Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense podcast artwork

PODCAST · business

Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense

Lucas and Luna examine the business of cybersecurity: the companies that build defenses, the breaches that expose weaknesses, and the enterprise strategies that determine who survives a digital siege. Each episode dissects one security vendor's financial filings, contract wins, and R&D spend — CrowdStrike versus Palo Alto Networks, the Okta identity saga, how SentinelOne's AI detection affects its gross margins. They walk through actual breach post-mortems (Colonial Pipeline, SolarWinds, MOVEit) and ask: what did the insurance payout look like, which C-suite roles took the blame, and how did the stock move? Lucas reads directly from SEC filings and earnings call transcripts; Luna presses on competitive moats, customer churn, and the cost of zero-day exploits. The show serves investors tracking the cybersecurity ETF, CISOs benchmarking vendor spend, and product managers who need to understand how boardroom risk appetite translates into line-item budgets. Conversations stay grounded in m

  1. 49

    How Security Teams Use MFA Fatigue to Strengthen Authentication

    Episode 61 of Cybersecurity Business with Fexingo explores how attackers are weaponizing MFA fatigue—bombarding users with push notifications until they approve—and what security teams are doing about it. Lucas and Luna break down the rise of MFA bombing attacks, the role of number matching and conditional access policies, and why some enterprises are moving to phishing-resistant FIDO2 keys. They examine a real-world case: how a mid-sized financial firm cut successful MFA fatigue attacks by 94 percent after implementing a three-pronged defense. If you operate or build in business technology, this episode offers a practical look at the evolving authentication arms race. #MFAFatigue #Authentication #Cybersecurity #PushBombing #FIDO2 #NumberMatching #ConditionalAccess #PhishingResistant #ZeroTrust #IdentitySecurity #EnterpriseDefense #Microsoft #DuoSecurity #Business #Technology #FexingoBusiness #BusinessPodcast #SecurityOperations Keep every episode free: buymeacoffee.com/fexingo

  2. 48

    How Security Teams Are Using User and Entity Behavior Analytics

    Episode 60 of Cybersecurity Business with Fexingo dives into User and Entity Behavior Analytics (UEBA) — the technology that learns what 'normal' looks like for users and machines, then flags the anomalous. Lucas and Luna explore how CrowdStrike and Microsoft Sentinel are baking behavioral baselining into their platforms, why a finance intern's late-night VPN login from a new device triggered a real incident response, and how UEBA differs from signature-based detection. They also discuss the challenge of false positives when a company has 10,000 employees and each one behaves differently. By the end, you'll understand why UEBA is becoming a core layer in enterprise defense — and why some CISOs still struggle to trust it. #UserAndEntityBehaviorAnalytics #UEBA #CrowdStrike #MicrosoftSentinel #Cybersecurity #AnomalyDetection #BehavioralAnalytics #MachineLearning #EnterpriseDefense #SOC #IncidentResponse #FalsePositives #SecurityOperations #InsiderThreat #DataScience #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  3. 47

    Why CISOs Are Using SaaS-to-SaaS Backup Strategies

    Episode 59 of Cybersecurity Business with Fexingo explores why enterprise security teams are adopting dedicated SaaS-to-SaaS backup tools to protect critical cloud applications like Salesforce, Microsoft 365, and ServiceNow. Lucas and Luna break down the shared responsibility model gap, the shift from legacy on-prem backup approaches, and why recovering deleted or corrupted data from a SaaS app can take days or weeks without a proper backup layer. They cite real-world examples, including a 2024 outage at a major CRM provider that permanently lost customer records for organizations relying solely on native recycle bins. The hosts also explain how modern SaaS backup solutions use API-based incremental snapshots and immutable storage to ensure rapid recovery. If you are responsible for securing enterprise collaboration tools or managing vendor risk, this episode will help you assess whether your current data protection strategy has a blind spot. #SaaSToSaaSBackup #DataProtection #CyberResilience #EnterpriseSecurity #Microsoft365 #Salesforce #ServiceNow #SharedResponsibility #BackupStrategy #CloudSecurity #BusinessContinuity #SaaSApps #DataRecovery #CISO #SecurityArchitecture #FexingoBusiness #BusinessPodcast #BusinessAndTechnology Keep every episode free: buymeacoffee.com/fexingo

  4. 46

    How Security Teams Are Using AI-Powered Red Teaming

    Episode 58 of Cybersecurity Business with Fexingo explores a fresh approach to security testing: AI-powered red teaming. Lucas and Luna discuss how companies like Anthropic, Google, and Microsoft are using large language models to automate and scale red teaming exercises, shifting from manual penetration testing to continuous, AI-driven attack simulation. They examine a specific case from early 2026 where a major bank used an LLM-based red team to find a critical vulnerability in their cloud infrastructure that human testers missed over three quarters. The hosts break down how these systems work, the limits of current models, and why CISOs are increasingly adopting this technique to keep pace with evolving threats. Tune in for a concrete look at how AI is transforming offensive security testing. #AI #RedTeaming #Cybersecurity #LLM #Anthropic #Google #Microsoft #VulnerabilityTesting #CloudSecurity #OffensiveSecurity #PenetrationTesting #CISO #ThreatSimulation #BusinessAndTechnology #EnterpriseDefense #FexingoBusiness #BusinessPodcast #SecurityTesting Keep every episode free: buymeacoffee.com/fexingo

  5. 45

    How Security Teams Use Dark Web Monitoring to Detect Stolen Credentials

    Episode 57 of Cybersecurity Business with Fexingo: How enterprise security teams are monitoring the dark web for stolen credentials, leaked data, and early breach indicators. Lucas and Luna break down the specific techniques—from automated scraping to human intelligence—using real-world examples like the 2024 Snowflake campaign and the rise of credential-stuffing attacks. They discuss how companies like SpyCloud and Flare build commercial dark web monitoring services, why speed matters (a credential posted within minutes of a breach), and the challenge of false positives. The episode also covers the legal and ethical gray zones, including whether security teams should engage with threat actors directly. A practical look at a critical layer of modern enterprise defense, anchored to mid-2026 trends in credential exposure. #DarkWebMonitoring #CredentialTheft #Cybersecurity #BreachDetection #ThreatIntelligence #SpyCloud #Flare #Snowflake #CredentialStuffing #SecurityOperations #Infostealer #CISO #EnterpriseDefense #DataBreach #Business #Technology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  6. 44

    How Endpoint Detection and Response Became Essential

    Lucas and Luna explore the evolution of endpoint detection and response (EDR) from a niche tool to a cornerstone of enterprise cybersecurity. They discuss the 2023 MGM Resorts breach that highlighted gaps in traditional antivirus, the rise of EDR vendors like CrowdStrike and SentinelOne, and how EDR now integrates with XDR and SIEM to provide continuous visibility. Lucas explains the shift from signature-based detection to behavioral analytics and the role of machine learning in stopping ransomware. Luna asks about the cost barriers for small businesses and whether managed EDR services level the playing field. The episode also touches on the controversy around EDR data privacy and the growing demand for EDR skills in the job market. By the end, listeners understand why CISOs now treat EDR as non-negotiable and what the future holds with AI-driven automation. #EndpointDetectionAndResponse #EDR #Cybersecurity #EnterpriseDefense #CrowdStrike #SentinelOne #MicrosoftDefender #Ransomware #MGMResortBreach #BehavioralAnalytics #MachineLearning #XDR #SIEM #ManagedEDR #CISO #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  7. 43

