or just extensions of existing IAM practices? Shouldn't ITDR just be part of your Cloud DR or maybe even your SecOps tool of choice? It seems goofy to try to stand ITDR on its own when the impact of an identity compromise is entirely a function of what that identity can access or do, no? Regarding workload vs. human identity, could you elaborate on the unique security considerations for each? How does the rise of machine identities and APIs impact IAM approaches? We had a whole episode around machine identity that involved turtles–what have you seen in the machine identity space and how have you seen users mess it up? The cybersecurity world is full of acronyms. Any tips on how to create a memorable and impactful acronym?  Resources: EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!) EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy? EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM? EP94 Meet Cloud Security Acronyms with Anna Belak EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them) EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security “Playing to Win: How Strategy Really Works” book “Open” book  

What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process. In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future. It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however. Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working? In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections. Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again. Session Resources: Rethinking Threat Exposure Management: A Unified Approach to Reducing Risk This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering. In the enterprise security news, Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-399

What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process. In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future. It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however. Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working? In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections. Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again. Session Resources: Rethinking Threat Exposure Management: A Unified Approach to Reducing Risk This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering. In the enterprise security news, Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-399

It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however. Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working? In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections. Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again. Show Notes: https://securityweekly.com/esw-399

It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however. Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working? In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections. Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again. Show Notes: https://securityweekly.com/esw-399

What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process. In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future. Show Notes: https://securityweekly.com/esw-399

What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process. In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future. Show Notes: https://securityweekly.com/esw-399

In this episode, we sit down with Investor, Advisor, Board Member, and Cybersecurity Leader Chenxi Wang to discuss the interaction of AI and Cybersecurity, what Agentic AI means for Services-as-a-Software, as well as security in the boardroomChenxi and I covered a lot of ground, including:When we discuss AI for Cybersecurity, it is usually divided into two categories: AI for Cybersecurity and Securing AI. Chenxi and I walk through the potential for each and which one she finds more interesting at the moment.Chenxi believes LLMs are fundamentally changing the nature of software development, and the industry's current state seems to support that. We discussed what this means for Developers and the cybersecurity implications when LLMs and Copilots create the majority of code and applications.LLMs and GenAI are currently being applied to various cybersecurity areas, such as SecOps, GRC, and AppSec. Chenxi and I unpack which areas AI may have the greatest impact on and the areas we see the most investment and innovation in currently.As mentioned above, there is also the need to secure AI itself, which introduces new attack vectors, such as supply chain attacks, model poisoning, prompt injection, and more. We cover how organizations are currently dealing with these new attack vectors and the potential risks.The biggest buzz of 2025 (and beyond) is Agentic AI or AI Agents, and their potential to disrupt traditional services work represents an outsized portion of cybersecurity spending and revenue. Chenxi envisions a future where Agentic AI and Services-as-a-Software may change what cyber services look like and how cyber activities are conducted within an organization.If you aren't already following Chenxi Wang on LinkedIn, I strongly recommend you do. I have a lot of connections, but she is someone when I see a post, I am sure to stop and read because she shares a TON of great insights from the boardroom, investment, cyber, startups, AI, and more.I'm thankful to have her on the show to come chat!

In this episode, we sit down with Lior Div and Nate Burke of 7AI to discuss Agentic AI, Service-as-Software, and the future of Cybersecurity. Lior is the CEO/Co-Founder of 7AI and a former CEO/Co-Founder of Cybereason, while Nate brings a background as a CMO with firms such as Axonius, Nagomi, and now 7AI.Lior and Nate bring a wealth of experience and expertise from various startups and industry-leading firms, which made for an excellent conversation.We discussed:The rise of AI and Agentic AI and its implications for cybersecurity.Why the 7AI team chose to focus on SecOps in particular and the importance of tackling toil work to reduce cognitive overload, address workforce challenges, and improve security outcomes.The importance of distinguishing between Human and Non-Human work, and why the idea of eliminating analysts is the wrong approach.Being reactive and leveraging Agentic AI for threat hunting and proactive security activities.The unique culture that comes from having the 7AI team in-person on-site together, allowing them to go from idea to production in a single day while responding quickly to design partners and customer requests.Challenges of building with Agentic AI and how the space is quickly evolving and growing.Key perspectives from Nate as a CMO regarding messaging around AI and getting security to be an early adopter rather than a laggard when it comes to this emerging technology.Insights from Lior on building 7AI compared to his previous role, founding Cybereason, which went on to become an industry giant and leader in the EDR space.

