Security You Should Know

In this episode, Ryan Lloyd, Chief Product Officer at Guardsquare, explains how the platform combines code obfuscation, runtime integrity checks, and real-time threat monitoring to secure mobile apps at the binary level, integrated directly into the CI/CD pipeline. Joining him are TC Niedzialkowski, Head of IT & Security at Opendoor, and Montez Fitzpatrick, CISO at Navvis. Want to know: Why does organizational apathy around mobile app security persist even as mobile becomes the primary customer channel? What's the difference between app integrity and code integrity, and why does it matter for defending against repackaging attacks? How does obfuscation function as a real security control rather than just security through obscurity? How does Guardsquare fit into the CI/CD pipeline, and what does the actual build overhead look like for development teams? What API and webhook capabilities exist for routing threat monitoring data into your existing security stack? How does Guardsquare's mobile app attestation model bind server-side APIs to verified legitimate app instances — and why does that matter for stopping bots and credential theft? Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

In this episode, Ori Eisen, founder and CEO at Trusona, makes a case for getting out of the AI detection arms race entirely. He argues that trying to catch AI-generated fakes with AI detection is the antivirus playbook, and we know how that ends. Trusona instead anchors verification to authoritative sources, DMV records and physical-world signals, things AI can mimic on screen but can't actually own. No pre-registered devices required. And it works in both directions: attackers calling your help desk, and attackers calling your employees while pretending to be IT. Joining him are Eduardo Ortiz, VP and Global Head of Cybersecurity at Techtronic Industries, and Mandy Huth, SVP and CISO at Ultra Clean Technology. Want to know: Why do MFA and SSO still leave gaps attackers walk right through? How Trusona verifies identity with no pre-registered devices or tokens? Why building AI detection on top of AI fakes is a losing strategy? How is a false rejection rate of zero achievable without locking out real employees? What deployment actually looks like, and how fast you can be live? Which departments beyond IT need identity verification, and where do you start? How to measure the business value of this beyond just counting blocked account takeovers? Why is a solid help desk protocol still not enough on its own? Huge thanks to our sponsor, Trusona GenAI supercharges identity impersonation and social engineering attacks – rendering legacy identity verification methods obsolete, especially in high-risk workflows like IT Help Desk password/MFA resets, vendor payment changes, remote employee hiring, or customer account access. Trusona ATO Protect empowers your team to thwart these attacks across business units and channels. GenAI supercharges identity impersonation and social engineering. It's rapidly eroding traditional authentication, especially in high-risk workflows like help desk password or MFA resets, vendor payment changes, remote employee hiring, and customer account access.   Trusona's ATO Protect addresses deepfakes and social engineering directly—without adding friction or relying on legacy MFA.

All links and images can be found on CISO Series. In this episode, Raj Patil, CTO at enQase, explains how enQase's full-stack platform helps enterprises implement quantum-safe security through a structured, integrated approach. This covers everything from cryptographic asset discovery and governance to out-of-band key generation for network appliances, without requiring organizations to rip and replace existing infrastructure. Joining him are Ross Young, co-host at CISO Tradecraft, and Adam Palmer, CISO at First Hawaiian Bank. Want to know: Why is the post-quantum cryptography transition harder than simply implementing new standards? What three factors should frame every CEO conversation about quantum risk? Where should a highly regulated enterprise start, and what can reasonably wait three to five years? Why should we be planning for "harvest now, decrypt later" attacks right now? How do you build and track a cryptographic bill of materials across hundreds of applications and devices? Why is crypto agility more important than picking the perfect algorithm? Huge thanks to our sponsor, enQase The enQase Platform empowers enterprises, defense organizations, cloud providers, and critical infrastructure operators to seamlessly adopt quantum-safe technologies while achieving crypto agility across their ecosystems.  By combining quantum-grade hardware with software-defined control and interoperability, enQase ensures alignment with NIST standards, delivers unmatched flexibility and compliance readiness, and reduces risk across data, network, and compute layers, all while maintaining business continuity and operational resilience in an evolving cryptographic landscape. Learn more at enqase.com.

