What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems?

Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment's compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can:

• Identify misconfigurations before they become exploited vulnerabilities
• Monitor configuration compliance with major frameworks

• Receive clear, actionable remediation guidance

  and more!

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can't Succeed Without a Talent Strategy, and more!

Show Notes: https://securityweekly.com/bsw-420

Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust?

Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the emergence of the Chief Trust Officer. For organizations that refuse to leave trust to chance, chief trust officers have emerged as the role responsible for shaping their firm's destiny. Jeff will explain why the role has emerged and details its responsibilities, organizational structures, and measures for success.

In the leadership and communications segment, Why must CISOs slay a cyber dragon to earn business respect?, Simon Sinek says the most successful people in the world 'hit zero' or came close to it: Failure is 'the gift', The Remote Leadership Paradox: Why Your Team Feels Micromanaged AND Abandoned (And How to Fix It), and more!

Show Notes: https://securityweekly.com/bsw-419

Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider?

Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share:

• Current vCISO trends
• What to look for in vCISO services
• Who fits/doesn't fit as a vCISO

vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview.

In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more!

Show Notes: https://securityweekly.com/bsw-410

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022.

As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.

Show Notes: https://securityweekly.com/vault-bsw-12

In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies:

• CSOs/CISOs for their focus on security
• CTOs for their focus on innovation
• CIOs for their focus on operational efficiency

Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results.

Segment Resources: 

www.okta.com/resources/whitepaper-ai-at-work-report/

www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

Show Notes: https://securityweekly.com/bsw-354

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy.

This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!

Show Notes: https://securityweekly.com/bsw-354

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022.

Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren't even security products — are saying they enable Zero Trust. The problem is this: you can't buy zero trust. It's an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.

Show Notes: https://securityweekly.com/vault-bsw-11

The recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this interview, Deep Instinct CIO Carl Froggett will explain why Deep Learning is the most superior form of AI, and the technology's role in powering predictive prevention.

This segment is sponsored by Deep Instinct. Visit https://securityweekly.com/deepinstinctrsac to learn more about them!

Attackers are targeting enterprise users when they are online via attacks like spear phishing, malicious docs infected with malware/ransomware.

Today SASE/SSE's Secure Web Gateway (SWG) component is touted as the solution to this problem. These SWGs look at traffic between the enterprise users and websites and try to infer attacks.

Unfortunately, attackers are subverting these SWGs and breaking into enterprises. There is an urgent need to stop this and the solution seems to be to have a browser native security agent which can detect-mitigate attacks happening on the users browser and allow enterprises to threat hunt web attacks company wide.

Segment Resources: Why Browser Native Solutions are better than Cloud Based Proxies: https://drive.google.com/file/d/1cItXj1KEm45ZNklASFmcvprbPqZChcMn/view?usp=sharing

Data Sheet: https://drive.google.com/file/d/1tv3q2iTFROJPceq2b9SJtzkdHD9J6mvC/view?usp=sharing

Blog on the Many Failures of Secure Web Gateways: https://labs.sqrx.com/the-unspoken-challenges-of-secure-web-gateways-c516bc287a6d

Latest Press Release: Forbes: Critical Security Flaws Found In Email Top 4—Apple, Gmail, Outlook & Yahoo: https://www.forbes.com/sites/daveywinder/2024/04/04/critical-security-flaw-in-apple-icloud-google-gmail-microsoft-outlook-yahoo-mail-aol-mail-email/

This segment is sponsored by Square X. Visit https://securityweekly.com/squarexrsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-353

Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including:

• Artificial Intelligence(AI)
• Continuous Threat Exposure Management(CTEM)
• Identity & Access Management (IAM)
• Cyber Risk

Padraic will also discuss the changing role of the CISO, at least in the eyes of Gartner. Don't miss this recap.

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

Show Notes: https://securityweekly.com/bsw-353

Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company's most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization's infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners.

Segment Resources:

Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/

Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!

With new industry regulations, like the SEC's Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals.

Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management

https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f

This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-352

Since the 1995 publication of Daniel Goleman's international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring "EQ" into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity?

In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including:

• Self Awareness
• Self Regulation
• Motivation
• Empathy
• Social Skills

and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode.