    Why Security Teams Use Secure Access Service Edge Architecture

    Episode 55 of Cybersecurity Business with Fexingo dives into Secure Access Service Edge (SASE) architecture. Lucas and Luna unpack how enterprises are replacing branch-office VPNs with a cloud-delivered model that converges networking and security. They examine the 2024 Gartner Magic Quadrant for SASE, why Palo Alto Networks and Zscaler dominate, and how a Fortune 500 retailer cut latency by 40 percent after migrating to a single-vendor SASE stack. The hosts also discuss the tension between networking and security teams, and why SASE adoption jumped from 15 percent to 38 percent of organizations in two years. Listen for a concrete breakdown of what SASE actually is, who it works for, and where it still falls short. #SASE #SecureAccessServiceEdge #Cybersecurity #EnterpriseDefense #CloudSecurity #ZeroTrust #SDWAN #PaloAltoNetworks #Zscaler #NetworkSecurity #Gartner #MagicQuadrant #BusinessAndTechnology #ITInfrastructure #RemoteAccess #FexingoBusiness #BusinessPodcast #SecurityArchitecture Keep every episode free: buymeacoffee.com/fexingo

  8. 42

    Why CISOs Are Using Breach and Attack Simulation Daily

    Episode 54 of Cybersecurity Business with Fexingo. Lucas and Luna explore how enterprise security teams are adopting Breach and Attack Simulation (BAS) tools to continuously validate their defenses. They use a real example from May 2026: a large financial services firm used BAS to discover that their endpoint detection rules had drifted during a routine software update, leaving a known ransomware technique undetected for 72 hours. The hosts discuss how BAS differs from traditional penetration testing (continuous vs. point-in-time), the specific metrics it provides (e.g., mean time to detect, prevention rates), and why CISOs are now requiring BAS evidence during board briefings. Lucas explains the role of MITRE ATT&CK as the common language for these simulations, and Luna questions whether BAS creates alert fatigue. They also touch on the vendor landscape, including how platforms from companies like Pentera, Cymulate, and AttackIQ are competing on breadth of attack library and integration with SOAR tools. A concrete episode for security leaders and practitioners looking to understand the shift from annual pen tests to ongoing validation. #BreachAndAttackSimulation #ContinuousValidation #CISO #EnterpriseSecurity #MITREATTACK #SecurityTesting #Pentera #Cymulate #AttackIQ #Ransomware #EndpointDetection #SOAR #SecurityMetrics #BusinessAndTechnology #CybersecurityBusiness #FexingoBusiness #BusinessPodcast #SecurityOperations Keep every episode free: buymeacoffee.com/fexingo

  9. 41

    How CISOs Use Threat Intelligence Platforms to Predict Attacks

    Episode 53 of Cybersecurity Business with Fexingo dives into how enterprise security teams are using threat intelligence platforms (TIPs) to shift from reactive defense to predictive offense. Lucas and Luna explore a real-world case: how a Fortune 500 retailer in Q2 2026 used a TIP to detect a supply-chain attack targeting its third-party logistics provider before any data was exfiltrated. They break down the TIP's role aggregating indicators of compromise from open-source feeds and industry sharing groups, correlating them with internal telemetry, and surfacing a high-confidence alert that bypassed traditional signature-based tools. The conversation covers the platform's ability to prioritize vulnerabilities using the EPSS scoring system, the shift from human-driven threat hunting to automated intelligence feed ingestion, and why adoption is accelerating as AI-generated phishing campaigns outpace manual analysis. Lucas and Luna also discuss the cost-benefit equation for mid-market firms, the challenge of false positives, and whether TIPs will eventually become built into standard SIEM solutions. The episode closes with a reflection on the tension between prediction and privacy. #ThreatIntelligence #CISO #EnterpriseSecurity #CyberDefense #PredictiveSecurity #TIP #SupplyChainAttack #EPSS #SIEM #ThreatHunting #AIPhishing #Fortune500 #SecurityOperations #CyberThreats #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #Cybersecurity Keep every episode free: buymeacoffee.com/fexingo

  10. 40

    Why CISOs Are Using Cyber Insurance Policy Reviews to Reduce Premiums

    Episode 52 of Cybersecurity Business with Fexingo explores how enterprise security teams are leveraging cyber insurance policy reviews to lower premiums and close coverage gaps. Lucas and Luna walk through a real example: a mid-size fintech company that cut its premium by 18 percent — roughly $120,000 — by aligning its security controls with underwriter requirements after a detailed policy review. The hosts explain what a policy review actually looks like: mapping existing security controls (MFA, EDR, incident response retainer, patch cadence) against insurer questionnaires, identifying mismatches like a missing endpoint detection tool for a specific server class, and negotiating better terms. They also discuss why insurers are tightening exclusions around ransomware, business email compromise, and silent cyber — and how proactive reviews can prevent nasty surprises at claims time. The episode covers the growing role of insurance brokers who specialize in cyber, the emergence of policy language audits by third-party firms, and a cautionary note on how one misaligned control can void coverage for an entire incident. Practical, specific, and grounded in real numbers — not theory. #CyberInsurance #PolicyReview #PremiumReduction #CISO #EnterpriseSecurity #Ransomware #BusinessEmailCompromise #Underwriting #SecurityControls #MFA #EDR #IncidentResponse #InsuranceBroker #SilentCyber #CoverageGap #Business #Technology #FexingoBusiness Keep every episode free: buymeacoffee.com/fexingo

  11. 39

    How Security Teams Are Using Identity-First Zero Trust to Stop Lateral Movement

    In this episode of Cybersecurity Business, Lucas and Luna explore why enterprise security teams are shifting from network-centric zero trust to an identity-first approach. We examine a specific case: how a mid-size healthcare organization prevented a ransomware attack by implementing continuous identity verification and micro-segmentation based on user roles rather than IP addresses. Lucas breaks down the concept of 'just-in-time access' — granting permissions only when needed and revoking them automatically — and explains why this matters as hybrid work blurs network perimeters. Luna questions whether identity-first zero trust can work alongside legacy Active Directory environments, and Lucas shares real data: one study found that 80% of breaches involve compromised credentials, making identity the new security perimeter. The hosts also discuss the role of conditional access policies and how tools like Okta and Azure AD are evolving to support this model. By the end, listeners will understand why identity-first zero trust reduces lateral movement risk and how to start implementing it without rebuilding their entire network. #Cybersecurity #ZeroTrust #IdentityFirst #LateralMovement #EnterpriseSecurity #CISO #HealthcareSecurity #Okta #AzureAD #JustInTimeAccess #Microsegmentation #RansomwarePrevention #BusinessAndTechnology #SecurityStrategy #FexingoBusiness #BusinessPodcast #CybersecurityPodcast #SecurityOperations Keep every episode free: buymeacoffee.com/fexingo

  12. 38

    Why Security Teams Are Hiring Former Attackers

    Episode 50 of Cybersecurity Business with Fexingo. Lucas and Luna explore the growing trend of ethical hacking consultancies — firms that hire reformed or vetted black-hat hackers to test enterprise defenses. They dive into the case of Synack, a Redwood City startup that has built a platform crowdsourcing 1,500 vetted ethical hackers, and how companies like Microsoft and the U.S. Department of Defense have used similar models. The hosts discuss the pros and cons of hiring former attackers, the economics of bug bounty platforms vs. traditional penetration testing, and what this means for the future of cybersecurity hiring. A concrete look at how the industry is turning adversarial talent into a defensive asset. #EthicalHacking #Synack #BugBounty #PenetrationTesting #RedTeam #CrowdsourcedSecurity #Microsoft #DepartmentOfDefense #HackerOne #Bugcrowd #VulnerabilityResearch #SecurityTalent #CyberDefense #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #Cybersecurity #EnterpriseSecurity Keep every episode free: buymeacoffee.com/fexingo

