EPISODE · Jun 15, 2026 · 10 MIN
Why CISOs Are Using Breach and Attack Simulation Daily
from Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense · host Fexingo
Episode 54 of Cybersecurity Business with Fexingo. Lucas and Luna explore how enterprise security teams are adopting Breach and Attack Simulation (BAS) tools to continuously validate their defenses. They use a real example from May 2026: a large financial services firm used BAS to discover that their endpoint detection rules had drifted during a routine software update, leaving a known ransomware technique undetected for 72 hours. The hosts discuss how BAS differs from traditional penetration testing (continuous vs. point-in-time), the specific metrics it provides (e.g., mean time to detect, prevention rates), and why CISOs are now requiring BAS evidence during board briefings. Lucas explains the role of MITRE ATT&CK as the common language for these simulations, and Luna questions whether BAS creates alert fatigue. They also touch on the vendor landscape, including how platforms from companies like Pentera, Cymulate, and AttackIQ are competing on breadth of attack library and integration with SOAR tools. A concrete episode for security leaders and practitioners looking to understand the shift from annual pen tests to ongoing validation. #BreachAndAttackSimulation #ContinuousValidation #CISO #EnterpriseSecurity #MITREATTACK #SecurityTesting #Pentera #Cymulate #AttackIQ #Ransomware #EndpointDetection #SOAR #SecurityMetrics #BusinessAndTechnology #CybersecurityBusiness #FexingoBusiness #BusinessPodcast #SecurityOperations Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
Episode 54 of Cybersecurity Business with Fexingo. Lucas and Luna explore how enterprise security teams are adopting Breach and Attack Simulation (BAS) tools to continuously validate their defenses. They use a real example from May 2026: a large financial services firm used BAS to discover that their endpoint detection rules had drifted during a routine software update, leaving a known ransomware technique undetected for 72 hours. The hosts discuss how BAS differs from traditional penetration testing (continuous vs. point-in-time), the specific metrics it provides (e.g., mean time to detect, prevention rates), and why CISOs are now requiring BAS evidence during board briefings. Lucas explains the role of MITRE ATT&CK as the common language for these simulations, and Luna questions whether BAS creates alert fatigue. They also touch on the vendor landscape, including how platforms from companies like Pentera, Cymulate, and AttackIQ are competing on breadth of attack library and integration with SOAR tools. A concrete episode for security leaders and practitioners looking to understand the shift from annual pen tests to ongoing validation. #BreachAndAttackSimulation #ContinuousValidation #CISO #EnterpriseSecurity #MITREATTACK #SecurityTesting #Pentera #Cymulate #AttackIQ #Ransomware #EndpointDetection #SOAR #SecurityMetrics #BusinessAndTechnology #CybersecurityBusiness #FexingoBusiness #BusinessPodcast #SecurityOperations Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
Why CISOs Are Using Breach and Attack Simulation Daily
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m