Show Notes: https://securityweekly.com/bsw-352

Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization.

This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them!

While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0.

This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!

Show Notes: https://securityweekly.com/vault-bsw-9

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on June 27, 2022.

Forgepoint Capital's Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and the future of the cybersecurity market. Hear his perspective on what security investments, as well as mergers and acquisitions, will look like throughout the next 12-18 months, and how responsible companies are staying the course amidst layoffs and budget cuts in order to turn uncertainty into a strategic path forward.

Segment Resources:

• Forgepoint's new CISO security priorities model: https://forgepointcap.com/news/forgepoint-capital-builds-first-ever-ciso-security-priorities-model/

• Recent exits that Forgepoint supported: - Forescout acquires Cysiv on June 6, 2022(release: https://www.cysiv.com/news/forescout-announces-intent-to-acquire-cysiv and Forgepoint's blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-partha-panda-ceo-of-cysiv/)

• SentinelOne acquires Attivo Networks on May 4, 2022 (release: https://www.sentinelone.com/press/sentinelone-completes-acquisition-of-attivo-networks/ and Forgepoint's "why we invested" blog: https://forgepointcap.com/news/attivo-networks-why-we-invested/)

• LexisNexis Risk Solutions Acquires BehavioSec on May 3, 2022 (release: https://risk.lexisnexis.com/about-us/press-room/press-release/20220503-behaviosec and Forgepoint's blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-neil-costigan-of-behaviosec/ )

• Cloudflare acquires Area 1 Security on April 1, 2022 (release: https://www.cloudflare.com/press-releases/2022/cloudflare-completes-acquisition-of-area-1-security/ and Forgepoint's "why we invested" blog: https://forgepointcap.com/news/area-1-security-why-we-invested/ )

Show Notes: https://securityweekly.com/vault-bsw-9

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it?

Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including:

• Immediate visibility into system misconfigurations before they become vulnerabilities
• Compliance transparency, showing exactly where systems fall short of industry standards
• One unified view, with filters by criticality, system, and framework
• Actionable insights, updated weekly and delivered straight to customers' inboxes

Segment Resources:

• https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps
• https://www.threatlocker.com/platform/defense-against-configurations

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When "Yes, and…" Backfires, and more!

Show Notes: https://securityweekly.com/bsw-409

In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She'll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era.

This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them!

In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira's automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs.

Segment Resources:

https://www.blumira.com/customer-stories/

https://www.blumira.com/why-blumira/

This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-351

This week, it's time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public companies:

Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc

Show Notes: https://securityweekly.com/bsw-351

In today's enterprises, the Identity Access Management (IAM) System is the key to a business' critical operations. But that IAM environment is more vulnerable than most security executives realize.

Segment Resources: https://www.mightyid.com/articles/the-r-in-itdr-the-missing-piece-in-identity-threat-detection-and-response

https://www.mightyid.com/download-am-i-covered

https://www.mightyid.com/articles/business-continuity-and-cyber-security-the-crucial-role-of-identity-resilience

https://www.mightyid.com/articles/vegas-under-cyber-attack-what-went-wrong

This segment is sponsored by MightyID. Visit https://securityweekly.com/mightyid to learn more about them!

AI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt's #1 Identity Security platform is leveraging a variety of AI capabilities to enhance the user experience and improve identity security and compliance, bringing AI to life in a practical, market leading way to drive value for our customers.

Segment Resources: https://saviynt.com/blog/analytics-ai-automation-and-abstraction-pioneering-the-next-chapter-in-identity-security/

This segment is sponsored by Saviynt. Visit https://www.securityweekly.com/saviyntrsac to learn more about them!

The common misperception that identity infrastructure and IAMs like Active Directory, Okta, or Ping can adequately secure the entire identity infrastructure is to blame for the continued barrage of cyber and ransomware attacks. Yes, each of these vendors has security controls baked into their solution, however they cannot extend those controls outside their environments to provide visibility, context, and protection beyond their walls. Hackers use the gaps between these tools to move throughout a company and evade detection. We don't expect Dell or Lenovo to protect our entire suite of endpoints. Nor do expect a single cloud provider to protect all your clouds; we rely on Wiz for that. Identity infrastructure remains the most unprotected part of the technology stack and needs dedicated protection, as organizations already apply for cloud, endpoints, or networks. Watch this conversation with Hed Kovetz as he takes us through why identity security remains the most unprotected part of the security stack, and what needs to change to advance the state of cybersecurity.