All links and images can be found on CISO Series. In this episode, Jamie Zajac, Chief Product Officer at Recorded Future, explains how autonomous threat operations can close this gap by automatically deploying intelligence across security controls at machine speed. Joining him are Dan Holden, CISO at Commerce, and Arvin Bansal, CISO at C&S Wholesale Grocers. Want to know: Why do organizations still struggle to operationalize threat intelligence despite massive investments? How does threat intelligence translate into board-level metrics that demonstrate business impact? What do autonomous threat operations mean and how do they differ from traditional threat intelligence? How can intelligence drive faster incident response and more efficient SOC operations? Why third-party risk intelligence matters more than vendor questionnaire scores? How AI is changing the threat landscape and what defenders should prioritize? What does the future of threat intelligence look like in two years? How to use intelligence for policy decisions and budget building, not just tactical blocking? A huge thanks to our sponsor, Recorded Future Recorded Future is the world's largest threat intelligence company, serving 1,900+ organizations across 80 countries. Its Intelligence Graph® contains 200+ billion nodes of threat data, combining AI analytics with autonomous capabilities to transform manual threat intelligence into automated Intelligence Operations across security ecosystems. Recorded Future was acquired by Mastercard (NYSE: MA) in 2024. Learn more at https://pages.recordedfutureext.com/

All links and images can be found on CISO Series. In this episode, Alastair Paterson, CEO and co-founder at Harmonic Security, explains how Harmonic Protect addresses these challenges by securing workforce AI adoption through browser-based visibility, endpoint agents, and MCP gateways. Joining him are Ross Young, co-host at CISO Tradecraft, and Johna Till Johnson, CEO and founder at Nemertes. Want to know: Why are enterprises still struggling with AI governance despite years of motivation to solve it? How does Harmonic keep pace with 50,000+ AI products when the landscape changes monthly? What's the difference between visibility, coaching, and blocking in AI governance? How do you implement AI controls without creating thousands of new alerts for security teams? Where does Harmonic fit in the multi-step process of setting policy, monitoring compliance, and enforcement? How can CISOs measure the ROI of AI governance tools and benchmark against industry peers? What's Harmonic's strategy with secure AI browsers? Why should AI browsers be blocked by default in the enterprise? What should CISOs prioritize for AI security in 2026? Huge thanks to our sponsor, Harmonic Security As every employee adopts AI in their work, organizations need control and visibility. Harmonic Security delivers AI Governance and Control, the intelligent control layer that secures and enables the AI-First workforce. By understanding user intent and data context in real time, Harmonic gives security leaders all they need to help their companies innovate at pace. Learn more at www.harmonic.security.      

In this episode, Peter Worth, founder, president, and CEO at Athena Security, explains how their security operations platform addresses these challenges through unified detection and response. Joining him are Jason Taule, CISO at Luminous Health, and Will Gregorian, head of security at Galileo Medical. Want to know: Why are security teams still struggling with alert fatigue despite decades of awareness? How does security product fragmentation create blind spots in enterprise defense? What's the difference between indicators of compromise and indicators of attack? How do AI anomaly detection systems avoid declaring malicious activity "normal"? What strategies prevent model drift and adversarial poisoning in AI-based threat detection? Why does each client need their own behavioral baseline model? How do open source foundations impact enterprise security platform reliability? Why are CISOs increasingly held personally accountable for security incidents? Huge thanks to our episode sponsor, Athena Security Group   Athena Security Group delivers a best in class, AI enabled, Cyber Defense solution (SIEM, EDR, XDR & MDR) on top of Wazuh's award winning open-source SIEM/EDR platform, synthesizing and consolidating cyber security alert management and response across the entire security operations landscape, facilitating intelligent and efficient cybersecurity decision making and response for the modern enterprise, table stakes in the age of AI.