  13. 37

    How Security Teams Use Open XDR to Correlate Alerts

    Episode 49 of Cybersecurity Business with Fexingo explores how enterprises are consolidating dozens of point security tools into open extended detection and response (Open XDR) platforms. Lucas and Luna break down the specific cost and speed benefits using the example of a mid-sized fintech company that reduced its mean time to detect from 12 hours to under 4 minutes by adopting an Open XDR architecture. They explain the difference from SIEM, why integration APIs matter more than dashboards, and how open standards help security teams avoid vendor lock-in while still getting best-of-breed detection. The episode also touches on the role of MITRE ATT&CK mapping across tools and why some CISOs are shifting from buying platforms to buying data pipelines. A natural donation segment links the topic to listener support keeping the show ad-free. #OpenXDR #ExtendedDetectionAndResponse #Cybersecurity #SecurityOperations #SIEM #MITREATTACK #ThreatDetection #AlertCorrelation #VendorLockIn #APISecurity #DataPipeline #FintechSecurity #MDR #EDR #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #CISO Keep every episode free: buymeacoffee.com/fexingo

  14. 36

    How Security Teams Use Bug Bounties to Find Hidden Vulnerabilities

    In this episode of Cybersecurity Business with Fexingo, Lucas and Luna explore how bug bounty programs have become a critical component of modern enterprise security. They examine the economics behind pay-per-vuln models, comparing platforms like HackerOne and Bugcrowd, and discuss the rise of private programs for sensitive assets. The episode also covers the tension between researchers and corporations, including the debate over disclosure timelines and legal protections. Specific examples include how a major tech company reduced its critical vulnerability count by 60% after launching a bounty program, and why some firms are moving to invitation-only models. Listeners will learn why bug bounties are not just about finding bugs but about building a community of ethical hackers. #BugBounty #EthicalHacking #VulnerabilityDisclosure #HackerOne #Bugcrowd #Cybersecurity #PenetrationTesting #SecurityResearch #CISO #EnterpriseSecurity #CrowdsourcedSecurity #ZeroDay #ResponsibleDisclosure #SecurityTesting #InfoSec #BusinessPodcast #Technology #FexingoBusiness Keep every episode free: buymeacoffee.com/fexingo

  15. 35

    Why CISOs Are Using Security Chaos Engineering to Test Resilience

    Lucas and Luna dive into Security Chaos Engineering—a practice where enterprises deliberately inject failures into production environments to test defensive resilience. Lucas explains how Netflix pioneered Chaos Monkey but argues that real security chaos engineering goes deeper, using controlled experiments like network partition failures, TLS certificate expirations, and API throttling to uncover blind spots before attackers do. Luna brings up a case study from a major bank that simulated a ransomware encryption event on a non-critical replica to validate their incident response playbook—saving an estimated $3 million in potential downtime. The episode covers why traditional penetration testing and red team exercises miss the chaotic complexity of real attacks, and how tools like AWS Fault Injection Simulator and open-source Litmus are making chaos engineering accessible to mid-market teams. Lucas and Luna also discuss the cultural shift required: security teams must embrace failure as data, not blame. The episode ends with a forward-looking question about whether regulators will eventually mandate resilience testing as they do stress testing for financial institutions. #SecurityChaosEngineering #CISO #ChaosEngineering #ResilienceTesting #NetflixChaosMonkey #AWSFaultInjection #LitmusChaos #ProductionTesting #IncidentResponse #RansomwareSimulation #EnterpriseSecurity #CybersecurityTrends #DevSecOps #Business #Technology #FexingoBusiness #BusinessPodcast #CyberResilience Keep every episode free: buymeacoffee.com/fexingo

  16. 34

    Why Enterprise Security Teams Are Adopting Cyber Asset Attack Surface Management

    Episode 46 of Cybersecurity Business with Fexingo examines why enterprise security teams are shifting toward CAASM — Cyber Asset Attack Surface Management — to get a handle on their sprawling digital estates. Lucas and Luna break down the core problem: most organizations have 30-40% more assets than they realize, including shadow IT, cloud instances, and decommissioned servers. The episode focuses on a specific case: how a Fortune 500 manufacturer used CAASM to discover 8,000 unknown assets — including a legacy database exposed to the internet — and cut its average response time from 18 days to 4 hours. The hosts also discuss how CAASM platforms like Axonius and JupiterOne integrate with existing tools to give security teams a single pane of glass, and why Gartner predicts 30% of large enterprises will adopt CAASM by 2027. No fluff, just the nuts and bolts of asset management. #CAASM #CyberAssetAttackSurfaceManagement #EnterpriseSecurity #ShadowIT #AssetDiscovery #Axonius #JupiterOne #Fortune500 #SecurityOperations #AssetInventory #CloudSecurity #Gartner #VulnerabilityManagement #AttackSurface #BusinessAndTechnology #BusinessPodcast #FexingoBusiness #CybersecurityBusiness Keep every episode free: buymeacoffee.com/fexingo

  17. 33

    How Security Teams Use Automated Patch Management to Close Vulnerabilities

    In this episode of Cybersecurity Business, Lucas and Luna explore the growing role of automated patch management in enterprise security. They break down how companies like Microsoft and Palo Alto Networks are leveraging automation to close critical vulnerabilities faster than ever before. With the median time to exploit a known vulnerability dropping to just 15 days, manual patching is no longer sufficient. The hosts discuss real-world examples, including how a major healthcare provider reduced its patch deployment time from 45 days to 72 hours using automation tools from Ivanti and Qualys. They also examine the challenges of patching legacy systems and the importance of prioritization based on exploitability. Tune in to understand why automated patch management has become a cornerstone of modern defense strategy. #Cybersecurity #PatchManagement #Automation #VulnerabilityManagement #EnterpriseSecurity #MSP #Microsoft #PaloAltoNetworks #Ivanti #Qualys #ZeroDay #CVE #RiskPriority #LegacySystems #BusinessAndTechnology #BusinessPodcast #FexingoBusiness #CybersecurityStrategy Keep every episode free: buymeacoffee.com/fexingo

  18. 32

    Why Security Teams Are Using Cyber Threat Intelligence Sharing

    Episode 44 of Cybersecurity Business with Fexingo dives into the rise of structured threat intelligence sharing among enterprise security teams. Lucas and Luna examine how organizations are moving beyond siloed defense to join information-sharing and analysis centers (ISACs) and adopt platforms like MISP and STIX/TAXII. They discuss a real-world case: how the Health-ISAC helped hospitals patch a critical vulnerability in medical devices within 48 hours during the first quarter of 2026. The episode also covers the tension between sharing sensitive data and protecting competitive advantage, and how anonymization and legal frameworks like the Cybersecurity Information Sharing Act (CISA) enable collaboration. Listeners learn why threat intelligence sharing is becoming a standard practice, not a nice-to-have, and how even mid-size companies can participate without overcommitting resources. #CyberThreatIntelligence #ThreatIntelligenceSharing #ISAC #MISP #STIX #TAXII #HealthISAC #CybersecurityInformationSharingAct #CISA #EnterpriseSecurity #SecurityOperations #CyberDefense #VulnerabilityManagement #SupplyChainSecurity #InformationSharing #CyberResilience #BusinessAndTechnology #FexingoBusiness Keep every episode free: buymeacoffee.com/fexingo