Segment Resources: https://www.silverfort.com/the-identity-underground-report/

https://www.forbes.com/sites/forbestechcouncil/2023/11/16/rethinking-the-framework-around-identity-security/

 https://techcrunch.com/2024/01/23/silverfort-now-valued-at-1b-after-raising-116m-for-its-holistic-approach-to-identity-security/

This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-350

Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including:

• Developing the training program
• Practice, practice, practice
• Imposing corrective actions
• Constantly evaluating/reviewing the success of the training program

Show Notes: https://securityweekly.com/bsw-349

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident?

Show Notes: https://securityweekly.com/bsw-349

In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more!

Show Notes: https://securityweekly.com/bsw-348

A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce.

Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them!

Show Notes: https://securityweekly.com/bsw-348

The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including:

• Quantification
• Materiality
• Evidence
• Disclosure

Show Notes: https://securityweekly.com/bsw-347

Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover:

• The background of CMMC
• Standardization of CMMC
• CMMC v3 changes and implementation timelines
• Best practices to prepare

Segment Resources: https://www.federalregister.gov/documents/2023/12/26/2023-27280/cybersecurity-maturity-model-certification-cmmc-program

https://www.forbes.com/sites/forbesbusinesscouncil/2024/02/13/the-department-of-defenses-cmmc-requirement-and-what-it-means-for-american-businesses/?sh=7ccbc268b7b5

https://consultdts.com/demystifying-the-cmmc-rule-a-breakdown-of-proposed-regulation/

Show Notes: https://securityweekly.com/bsw-347

As brands grow more digital, the threats grow more personal. Attackers impersonate executives, spin up fake websites, and leak sensitive data — hurting business reputations and breaking customer trust. How do you defend your organization's reputation and customers' trust?

Santosh Nair, Co-Founder and CTO at Styx Intelligence, joins Business Security Weekly to discuss how to defend trust and reputation in the age of AI. Santosh will cover both the company and executive challenges of defending against the latest AI attacks, including:

• Impersonations and Deepfakes
• Employee Scams
• Financial Fraud

Segment Resources: - https://styxintel.com/blog/what-is-brand-protection/ - https://styxintel.com/blog/brand-impersonation-hurts-business/ - https://styxintel.com/blog/social-engineering-tactics/

In the leadership and communications section, Mind the overconfidence gap: CISOs and staff don't see eye to eye on security posture, Your AI Strategy Needs More Than a Single Leader, Avoid These Communication Breakdowns When Launching Strategic Initiatives, and more!

Show Notes: https://securityweekly.com/bsw-408

In the leadership and communications section, Navigating Legal Challenges of Generative AI for the Board, Winds of Warning? SEC Charges Threaten to Disrupt Role of CISO, 6 Common Leadership Styles — and How to Decide Which to Use When, and more!

Show Notes: https://securityweekly.com/bsw-346

Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well.

In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how to accelerate that journey to lead to a successful outcome. Seth will share Merlin Venture's approach to helping startups tackle the largest markets in the world, including US enterprises and federal. He will also share what success looks like.

Segment Resources:

 https://merlin.vc/advice-for-young-startups-eyeing-federal-what-kind-of-tech-does-the-u-s-government-need/

https://merlin.vc/we-have-liftoff/

https://merlin.vc/portfolio/

 https://merlin.vc/dig-security-talon-cyber-security-acquired-by-palo-alto-networks/

 https://innovationisrael.org.il/en/digital-reports/

Show Notes: https://securityweekly.com/bsw-346

In this discussion, we focus on vendor/tool challenges in infosec, from a security leader's perspective. To quote our guest, Ross, "running a security program is often confused with shopping". You can't buy an effective security program any more than you can buy respect, or a black belt in kung fu (there might be holes in these examples, but you hopefully get the point). In fact, buying too much can often create more problems than it solves, especially if you're struggling to fill your staffing needs.