In this episode, Franz Fiorim, field CTO at Trend Micro, explains how Trend Vision One consolidates multiple cloud security tools across AWS, GCP, Azure, Oracle Cloud, and Alibaba Cloud to streamline management, automate controls, and reduce integration overhead. Joining him are Nick Espinosa, host of the Deep Dive Radio Show, and Jason Shockey, CSO at Cenlar FSB. Want to know: Why do organizations still struggle with cloud visibility despite years of cloud adoption? How does Trend Micro reconcile security visibility with privacy laws across different jurisdictions? What security frameworks does Trend Micro use to measure and define acceptable risk? How does cyber risk quantification tie technical security metrics to business impact analysis? What questions help determine the financial impact of potential security incidents? How long does implementation take for fully cloud versus hybrid environments? What safeguards prevent overdependence on a single security vendor? Where does Trend Micro draw the line between automated decision-making and human oversight? How does Trend Micro protect AI infrastructure and prevent sensitive data exposure in prompts? Huge thanks to our sponsor, Trend Micro   Cloud risk never sleeps. That's why there's Trend Vision One™ Cloud Security. Gain comprehensive visibility and control over your multi-cloud and hybrid environments. Streamline compliance, manage risks proactively, and enhance operational efficiency with real-time risk assessments, automated vulnerability management, and centralized dashboards. Ensure robust protection and peace of mind for your cloud assets with the trusted leader in CNAPP.    

All links and images can be found on CISO Series. In this episode, Benny Lakunishok, co-founder and CEO at Zero Networks, explains how their automated approach to microsegmentation addresses these challenges by putting a network bubble around every asset, from clients and servers to OT devices and cloud resources, without requiring agents or breaking existing environments. Joining him are Shaun Marion, vp and CSO at Xcel Energy, and Doug Mayer, vp and CSO at WCG. Want to know: Why does complexity make lateral movement such a persistent problem despite years of awareness? How can microsegmentation be deployed at scale without becoming a massive science project? How does Zero Networks handle MFA and privileged access management across all asset types? What happens if there's already a threat living in your environment during the learning phase? How to segment OT environments that use different protocols beyond standard IT systems? Can automated learning really create accurate policies without extensive human intervention? How does network segmentation fit into AI capabilities and hybrid cloud strategies? What's the real-world experience of customers who've deployed automated microsegmentation? Huge thanks to our sponsor, Zero Networks Zero Networks enables organizations to dynamically microsegment 90%+ of their networks in 90 days. The result? A self-defending, resilient network where defenders act with confidence, auditors gain clear assurance, and business operations continue uninterrupted. Step into the Era of the Defender with Zero – get a demo HERE.

All links and images can be found on CISO Series. Traditional identity systems authenticate credentials and devices, but they can't verify who's actually behind them. Attackers use AI-generated IDs and deepfake videos to pass background checks, then clone voices to reset MFAs at the help desk. Identity has become the primary attack surface, and existing IAM platforms still trust the human layer far too easily. In this episode, Fernanda Sottil, Senior Director of Strategy at Incode Technologies, explains how their solution adds a real-world identity layer that integrates seamlessly with existing IAM systems. Joining her are Nick Espinosa, host of the Deep Dive radio show and Bozidar Spirovski, CISO at Blue Dot. Questions answered on the show: How does Incode comply with GDPR when training AI models on employee facial data? What happens when legitimate users get blocked, especially job candidates? How does Incode maintain accuracy across 4,600 document types in 200 countries? Can organizations see error rates and override the system when needed? How quickly can Incode patch new attack vectors as adversarial threats evolve? Huge thanks to our sponsor, Incode Technologies Incode Workforce helps enterprises stop deepfakes, prevent fraud, and secure every identity moment. By matching an ID to a selfie with AI-powered biometrics, Incode confirms the real person behind each IAM interaction, safeguarding onboarding, access, and recovery with frictionless verification that ensures workforce security and trust at scale.