ServiceNow, the AI platform for business transformation, has announced the Yokohama platform release, unleashing new AI agents across CRM, HR, IT, and more, for faster, smarter workflows and maximum, end-to-end business impact. These latest innovations include teams of preconfigured AI agents that deliver productivity and predictable outcomes from day one, on a single platform, as well as capabilities to build, onboard, and manage the entire AI agent lifecycle. Because data fuels AI, the company also announced expansion of its Knowledge Graph with advancements to its Common Service Data Model (CSDM) to break down barriers among data sources for more connected AI agents. According to Gartner, "By 2028, 40% of CIOs will demand "Guardian Agents" be available to autonomously track, oversee, or contain the results of AI agent actions," underscoring the growing need for a coordinated, enterprise-wide approach to AI deployment and management. As businesses race to unlock the full potential of agentic AI, ServiceNow serves as the AI agent control tower for enterprises, with solutions that remove common roadblocks like data fragmentation, governance gaps, and real-time performance challenges. Unlike other AI providers that operate in silos or require complex integrations, ServiceNow AI Agents are built on a single, enterprise-wide platform, helping ensure seamless data connectivity with Workflow Data Fabric. By providing a single view of all workflows, AI, and automation needs, ServiceNow enables companies to seamlessly coordinate thousands of AI agents across CRM, IT, HR, finance, and more, enabling total enterprise-wide visibility and control. "Agentic AI is the new frontier. Enterprise leaders are no longer just experimenting with AI agents; they're demanding AI solutions that can help them achieve productivity at scale," said Amit Zavery, president, chief product officer, and chief operating officer at ServiceNow. "ServiceNow's industry-leading agentic AI framework meets this need by delivering predictability and efficiency from the start. With the combination of agentic AI, data fabric, and workflow automation all on one platform, we're making it easier for organisations to embed connected AI where work happens and both measure and drive business outcomes faster, smarter, and at scale." ServiceNow AI Agents are now available to radically accelerate productivity at scale Enterprise leaders are moving beyond experimentation, demanding AI solutions that drive real outcomes. ServiceNow's AI capabilities generate insights that power AI agent reasoning, planning, learning, and orchestration, equipping businesses to more rapidly achieve impactful goals. New ServiceNow AI Agents are available today and ready to help businesses accelerate productivity, streamline operations, and drive real outcomes for enterprise-wide use cases. For example: Security Operations (SecOps) expert AI agents transform security operations by streamlining the entire incident lifecycle, eliminating repetitive tasks and empowering SecOps teams to focus on quickly stopping real threats. Autonomous change management AI agents act like a seasoned change manager, instantly generating custom implementation, test, and backout plans by analyzing impact, historical data, and similar changes - ensuring seamless execution with minimal risk. Proactive network test & repair AI agents operate as AI-powered troubleshooters that automatically detect, diagnose, and resolve network issues before they impact performance. Simplify AI agent management for a more streamlined lifecycle ServiceNow AI Agent Orchestrator and AI Agent Studio are also now generally available with expanded capabilities to govern the complete AI agent lifecycle - from building AI agents, to onboarding and monitoring their performance, to ensuring enterprises realize the value they need. This includes: Enhanced onboarding capabilities through AI Agent Studio to streamline the setup process with guided instru...

Guest: Dave Hannigan, CISO at Nu Bank Topics: Tell us about the challenges you're facing as CISO at NuBank and how are they different from your past life at Spotify? You're a big cloud based operation  - what are the key challenges you're tracking in your cloud environments?  What lessons do you wish you knew back in your previous CISO run [at Spotify]? What metrics do your team report for you to understand the security posture of your cloud environments?  How do you know “your” cloud use is as secure as you want it to be? You're a former Googler, and I'm sure that's not why, so why did you choose to go with Google SecOps for your organization? Resources: “Moving shields into position: How you can organize security to boost digital transformation” blog and the paper. “For a successful cloud transformation, change your culture first” blog “Is your digital transformation secure? How to tell if your team is on the right path”' blog EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same? EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don't Forget Resilience!) “Thinking Fast and Slow” book “Turn the Ship Around” book