  19. 31

    How Security Teams Use Vendor Security Ratings to Assess Third-Party Risk

    Lucas and Luna explore how enterprises are using vendor security ratings — letter-grade scores from firms like SecurityScorecard and BitSight — to assess third-party risk before signing contracts. They walk through a real example: how a mid-sized bank used a rating of 'C' on a cloud storage vendor to push for remediation clauses, saving an estimated $2.3 million in potential breach costs. The episode covers why these ratings matter, how they're calculated (external scanning, breach databases, user behavior), and the controversy around false positives when a small vendor gets downgraded for a non-exploitable open port. Lucas also shares data showing that 63% of data breaches now originate through third-party vendors. The conversation ties back to the broader shift from trusting vendor self-assessments to continuous, data-driven monitoring. #VendorSecurityRatings #ThirdPartyRisk #SecurityScorecard #BitSight #CyberRating #SupplyChainSecurity #VendorAssessment #ContinuousMonitoring #AttackSurface #CyberInsurance #CISO #EnterpriseSecurity #VendorRisk #BreachCost #FalsePositive #Business #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  20. 30

    Why Security Teams Are Using Continuous Threat Exposure Management

    Episode 42 of Cybersecurity Business with Fexingo dives into Continuous Threat Exposure Management (CTEM) — the security framework that Gartner predicts will reduce attack surface exploitation by two-thirds by 2027. Lucas and Luna break down how companies like a mid-sized financial services firm used CTEM to cut their exposure window from 90 days to under 72 hours, without buying a single new tool. They explain the five-phase cycle: scoping, discovery, prioritization, mobilization, and measurement. The conversation covers why traditional vulnerability management is failing — 12 million new CVEs in 2025 alone — and how CTEM shifts focus from patching everything to addressing the 3% of exposures that actually matter. Lucas shares how one CISO used a simple business impact score to get board buy-in, and Luna questions whether CTEM is just a rebrand of risk-based vulnerability management. The episode closes with a reflection on how security teams can start small: one critical asset, one business process, one quarter. #Cybersecurity #ContinuousThreatExposureManagement #CTEM #VulnerabilityManagement #CISO #Gartner #AttackSurface #ThreatDetection #RiskBasedVulnerabilityManagement #EnterpriseSecurity #BusinessAndTechnology #Podcast #FexingoBusiness #BusinessPodcast #SecurityOperations #ExposureWindow #BusinessImpactScore #SecurityFramework Keep every episode free: buymeacoffee.com/fexingo

  21. 29

    How Security Teams Are Using Deception Technology to Trap Attackers

    Episode 41 of Cybersecurity Business with Fexingo explores deception technology, a proactive defense strategy where security teams deploy decoys—fake servers, credentials, and data—to lure attackers away from real assets. Lucas and Luna dive into a case study: a mid-sized healthcare company that detected a ransomware intrusion within minutes after an attacker triggered a decoy Active Directory account. They discuss how modern deception platforms use machine learning to generate realistic lures, the trade-offs vs. traditional honeypots, and why CISOs at firms like a major European bank are allocating 5-10% of their security budgets to deception. The hosts also touch on the cost: deploying deception across a 10,000-employee enterprise runs roughly $150,000 annually, a fraction of the average $4.5 million breach cost. Tune in to understand why deception is moving from espionage-grade tactic to mainstream enterprise defense. #DeceptionTechnology #CyberDeception #Honeypots #EnterpriseSecurity #RansomwareDefense #ThreatDetection #CISO #HealthcareCyberSecurity #ActiveDirectory #MachineLearning #BreachPrevention #CyberDefense #FexingoBusiness #BusinessPodcast #Business #Technology #Cybersecurity #SecurityStrategy Keep every episode free: buymeacoffee.com/fexingo

  22. 28

    Why Enterprise Security Teams Are Adopting Cyber Mesh Architecture

    Episode 40 of Cybersecurity Business with Fexingo explores why forward-looking CISOs are ditching the traditional castle-and-moat model for cyber mesh architecture. Lucas and Luna break down how Gartner's 2022 prediction is playing out in mid-2026, with real examples from a Fortune 500 retailer that consolidated six legacy security tools into a mesh. They discuss the technical and organizational challenges—including the shift to identity-centric policy enforcement and the need for unified data fabrics. The hosts also touch on how cyber mesh affects incident response timelines and vendor lock-in. If you're a security pro or tech executive evaluating next-generation defense frameworks, this episode gives you the concrete trade-offs and implementation lessons from early adopters. #CyberMeshArchitecture #Gartner #IdentitySecurity #ZeroTrust #EnterpriseDefense #DataFabric #IncidentResponse #VendorLockIn #Fortune500 #CISO #SecurityOperations #NetworkSecurity #BusinessTechnology #PodcastEpisode #CybersecurityBusiness #FexingoBusiness #BusinessPodcast #TechLeadership Keep every episode free: buymeacoffee.com/fexingo

  23. 27

    Why Security Teams Are Using AI for Threat Detection

    On this episode of Cybersecurity Business with Fexingo, Lucas and Luna explore how enterprises are deploying artificial intelligence to detect cyber threats in real time. They examine a case study from a mid-sized financial services firm that reduced its mean time to detect from 12 hours to under 3 minutes by implementing a machine learning model trained on network traffic patterns. The hosts discuss the trade-offs between supervised and unsupervised learning, the challenge of false positives, and why human analysts remain essential. They also touch on how vendors like CrowdStrike and Darktrace are evolving their platforms. If you're a CISO or security architect evaluating AI tools, this episode provides a concrete framework for measuring ROI. #Cybersecurity #ArtificialIntelligence #ThreatDetection #MachineLearning #CrowdStrike #Darktrace #EnterpriseSecurity #Business #Technology #FexingoBusiness #BusinessPodcast #SecurityAnalytics #SOC #MDR #EndpointSecurity #NetworkSecurity #AIinCybersecurity #BreachDetection Keep every episode free: buymeacoffee.com/fexingo

  24. 26

    How CISOs Are Using Quantum-Safe Cryptography Now

    As quantum computing inches closer to breaking current encryption standards, some forward-thinking CISOs aren't waiting for the threat to materialize. This episode explores why JPMorgan Chase has already begun deploying quantum-safe cryptographic algorithms for certain data transmissions, and how the National Institute of Standards and Technology's 2024 post-quantum cryptography standards are driving early adoption. Lucas and Luna dive into the specific migration challenges enterprises face, from crypto-agility to hybrid certificate management, and why the banking sector is moving fastest. Expect concrete examples of how organizations are testing lattice-based cryptography alongside existing RSA and ECC systems, and what the timeline for full migration might look like. #QuantumComputing #PostQuantumCryptography #CISO #Cryptography #NIST #JPMorganChase #EnterpriseSecurity #CryptoAgile #LatticeBasedCryptography #Encryption #BankingSecurity #DataProtection #Technology #Business #Cybersecurity #FexingoBusiness #BusinessPodcast #Episode38 Keep every episode free: buymeacoffee.com/fexingo

  25. 25

    Why Security Teams Are Using EASM to Find Hidden Assets

    In this episode of Cybersecurity Business with Fexingo, Lucas and Luna dive into External Attack Surface Management (EASM) — a rapidly growing category in enterprise defense. They explore how companies like CrowdStrike and Tenable are acquiring EASM startups to help organizations discover exposed assets they didn't even know they had. Lucas shares a striking case: a Fortune 500 retailer whose acquisition of a smaller brand left thousands of forgotten subdomains and cloud instances unmanaged. Luna asks how these tools actually work under the hood — and whether they create new risks by scanning the internet. The hosts discuss how EASM fits into a broader shift from reactive patching to continuous discovery, and why the average enterprise has 30 percent more external assets than they track. If you're responsible for security strategy, this episode gives you the concrete angle on why asset discovery matters now. #EASM #ExternalAttackSurfaceManagement #CrowdStrike #Tenable #Cybersecurity #EnterpriseSecurity #AssetDiscovery #AttackSurface #CyberDefense #SecurityStrategy #CISO #CloudSecurity #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #CyberRisk #ThreatIntel #SecurityTools Keep every episode free: buymeacoffee.com/fexingo