In part 1 of this 2-part episode, we'll discuss:

- The current state of vendor offerings in cybersecurity
- The difficulties of measuring value and efficacy in a product
- How to avoid building a security program that centers around managing products
- Shelfware
- Minimizing product overhead

In this discussion, we focus on vendor/tool challenges in infosec, from a security leader's perspective. To quote our guest, Ross, "running a security program is often confused with shopping". You can't buy an effective security program any more than you can buy respect, or a black belt in kung fu (there might be holes in these examples, but you hopefully get the point). In fact, buying too much can often create more problems than it solves, especially if you're struggling to fill your staffing needs.

In part 2 of this 2-part episode, we'll discuss:

- The pros and cons of buying from different types of companies
- Who to look to for product recommendations
- Is making a plan to "ditch before you hitch" a good or bad idea?
- What to do when you inherit a mess

Show Notes: https://securityweekly.com/bsw-345

In the leadership and communications section, The Strategic Implications of Cybersecurity: A C-Level Perspective, Leadership Misconceptions That Hinder Your Success , "Mastering Communication: Lessons from Two Years of Learning", and more!

Show Notes: https://securityweekly.com/bsw-344

Harold Rivas has held multiple CISO roles. In his current CISO role, he's championing Trellix's overall mission to address the issues CISOs face every day, encouraging information sharing and collaborative discussions among the CISO community to help address challenges and solve real problems together - part of this is through Trellix's Mind of the CISO Initiative and the Trellix CISO Council. In this interview, we do a little CISO soul-searching. Harold will bring insights from the initiative to cover some of the top challenges CISOs face in this ever-evolving role, including:

• Earning a seat at the table
• Talking the language of business
• Addressing the risks and opportunities of business evolution
• Reading the tea leaves of the future

and more! If you're a CISO or want to be a CISO, don't miss this episode.

Segment Resources: https://www.trellix.com/blogs/perspectives/introducing-trellixs-mind-of-the-ciso-initiative/ https://www.trellix.com/solutions/mind-of-the-ciso-report/ https://www.trellix.com/solutions/mind-of-the-ciso-behind-the-breach/

Show Notes: https://securityweekly.com/bsw-344

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, "How do you enable the business while still providing security oversight and governance?"

This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them!

Show Notes: https://securityweekly.com/bsw-343

In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more!

Show Notes: https://securityweekly.com/bsw-343

Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will impact how organizations can or cannot prepare for these emerging trends. Buckle up and hang on for part two of our jam packed episode.

Show Notes: https://securityweekly.com/bsw-342

Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifically, we'll hear about:

• The evolving threat landscape, including impacts of Artificial Intelligence
• The latest cybersecurity innovation, including what's working and what's NOT working
• The impact of budgets on buying decisions, including whether "best of breed" is dead in lieu of platforms

Tune in for this insightful discussion before you make your next strategic cybersecurity decisions.

Show Notes: https://securityweekly.com/bsw-342

Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, and other AI resources are used. And with this expansion of third-party AI component and services use comes an expanded security threat often not included in traditional supply chain management processes. It's time to update our supply chain management process to include AI governance. Easier said than done.

In this Say Easy, Do Hard segment, we invite three CISOs to discuss the challenges of AI and the supply chain, including:

• Data privacy concerns
• Flaws and malicious code in AI dependencies
• Lack of security tools to test for AI
• Vibe coding risks

and more. But we also do the hard part, by discussing the changes needed to your supply chain management process to address these concerns.

Show Notes: https://securityweekly.com/bsw-407

In the leadership and communications section, Cybersecurity in the C-Suite: A CISO's Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more!

Show Notes: https://securityweekly.com/bsw-341

When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and into their personal lives. The home is now the new battle field and family life will never be the same.

Chris Pierson, CEO at BlackCloak, joins Business Security Weekly to discuss the changes in the risk landscape for executives, including Generative AI, and its impacts on social engineering, personal attacks, and family threats. Executive protection must now include digital protection, both at work and at home.

This segment is sponsored by BlackCloak. Visit https://securityweekly.com/blackcloak to learn more about them!