All links and images can be found on CISO Series. Modern application security has become a tangled mess of VPNs, proxies, DLP, CASBs, and remote browser tools—all creating friction for users and security teams alike. The root issue? Browsers were built for consumers, not enterprise security, forcing organizations to pile on complexity that undermines both protection and performance. In this episode, Braden Rogers, chief customer officer at Island, explains how their enterprise browser platform rethinks application delivery by building security services natively into the browsing experience. Joining him are Nick Ryan, former CISO, and Janet Heins, CISO at ChenMed. Want to know: How do you explain this approach to your CEO in plain English? What's the real architecture difference between enterprise browsers and traditional VDI? How do you deploy a new browser to 20,000 users without change management chaos? What happens to your existing security stack when you add an enterprise browser? Can users access personal apps while keeping corporate data protected? What's the offline experience when cloud services fail? How does this handle the surge of AI tools in your organization? What's the difference between browser enforcement and a full enterprise browser? How do you apply different security controls without overwhelming users? What does vendor support actually look like from pilot to production? Huge thanks to our episode sponsor, Island   What if you no longer had to bolt agents, proxies, and gateways onto browsers? Island, the Enterprise Browser, embeds core security, IT, and productivity into the workspace. Intelligent boundaries keep data where it belongs. Orgs have full visibility into all work. And users enjoy a fast, smooth, and productive experience. Learn more at Island.io

Watch our demo with Imprivata on our site. In this episode, Chip Hughes, chief product officer at Imprivata, explains how the company addresses shared access management challenges with specialized solutions that prioritize both security and user experience. Joining him are Kathleen Mullin, former CISO at MyCareGorithm, and Howard Holton, CEO at GigaOm. Want to know: Why does shared access management remain such a persistent challenge across industries? What does Imprivata's solution actually do versus traditional IAM tools? How does passwordless authentication work in high-security, high-speed environments? What authentication modalities beyond badges are organizations adopting? How can organizations integrate access management across devices, operating systems, and applications? What are the unique access challenges in healthcare, law enforcement, and manufacturing? Can shared mobile devices provide enterprise-grade security while reducing hardware costs? Huge thanks to our sponsor, Imprivata Imprivata delivers solutions that provide simple and secure access management for healthcare and other mission-critical industries to ensure every second of crucial work is both frictionless and secure. Imprivata solves complex security, workflow, and compliance challenges with solutions that facilitate seamless user access, protect against internal and external security threats, and reduce total cost of ownership. Learn more at https://www.imprivata.com/

All links and images can be found on CISO Series. Identity has become the Gordian knot of cybersecurity. Threat actors no longer need to break in. They log in. As organizations manage increasingly complex ecosystems spanning cloud, on-premises, and hybrid environments, the challenge isn't just understanding who has access to what. It's about understanding how an attacker could chain together seemingly innocent permissions to escalate from an initially compromised user to full environment control. The problem is compounded by privilege creep, where employees accumulate access over time as roles change and exceptions pile up without systematic review. Traditional security tools excel at protecting identities at rest or governing access for individual users. Still, they often miss the needle in the haystack: the cascading attack paths that adversaries actively exploit. In this episode, Justin Kohler, chief product officer at SpecterOps, explains how Bloodhound Enterprise addresses these challenges by proactively uncovering and eliminating attack paths before adversaries can exploit them, transforming abstract permissions into visual maps that show precisely how attackers could move through your environment. Joining him are Angela Williams, SVP and CISO at UL Solutions, and Brett Conlon, CISO at American Century Investments. Want to know: Why does identity security remain such a persistent challenge for organizations? What attack path management actually does versus traditional identity governance tools? How does Bloodhound Enterprise complement other solutions in your stack? How to visualize and prioritize the attack paths that matter most? What emerging identity-based threats should CISOs prioritize over the next 12 months? How has the definition of "identity" evolved beyond just human users? Can continuous attack path mapping keep pace with dynamic cloud environments? Huge thanks to our sponsor, SpecterOps SpecterOps' 2025 State of Attack Path Management report reveals how technical debt transforms into identity risk and provides actionable strategies for security teams. Drawing insights from the creators of BloodHound, this report outlines proven methods for strengthening identity directory security to prevent costly breaches. Learn more at https://specterops.io/.  