  26. 24

    Why Security Teams Are Using Cyber Deception Traps

    Episode 36 dives into how cybersecurity teams deploy honeypots and deception grids to catch attackers early. Lucas explains how one mid-size healthcare company used a fake database filled with decoy patient records to detect a ransomware group before they encrypted real systems. Luna questions whether deception tools are legal in regulated industries, and the hosts discuss the rise of active defense strategies. They also explore a 2025 case where a European bank caught state-backed hackers using a decoy server. The episode covers practical deployment tips, the difference between low-interaction and high-interaction traps, and why CISOs are adding deception to their stack alongside EDR and SIEM. If you work in security operations or are curious how defenders go on the offensive, this episode offers a concrete look at a growing technique. #CyberDeception #Honeypots #ActiveDefense #SecurityOperations #ThreatDetection #RansomwareDefense #DeceptionTechnology #CISO #CyberTraps #DecoyData #EnterpriseSecurity #IncidentResponse #Business #Technology #FexingoBusiness #BusinessPodcast #Cybersecurity #DeceptionGrid Keep every episode free: buymeacoffee.com/fexingo

  27. 23

    How Cybersecurity Teams Are Using Purple Teaming to Bridge Red and Blue

    Episode 35 of Cybersecurity Business with Fexingo dives into purple teaming — the practice of combining red team offensive security testing with blue team defensive operations in a collaborative, continuous cycle. Lucas and Luna explore how companies like Capital One and JPMorgan Chase have adopted purple teaming to find and fix vulnerabilities faster, reduce mean time to detect, and break down silos between offensive and defensive security teams. They discuss the specific metrics that matter, the tools involved (like Atomic Red Team and Caldera), and the cultural shift required to make purple teaming work. Lucas explains why many CISOs now mandate at least one purple team exercise per quarter, and Luna questions whether smaller companies can afford the approach. The episode also covers a real-world example: how a healthcare organization used purple teaming to discover a critical Active Directory misconfiguration before attackers did. A focused, actionable look at a practice that's reshaping enterprise defense. #PurpleTeaming #RedTeam #BlueTeam #Cybersecurity #EnterpriseDefense #CISO #CapitalOne #JPMorganChase #AtomicRedTeam #Caldera #ActiveDirectory #SecurityOperations #MTTD #Business #Technology #FexingoBusiness #BusinessPodcast #CyberDefense Keep every episode free: buymeacoffee.com/fexingo

  28. 22

    How Security Teams Are Using Digital Twins to Simulate Attacks

    Episode 34 of Cybersecurity Business with Fexingo explores the emerging use of digital twins in enterprise security. Lucas and Luna break down how companies like Microsoft and Siemens are building virtual replicas of their networks to simulate advanced persistent threats—without risking production systems. They discuss a real case where a global bank saved $12 million by catching a ransomware payload in a twin before it hit live servers. The hosts also examine the technology's limitations, including fidelity gaps and compute costs. This is a practical look at a concept moving from industrial engineering into cyber defense rooms. No marketing fluff, just the operational reality for CISOs evaluating this tool. #Cybersecurity #DigitalTwin #AttackSimulation #EnterpriseSecurity #ThreatModeling #Microsoft #Siemens #Ransomware #CISO #NetworkSecurity #APTSimulation #TechStrategy #SecurityOperations #Business #Technology #FexingoBusiness #BusinessPodcast #CyberDefense Keep every episode free: buymeacoffee.com/fexingo

  29. 21

    How Security Teams Are Using Ransomware Negotiations to Save Millions

    When ransomware hits, the conventional wisdom says 'never pay.' But in Episode 33 of Cybersecurity Business, Lucas and Luna explore the growing practice of professional ransomware negotiation — where specially trained third-party negotiators engage with attackers on behalf of victim companies. They break down the real numbers from a 2025 ransomware case involving a midsize healthcare network that saved $4.2 million by negotiating down a $5.8 million demand to $1.6 million. Lucas explains how negotiators use psychological framing, proof-of-life verification, and leverage from threat intelligence to drive down ransoms. Luna pushes back on the ethical and regulatory risks, including OFAC sanctions exposure and the debate over whether paying funds future attacks. The episode also covers the rise of insurance-mandated negotiation clauses and the emergence of boutique firms specializing in this high-stakes craft. A focused, numbers-driven look at one of the most controversial corners of modern cybersecurity. #RansomwareNegotiation #CybersecurityBusiness #CrisisManagement #IncidentResponse #Ransomware #EnterpriseSecurity #CyberInsurance #ThreatIntelligence #SecurityOperations #BusinessContinuity #CyberRisk #NegotiationStrategy #HealthcareCybersecurity #OFAC #ThirdPartyRisk #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  30. 20

    How Security Teams Are Using Breach Simulation to Find Gaps

    Episode 32 of Cybersecurity Business with Fexingo dives into breach and attack simulation (BAS) tools. Lucas and Luna explore how companies like Cymulate, AttackIQ, and SafeBreach are helping enterprise security teams continuously test defenses by automating attacks. They discuss a real-world case: a mid-sized financial firm that used BAS to identify a critical gap in its email security before a phishing campaign hit. The hosts break down how BAS differs from traditional penetration testing, why it's gaining traction among CISOs in 2026, and where the technology still falls short. They also touch on the business models behind these vendors, including how Cymulate raised $70 million in Series C funding in 2025. A concise, analyst-grade look at a rapidly evolving segment of cybersecurity. #BreachAndAttackSimulation #BAS #Cymulate #AttackIQ #SafeBreach #CybersecurityTesting #ContinuousSecurity #PurpleTeaming #SecurityValidation #EnterpriseDefense #CISO #PenetrationTesting #EmailSecurity #CyberResilience #SecurityAutomation #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  31. 19

    Why CISOs Are Mandating Unified Log Management

    Episode 31 of Cybersecurity Business with Fexingo digs into why enterprise security teams are consolidating log management under a single platform. Lucas and Luna examine the rise of observability giants like Splunk, Datadog, and Elastic, and how the shift from siloed SIEM tools to unified observability is reshaping CISO strategy and vendor relations. The episode focuses on a critical pain point: log data fragmentation. A 2023 survey found the average enterprise uses 16 different security monitoring tools, creating blind spots and slowing incident response. The hosts discuss how unified logging reduces mean time to detect from weeks to minutes, citing examples from a major financial services firm that cut detection time by 80 percent after consolidating. They also cover the trade-offs: vendor lock-in, data retention costs, and the tension between centralization and team autonomy. No marketing fluff—just a clear look at a trend that's quietly redefining enterprise defense. #UnifiedLogManagement #CISO #Splunk #Datadog #Elastic #SIEM #Observability #EnterpriseSecurity #LogAggregation #MeanTimeToDetect #SecurityMonitoring #DataFragmentation #IncidentResponse #CyberDefense #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #Cybersecurity Keep every episode free: buymeacoffee.com/fexingo