Show Notes: https://securityweekly.com/bsw-341

In the leadership and communications section, Effective cyber security starts at the top, CISOs Struggling to Balance Regulation and Security Demands With Rising Cybersecurity Pressures, Death of the CIO, Redefining the CISO role, and more!

Show Notes: https://securityweekly.com/bsw-340

The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the difference in speeds with whistleblowers and attack groups reporting non-compliance with the new SEC rules and organizations find themselves in a regulatory nightmare.

Igor Volovich, VP of Compliance Strategy for Cyber Compliance at Qmulos, joins BSW to share his "Notes from the battlefield" on how automation is the only way to effectively converge security, risk, and compliance into a dynamic, real-time discipline.

Show Notes: https://securityweekly.com/bsw-340

Panoptica, Cisco's cloud application security solution, was born out of Outshift, Cisco's incubation engine. Shibu George, Engineering Product Manager at Outshift, joins Business Security Weekly to discuss his transition from application performance monitoring to application security and how Panoptica was born.

This segment is sponsored by Panoptica. Visit https://securityweekly.com/panoptica to learn more about them!

Show Notes: https://securityweekly.com/bsw-339

Released on January 26, 2023, the NIST AI RMF Framework was developed through a consensus-driven, open, transparent, and collaborative process that included a Request for Information, several draft versions for public comments, multiple workshops, and other opportunities to provide input. It is intended to build on, align with, and support AI risk management efforts by others.

Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins BSW to discuss why AI risks are a unique challenge and how they can impact both organizations and society. Without proper controls, AI systems can amplify, perpetuate, or exacerbate inequitable or undesirable outcomes for individuals and communities. With proper controls, AI systems can mitigate and manage inequitable outcomes.

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

Show Notes: https://securityweekly.com/bsw-339

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on February 22, 2022.

The Business Information Security Officer, or BISO, is relatively new and somewhat controversial role. Does this role act as the CISO's non-technical liaison to the business units or as the CISO's deputy to oversee strategy implementation at a granular level? Is this new role a necessary career path for future CISOs or an entry point into security? The BSW hosts debate!

Show Notes: https://securityweekly.com/vault-bsw-8

In the leadership and communications section, SEC's Enforcement Head: It's Time for 'Proactive Compliance', Improving cybersecurity culture: A priority in the year of the CISO, Breaking Down Barriers: 6 Simple Measures to Overcome Communication Barriers, and more!

Show Notes: https://securityweekly.com/bsw-338

Large security vendors and hyperscalers, including Microsoft, continue to expand their cybersecurity product and service portfolios. Microsoft's extensive enterprise reach, massive partner network, and enormous influence in the C-suite puts pressure on CIOs and CISOs to consolidate on it as much as possible for cybersecurity. This report helps security leaders understand Microsoft's cybersecurity portfolio, the tactics it uses, and how to manage peer and executive pressure to single-source security technology.

Show Notes: https://securityweekly.com/bsw-337

It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index came roaring back last quarter. Here are the stocks currently in the index:

SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. SPLK Splunk Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc DARK Darktrace PLC S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc

Show Notes: https://securityweekly.com/bsw-337

In the leadership and communications section, The CISO code of conduct: Ditch the ego, lead for real, The books shaping today's cybersecurity leaders, How to Succeed in Your Career When Change Is a Constant, and more!

Show Notes: https://securityweekly.com/bsw-406

In the leadership and communications section, A tougher balancing act in 2024, the year of the CISO, CISOs Struggle for C-Suite Status Even as Expectations Skyrocket, Want to Be a Better Leader? Stop Thinking About Work After Hours, and more!

Show Notes: https://securityweekly.com/bsw-336

How do you prepare for a cyber incident? You train as you fight, but in what environment? William "Hutch" Hutchinson, CEO and co-founder of SimSpace, joins BSW to share cyber best practices and why testing in your operational environment not a good idea. Learn what it takes to be Cyber Ready.

Show Notes: https://securityweekly.com/bsw-336

Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals?

In part 2, we get our hands dirty by addressing CISO hiring from the individual CISO. What should you look for in a CISO role? What questions should you be asking during the interview process? What are the non-negotiable items that must be part of the offer?

Show Notes: https://securityweekly.com/bsw-335