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes Show Notes: https://securityweekly.com/esw-394

We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes Show Notes: https://securityweekly.com/esw-394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with Show Notes: https://securityweekly.com/esw-394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with Show Notes: https://securityweekly.com/esw-394

Collaboration among tech and business teams is crucial to advancing your business. Extreme Networks is introducing Extreme Platform ONE to support this collaboration. In this sponsored episode, we talk about how this product is designed to streamline workflows and enhance user experience through automation and AI integration. Extreme Networks Platform ONE is a centralized platform... Read more »

Collaboration among tech and business teams is crucial to advancing your business. Extreme Networks is introducing Extreme Platform ONE to support this collaboration. In this sponsored episode, we talk about how this product is designed to streamline workflows and enhance user experience through automation and AI integration. Extreme Networks Platform ONE is a centralized platform... Read more »

Automating SecOps processes and procedures - free your people, improve retention and increase productivityWhere creativity and diversity is keeping your SecOps one step ahead of the attackersMatching your effectiveness to organisational objectives - aligning your internal SOC metrics with those required by the boardThis episode is hosted by Thom Langford:https://www.linkedin.com/in/thomlangford/Prince Adu, Board Member - ISACA Accra Chapter, ISACAhttps://www.linkedin.com/in/prince-adu-ccsp-cisa-crisc-3759a520/Garrett Smiley, Chief of Staff to CDIO / Vice President of Digital Infrastructure and Technology Strategy, Maximushttps://www.linkedin.com/in/garrettsmiley/Matt Muller, Field CISO, Tines https://www.linkedin.com/in/matthewrmuller/

SecOps continues to be one of the most challenging areas of cybersecurity. It involves addressing alert fatigue, minimizing dwell time and meantime-to-respond (MTTR), automating repetitive tasks, integrating with existing tools, and leading to ROI.In this episode, we sit with Grant Oviatt, Head of SecOps at Prophet Security and an experienced SecOps leader, to discuss how AI SOC Analysts are reshaping SecOps by addressing systemic security operations challenges and driving down organizational risks.Grant and I dug into a lot of great topics, such as:Systemic issues impacting the SecOps space include alert fatigue, triage, burnout, staffing shortages, and inability to keep up with threats.What makes SecOps such a compelling niche for Agentic AI, and what key ways can AI help with these systemic challenges?How Agentic AI and platforms such as Prophet Security can aid with key metrics such as SLOs or meantime-to-remediation (MTTR) to drive down organizational risks.Addressing the skepticism around AI, including its use in production operational environments and how the human-in-the-loop still plays a critical role for many organizations.Many organizations are using Managed Detection and Response (MDR) providers as well, and how Agentic AI may augment or replace these existing offerings depending on the organization's maturity, complexity, and risk tolerance.How Prophet Security differs from vendor-native offerings such as Microsoft Co-Pilot and the role of cloud-agnostic offerings for Agentic AI.

We've heard a ton of excitement about AI Agents, Agentic AI, and its potential for Cybersecurity. This ranges in areas such as GRC, SecOps, and Application Security (AppSec).That is why I was excited to sit down with Ghost Security Co-Founder/CEO Greg Martin.In this episode, we sit down with Ghost Security CEO and Co-Founder Greg Martin to chat about Agentic AI and AppSec. Agentic AI is one of the hottest trends going into 2025, and we will discuss what it is, its role in AppSec, and what system industry challenges it may help tackle.Greg and I chatted about a lot of great topics, including:The hype around Agentic AI and what makes AppSec, in particular, such a promising area and use case for AI to tackle longstanding AppSec challenges such as vulnerabilities, insecure code, backlogs, and workforce constraints.Greg's experience as a multi-time founder, including going through acquisitions, but what continues to draw him back to being a builder and operational founder.The challenges of historical AppSec tooling and why the time for innovation, new ways of thinking, and leveraging AI is due.Whether we think AI will end up helping or hurting more in terms of defenders and attackers and their mutual use of this promising technology.And much more, so be sure to tune in and check it out, as well as check out his team at Ghost Security and what they're up to!