  32. 18

    How Security Teams Use Zero Trust to Stop Supply Chain Attacks

    Episode 30 of Cybersecurity Business with Fexingo dives into how enterprises are adopting zero-trust architectures to defend against software supply chain attacks. Lucas and Luna examine the SolarWinds breach as a case study, then explore how companies like Google and Microsoft are implementing zero-trust principles — from verifying every identity to micro-segmenting networks. They discuss the role of identity security, continuous monitoring, and how zero trust is reshaping vendor risk management. Specific numbers: Google's BeyondCorp implementation reduced surface area by 80 percent. The episode closes with a forward look at zero-trust adoption trends through 2027. A perfect conversation for CISOs, IT leaders, and anyone responsible for enterprise defense. #ZeroTrust #SupplyChainAttack #SolarWinds #IdentitySecurity #Microsegmentation #BeyondCorp #Google #Microsoft #CISO #VendorRisk #EnterpriseSecurity #CyberDefense #NetworkSecurity #BusinessAndTechnology #Podcast #FexingoBusiness #BusinessPodcast #Cybersecurity Keep every episode free: buymeacoffee.com/fexingo

  33. 17

    How Identity Security Is Becoming the New Perimeter

    Lucas and Luna explore the shift from network-centric security to identity-centric defense. They discuss how the 2020 SolarWinds breach accelerated the adoption of zero-trust identity models, why Microsoft estimates identity attacks have risen by over 200 percent year-over-year, and how companies like Okta, Ping Identity, and Microsoft are competing in the identity security space. The episode drills into one specific case: how a Fortune 500 insurance company reduced credential-based breaches by 72 percent after deploying a continuous identity verification platform. Lucas breaks down the economics of identity security, including how the market is projected to grow from $17 billion in 2025 to over $30 billion by 2029. Luna asks whether legacy architectures like VPNs are truly obsolete and what small-to-midsize businesses should prioritize if they can't afford the full stack. The conversation closes with a reflection on whether identity will remain a standalone category or get absorbed into broader zero-trust platforms. #Cybersecurity #IdentitySecurity #ZeroTrust #Okta #Microsoft #PingIdentity #SolarWinds #Authentication #CyberAttacks #EnterpriseDefense #IAM #MultiFactorAuthentication #NetworkSecurity #CIAM #IdentityGovernance #BusinessSecurity #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  34. 16

    Why Cybersecurity Teams Are Using Threat Modeling to Fix Security Debt

    Episode 28 of Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense. Lucas and Luna dig into security debt — the accumulated vulnerabilities and outdated controls that plague enterprise environments — and how threat modeling is emerging as a structured approach to pay it down. They examine a real-world case: how one global bank used attack trees and data-flow diagrams to prioritize its most critical risks, saving an estimated $40 million in potential breach costs. The hosts break down the STRIDE and PASTA frameworks, explain why most security teams are drowning in unpatched issues, and debate whether threat modeling should be a full-time role or embedded into every sprint. A practical, specific episode for anyone building or running a security program. #Cybersecurity #ThreatModeling #SecurityDebt #EnterpriseSecurity #STRIDE #PASTA #RiskManagement #CISO #VulnerabilityManagement #AttackTrees #DataFlowDiagrams #SecurityArchitecture #DevSecOps #Compliance #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #CyberDefense Keep every episode free: buymeacoffee.com/fexingo

  35. 15

    How Security Teams Are Using Browser Isolation to Stop Phishing

    Phishing remains the number one attack vector, but a growing number of enterprises are adopting a radical approach: browser isolation. Instead of trying to detect malicious links, these systems run all web content in a remote container, so nothing dangerous ever reaches the endpoint. In this episode, Lucas and Luna break down how Cloudflare, Menlo Security, and Zscaler are competing in this space, how the technology actually works, and why some CISOs argue it's the only way to guarantee protection against zero-day phishing. They also discuss the trade-offs: latency, user experience, and the challenge of handling legacy web apps. If you've ever wondered why your security team blocks certain websites or how remote browsing fits into a zero-trust strategy, this episode gives you the concrete details. #BrowserIsolation #Phishing #Cybersecurity #ZeroTrust #Cloudflare #MenloSecurity #Zscaler #EnterpriseDefense #RemoteBrowsing #SecurityArchitecture #EndpointSecurity #WebSecurity #CyberAttackVector #CISO #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #SecurityCompanies Keep every episode free: buymeacoffee.com/fexingo

  36. 14

    How Cyber Insurance Premiums Are Reshaping Enterprise Security

    Episode 26 of Cybersecurity Business with Fexingo. Lucas and Luna explore how the cyber insurance market is driving significant changes in enterprise security practices. They examine the hardening of underwriting standards after the 2021 ransomware surge, with premiums rising 50-100% annually in 2022 and 2023 before stabilizing. The conversation focuses on how insurers now require specific controls like multi-factor authentication, endpoint detection response, and backup segmentation to qualify for coverage. Lucas breaks down the case of a mid-size manufacturing company that saw its premium jump from $150,000 to $350,000 after a near-miss ransomware event, forcing a $2 million security upgrade. They discuss the tension between insurance as a risk transfer tool and as a de facto compliance framework, and whether the industry is moving toward mandated minimum standards. The hosts also touch on the data-sharing ecosystem between insurers and security vendors, and the potential for cyber insurance to mirror workers' comp in shaping corporate behavior. A concrete, numbers-driven look at the intersection of risk management and cyber defense. #CyberInsurance #EnterpriseSecurity #Ransomware #RiskManagement #Underwriting #MultiFactorAuthentication #EndpointDetection #BackupSegmentation #InsurancePremiums #Cybersecurity #Business #Technology #FexingoBusiness #BusinessPodcast #SecurityCompanies #Breaches #EnterpriseDefense #CyberRisk Keep every episode free: buymeacoffee.com/fexingo

  37. 13

    How Cybersecurity Insurance Is Reshaping Enterprise Risk Strategy

    Episode 25 of Cybersecurity Business with Fexingo examines the shifting dynamics of cybersecurity insurance. Lucas and Luna explore how rising premiums and stricter underwriting requirements are forcing enterprises to adopt stronger security controls. They discuss the case of a midsize logistics company that saw its cyber insurance premium triple after a ransomware attack, and how insurers now mandate specific defenses like multi-factor authentication and endpoint detection before issuing policies. The episode also covers the growth of the cyber insurance market, which according to a 2025 report from the Insurance Information Institute reached $14 billion in direct written premiums in the US, and how carriers are using third-party security ratings to assess risk. Lucas and Luna debate whether insurance is driving genuine security improvements or just creating a compliance checkbox, and what the trend means for CISOs and security vendors. The conversation includes a natural break for listener support before wrapping up with a look at the emerging role of cyber risk quantification tools. #CybersecurityInsurance #EnterpriseRisk #CyberRiskManagement #InsurancePremium #CISO #Ransomware #MultiFactorAuthentication #EndpointDetection #SecurityRatings #CyberInsuranceMarket #RiskQuantification #BusinessAndTechnology #EnterpriseDefense #CyberResilience #InsuranceUnderwriting #FexingoBusiness #BusinessPodcast #Cybersecurity Keep every episode free: buymeacoffee.com/fexingo

  38. 12

    How Security Teams Are Using Automated Patch Management to Defend Against Zero-Day Attacks

    Episode 24 of Cybersecurity Business with Fexingo examines the shift from manual patching to automated patch management in the race against zero-day exploits. Lucas and Luna break down the economics of patching: the average enterprise has 200,000+ endpoints and takes 97 days to patch a critical vulnerability, while attackers can weaponize a flaw in 15 days. They explore how companies like CrowdStrike, Rapid7, and Automox are building automation tools that cut patch cycles to under 24 hours. The hosts discuss the pressure from cyber insurance carriers who now mandate patching SLAs, the rise of virtual patching for legacy systems, and the trade-offs around change management risk. A concrete takeaway: every day a critical patch is delayed costs a typical large enterprise an estimated $1.2 million in breach exposure. The episode closes with a natural call for listener support to keep the show ad-free. #PatchManagement #ZeroDay #VulnerabilityManagement #CrowdStrike #Rapid7 #Automox #CyberInsurance #VirtualPatching #ChangeManagement #CISO #EnterpriseSecurity #ITOperations #Automation #SecurityEconomics #BreachPrevention #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  39. 11

    How Cybersecurity Companies Are Adopting the CISO as a Service Model

    Episode 23 of Cybersecurity Business with Fexingo dives into the rise of virtual CISO (vCISO) services — why mid-sized companies are outsourcing their security leadership to firms like Coalfire and SecurityScorecard. Lucas and Luna break down how the vCISO market grew to over $1.5 billion in 2025, the economics of fractional security executives, and what this means for enterprise defense. They also explore the challenges: liability gaps, culture clashes, and whether a part-time CISO can truly own a breach. A concrete look at a fast-growing business model reshaping how companies buy security expertise. #Cybersecurity #BusinessAndTechnology #vCISO #SecurityLeadership #OutsourcedSecurity #Coalfire #SecurityScorecard #CISO #EnterpriseSecurity #CyberBusiness #FractionalExecutive #RiskManagement #Compliance #SecurityStrategy #MidMarket #CyberDefense #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  40. 10

    Why OT Security Is the Next Frontier for CISOs

    Episode 22 of Cybersecurity Business with Fexingo explores why operational technology (OT) security has become the most urgent priority for enterprise CISOs. Lucas and Luna examine the Colonial Pipeline ransomware attack as a turning point, then drill into a specific case: a 2025 water-treatment facility breach in Florida where attackers manipulated chemical controls via the same network as the HVAC system. They discuss the scale of the challenge — an estimated 3.5 million exposed OT devices globally, according to a 2025 Dragos report — and why traditional IT security tools fail in environments running legacy PLCs and SCADA systems. Luna asks whether convergence with IT security is realistic or a pipe dream. Lucas breaks down the shift from air-gapped to connected OT, the rise of OT-specific detection and response tools from companies like Dragos and Nozomi Networks, and why the SEC's new incident disclosure rules are forcing board-level attention. The episode closes with a look at how OT security is reshaping M&A strategy for industrial firms. #OTSecurity #OperationalTechnology #IndustrialCybersecurity #SCADA #PLCs #CriticalInfrastructure #VendorRisk #Convergence #Dragos #NozomiNetworks #SECRules #CyberInsurance #IndustrialIoT #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #CyberPodcast #NetworkSecurity Keep every episode free: buymeacoffee.com/fexingo

  41. 9

    Why Security Teams Are Moving to EDR

    Endpoint Detection and Response (EDR) is rapidly replacing traditional antivirus in enterprise security. In this episode, Lucas and Luna break down why the shift is happening, using CrowdStrike's Falcon platform as a case study. They discuss how EDR differs from signature-based antivirus, the role of AI in detecting novel threats, and the financial calculus behind the transition. Lucas shares a specific stat: global EDR spending is projected to hit $5.6 billion by 2028, up from $2.1 billion in 2023. Luna pushes back on the idea that EDR is a silver bullet, highlighting common implementation failures. The episode also touches on the cultural resistance within IT teams and why some companies still cling to legacy antivirus. Concrete examples include how a mid-sized retailer avoided a ransomware attack by catching it at the endpoint level. The show ends with a question about where EDR goes next as AI-generated malware becomes more sophisticated. #EDR #EndpointDetectionAndResponse #CrowdStrike #Falcon #Antivirus #Cybersecurity #EnterpriseSecurity #AISecurity #Malware #Ransomware #ThreatDetection #BehavioralAnalysis #SIEM #BusinessAndTechnology #Podcast #FexingoBusiness #BusinessPodcast #SecurityOperations Keep every episode free: buymeacoffee.com/fexingo

  42. 8

    Dark Web Marketplaces Are the New Enterprise Threat Intel Source

    Episode 20 of Cybersecurity Business with Fexingo explores how security teams are turning to dark web marketplaces—sites like Russian Market and Genesis—as a legitimate source of threat intelligence. Lucas and Luna unpack a concrete case: how a Fortune 500 retail company detected a credential dump on a dark web forum before it was used in an attack, saving an estimated $4 million in potential damages. They discuss the economics of stolen data (a corporate VPN credential sells for $12 on average), the ethical gray zone of monitoring illegal markets, and why companies like Recorded Future and Flashpoint now employ former hackers to crawl these forums. The episode also touches on the tension between passive monitoring and active engagement, and what it means for enterprise defense in mid-2026. If you're a security leader or operator, this is a practical look at how threat intel is evolving beyond CVEs and IoCs. #DarkWeb #ThreatIntelligence #CyberSecurity #RecordedFuture #Flashpoint #RussianMarket #GenesisMarket #CredentialDump #Fortune500 #EnterpriseDefense #CyberThreats #DataBreach #OSINT #Business #Technology #FexingoBusiness #BusinessPodcast #CyberSec Keep every episode free: buymeacoffee.com/fexingo

  43. 7

    How Cybersecurity Teams Are Using Deception Technology

    Most cybersecurity spending goes toward keeping attackers out — but what if you invited them in and watched what they did? This episode explores deception technology, a strategy where security teams plant fake credentials, decoy servers, and honeytokens to catch intruders already inside the network. Lucas walks through a real 2025 deployment at a Fortune 500 retailer that detected a ransomware crew within 17 minutes using breadcrumbs planted months earlier. Luna pushes back on the cost and complexity, and they dig into the numbers: companies using layered deception see median dwell time drop from 212 days to under 48 hours. They also discuss the rise of commercial deception platforms from companies like Illusive Networks and Attivo Networks, and why the approach works especially well against human-operated ransomware. Plus: how the show stays ad-free. #DeceptionTechnology #CyberDeception #Honeytokens #ThreatDetection #RansomwareDefense #DwellTime #CyberStrategy #IllusiveNetworks #AttivoNetworks #Fortune500 #EnterpriseSecurity #IncidentResponse #ZeroTrust #Business #Technology #FexingoBusiness #BusinessPodcast #CyberPodcast Keep every episode free: buymeacoffee.com/fexingo

  44. 6

    How Cyber Thieves Are Using Open Source Intelligence

    Open source intelligence, or OSINT, is a powerful tool for both security researchers and cybercriminals. In this episode, Lucas and Luna explore how thieves use publicly available data — from social media to corporate websites — to plan targeted attacks. They walk through a real example: how a mid-sized healthcare firm was breached after an OSINT probe revealed an employee's vacation photos and a forgotten server login page. Lucas explains the key techniques attackers use, like harvesting email formats, scanning job boards for tech stacks, and using Google dorks to find exposed documents. Luna discusses what security teams can do to counter OSINT threats, including reducing digital footprints, monitoring data brokers, and building a threat intelligence feedback loop. The episode also covers the ethics of OSINT in the cybersecurity market, from background checks to pentesting. No hype, just a concrete breakdown of how open data fuels modern breaches — and how to defend against it. #OSINT #OpenSourceIntelligence #CyberThreats #DataBrokers #SocialEngineering #CyberDefense #ThreatIntelligence #DarkWeb #GoogleDorking #AttackSurface #SecurityAwareness #EnterpriseSecurity #BusinessAndTechnology #CyberRisk #FexingoBusiness #BusinessPodcast #LucasAndLuna #PodcastEpisode Keep every episode free: buymeacoffee.com/fexingo

  45. 5

    How Security Companies Are Building Cyber Threat Intelligence Feeds

    Lucas and Luna explore the business behind cyber threat intelligence feeds—the data products that power enterprise defense. They break down how companies like Recorded Future, Mandiant, and CrowdStrike collect, analyze, and sell threat data, with a specific look at Recorded Future's $1.9 billion sale in 2025. The episode also touches on the rise of open-source alternatives like MISP and how smaller security teams can leverage intelligence without breaking the bank. A concrete look at a $20 billion market that most people don't realize exists behind the scenes of cybersecurity. #CyberThreatIntelligence #RecordedFuture #Mandiant #CrowdStrike #MISP #Business #Technology #Cybersecurity #Podcast #FexingoBusiness #BusinessPodcast #EnterpriseDefense #ThreatIntel #SecurityData #OpenSourceSecurity #CTI #ThreatAnalysis #SecurityOperations Keep every episode free: buymeacoffee.com/fexingo

  46. 4

    How Attackers Are Using AI for Social Engineering

    In this episode of Cybersecurity Business with Fexingo, Lucas and Luna explore the growing threat of AI-powered social engineering attacks. Unlike traditional phishing that relies on spelling errors and generic messages, attackers now use generative AI to craft personalized, grammatically perfect emails that mimic trusted contacts. Lucas breaks down a real case from early 2026 where an employee at a mid-sized financial firm received a deepfake voice call from their CEO — or so they thought. The episode covers why traditional security awareness training is becoming obsolete, how companies are fighting back with AI-based detection tools, and what the future of human-centric security looks like. Listeners will learn one concrete metric: AI-generated phishing emails now have a click-through rate of 32 percent, compared to 3 percent for traditional phishing. #AISocialEngineering #Cybersecurity #Phishing #DeepfakeThreat #GenerativeAI #EnterpriseSecurity #Business #Technology #AttackSurface #SocialEngineering #SecurityAwareness #AIinCybersecurity #ZeroTrust #LucasAndLuna #FexingoBusiness #BusinessPodcast #CyberDefense #Podcast Keep every episode free: buymeacoffee.com/fexingo

  47. 3

    How Security Orchestration Is Saving Enterprise Security Teams

    Episode 15 of Cybersecurity Business with Fexingo explores security orchestration, automation, and response (SOAR) — a technology stack that connects disparate security tools into a single workflow. Lucas and Luna break down how SOAR platforms like Splunk Phantom and Palo Alto Networks' Demisto are helping overstretched security operations centers (SOCs) triage alerts faster, reduce mean-time-to-respond from hours to minutes, and cut false-positive fatigue. They use the real-world example of a mid-tier financial services firm that consolidated 12 point products into one SOAR playbook, slashing incident response costs by 40 percent. The conversation also touches on the tension between automation and analyst discretion, and why SOAR adoption is accelerating in 2026 as AI-augmented playbooks become more common. This is a targeted look at a practical, fast-growing corner of enterprise cybersecurity. #SecurityOrchestration #SOAR #SplunkPhantom #PaloAltoNetworks #Demisto #SIEM #EnterpriseSecurity #SOC #Automation #IncidentResponse #Playbooks #ThreatIntelligence #Business #Technology #FexingoBusiness #BusinessPodcast #CybersecurityBusiness #Podcast Keep every episode free: buymeacoffee.com/fexingo

  48. 2

    The Hidden Danger of Data Brokers in Cybersecurity

    Lucas and Luna explore the under-discussed role of data brokers in the cybersecurity landscape. They focus on the 2023 breach of a major data broker that exposed the personal information of hundreds of millions of people, and how the aggregation of data by these companies creates a single point of failure for enterprises. The hosts discuss how security teams are now auditing their data-sharing practices and why regulators are beginning to scrutinize the data broker industry. They also touch on the business model of data brokers and how it conflicts with enterprise security goals. #DataBrokers #Cybersecurity #DataBreach #Privacy #EnterpriseSecurity #SupplyChainRisk #Regulation #FTC #CaliforniaConsumerPrivacyAct #CCPA #SecurityAudit #ThirdPartyRisk #DataAggregation #IdentityTheft #PersonalData #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

  49. 1

    How Nation-State Hackers Are Targeting Critical Infrastructure

    In this episode of Cybersecurity Business with Fexingo, Lucas and Luna explore how nation-state hackers are increasingly targeting critical infrastructure—power grids, water systems, and hospitals. They break down the recent Colonial Pipeline attack, the rise of state-sponsored groups like APT29 and APT33, and how companies are fighting back with new defense strategies. Specific numbers and cases ground the conversation, including a look at how the US government's CISA agency is coordinating response efforts. The hosts also discuss the talent gap in industrial cybersecurity and what it means for enterprise defense spending. #NationStateHackers #CriticalInfrastructure #ColonialPipeline #APT29 #APT33 #CISA #IndustrialCybersecurity #Cybersecurity #EnterpriseDefense #BusinessPodcast #FexingoBusiness #SecurityCompanies #Breaches #InfrastructureSecurity #GovernmentHackers #Ransomware #CyberDefense #Podcast Keep every episode free: buymeacoffee.com/fexingo

  50. 0

    How Cybersecurity M&A Is Reshaping the Industry

    In this episode of Cybersecurity Business, Lucas and Luna explore the consolidation wave reshaping the cybersecurity industry through mergers and acquisitions. They focus on a specific case: Palo Alto Networks' acquisition of Cato Networks in late 2025 for $2.8 billion, a deal that signaled the convergence of network security and secure access service edge (SASE). Lucas explains the strategic rationale behind the acquisition, how it fits into Palo Alto's platform strategy, and what it means for enterprises evaluating security vendors. Luna pushes back on whether consolidation reduces competition and innovation, and they discuss the implications for smaller security startups. The episode also examines broader M&A trends, including the role of private equity and the rising valuations of cybersecurity companies. Listeners will gain a concrete understanding of why M&A is accelerating and how to evaluate vendor lock-in risks. A brief listener support segment is included near the end. #CybersecurityM&A #PaloAltoNetworks #CatoNetworks #SASE #NetworkSecurity #SecurityConsolidation #VendorLockIn #PrivateEquity #CybersecurityValuations #PlatformStrategy #BusinessAndTechnology #MergersAndAcquisitions #EnterpriseSecurity #SecurityStartups #TechDeals #FexingoBusiness #BusinessPodcast #Cybersecurity Keep every episode free: buymeacoffee.com/fexingo

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Lucas and Luna examine the business of cybersecurity: the companies that build defenses, the breaches that expose weaknesses, and the enterprise strategies that determine who survives a digital siege. Each episode dissects one security vendor's financial filings, contract wins, and R&D spend — CrowdStrike versus Palo Alto Networks, the Okta identity saga, how SentinelOne's AI detection affects its gross margins. They walk through actual breach post-mortems (Colonial Pipeline, SolarWinds, MOVEit) and ask: what did the insurance payout look like, which C-suite roles took the blame, and how did the stock move? Lucas reads directly from SEC filings and earnings call transcripts; Luna presses on competitive moats, customer churn, and the cost of zero-day exploits. The show serves investors tracking the cybersecurity ETF, CISOs benchmarking vendor spend, and product managers who need to understand how boardroom risk appetite translates into line-item budgets. Conversations stay grounded in m

HOSTED BY

Fexingo

CATEGORIES

Frequently Asked Questions

How many episodes does Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense have?

Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense currently has 50 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense about?

Lucas and Luna examine the business of cybersecurity: the companies that build defenses, the breaches that expose weaknesses, and the enterprise strategies that determine who survives a digital siege. Each episode dissects one security vendor's financial filings, contract wins, and R&D spend —...

How often does Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense release new episodes?

Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense has 50 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense?

You can listen to Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense?

Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense is created and hosted by Fexingo.
URL copied to clipboard!