All links and images can be found on CISO Series. Earning and maintaining customer trust has become increasingly complex as organizations struggle with manual, repetitive security review processes that frustrate customers and slow revenue cycles. Despite decades of talking about customer trust in security, companies still rely on outdated approaches like sending spreadsheets back and forth for questionnaires. The challenge isn't just about having strong security programs. It's how do you enable sales teams to move deals forward without constantly pulling security experts into routine questions. In this episode, Al Yang, CEO and Co-founder at SafeBase by Drata, explains how their trust center platform addresses these challenges by creating transparent, always up-to-date security portals that streamline NDAs, access requests, and security questionnaires through AI automation. Joining him are Dan Holden, CISO at Commerce, and Terry O'Daniel, former CISO at Amplitude. Huge thanks to our sponsor, SafeBase by Drata SafeBase by Drata is the leading Trust Center platform that helps companies showcase their security posture, streamline security reviews, and accelerate sales. By combining an enterprise-grade, customer-facing Trust Center with AI-powered Questionnaire Assistance, SafeBase enables organizations to share certifications, policies, and security documentation on demand while automating accurate, context-aware questionnaire responses. This reduces manual effort, shortens review cycles, and delivers the trust signals buyers need to move forward. Companies like Asana, Jamf, and OpenSpace use SafeBase to turn security transparency into a competitive advantage and make trust a growth driver. Learn more at https://safebase.io.

All links and images can be found on CISO Series. Misconfigurations represent one of cybersecurity's most persistent and damaging vulnerabilities. Organizations often fall into the trap of deploying tools with overly permissive "permit everything" default settings, only to struggle with the operational overhead required to lock them down properly. Every configuration change away from these permissive defaults requires extensive testing and validation, creating what amounts to a prohibitive tax on implementing proper security controls. Is it any surprise that teams leave dangerous temporary configurations in place indefinitely? In this episode, Rob Allen, chief product officer at ThreatLocker, explains how their Defense Against Configuration (DAC) solution addresses these challenges through automated daily security checks across Windows endpoints that identify common misconfigurations before they lead to breaches. Joining him are Andy Ellis, principal at Duha, and Montez Fitzpatrick, CISO at Navvis. The conversation explores how DAC's automated checks map misconfigurations against compliance frameworks, while ThreatLocker's broader platform consolidates multiple security functions into a single low-impact agent that can replace multiple endpoint tools. Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com

All links and images can be found on CISO Series. Organizations excel at generating massive volumes of unstructured data through recorded meetings. The struggle lies in extracting value from it. The reality is that most of this data is never touch again after its created. The temporal nature of voice communication creates unique challenges. These conversations capture real-time insights and concerns that are highly valuable for immediate decision-making. But traditional data management approaches fail to surface actionable intelligence before it becomes stale. In this episode, Joe Essenfeld, CEO and co-founder at FORA, explains how their platform addresses these challenges by automatically processing recorded meetings to generate personalized, contextual summaries while maintaining strict data privacy controls. Joining him are Howard Holton, CEO at GigaOm, and Derek Fisher, Director of Cyber Defense at Temple University. The conversation explores how FORA's AI-powered personalization engine creates individualized meeting cards based on organizational context and project involvement. The platform implements sophisticated filtering to remove personal banter and protects sensitive information through automated labeling systems that can detect IP discussions, HR-sensitive content, and accidental recordings. Huge thanks to our sponsor, FORA   Recorded meetings are the fastest-growing source of shadow data. FORA gives enterprises unified visibility and control—enforcing retention, access, and compliance across platforms. Security teams eliminate blind spots while employees gain powerful insights. With FORA, you know exactly what recorded data exists, where it's stored, and who can access it.  

All links and images can be found on CISO Series. In this episode, Rob Allen, chief product officer at ThreatLocker, explains how their Storage Control solution addresses these challenges by implementing program-level access restrictions that work alongside traditional user permissions. Joining him are Jonathan Waldrop, CISO-at-large, and Nick Ryan, former CISO at RSM. The conversation explores how ThreatLocker's endpoint-focused approach applies default-deny principles not just to what programs can run, but to what data they can access. This allows users to work normally while preventing unauthorized programs from reaching sensitive information. This streamlined block-request-approve process can resolve access needs within 60 seconds. Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment.  Threatlocker.com/CISO  

All links and images can be found on CISO Series. Asset visibility remains a persistent challenges in cybersecurity. Despite working on this challenge for decades, CISOs continue to struggle with knowing what assets exist in their environments, where they're located, and what risks they present. The problem has only intensified with dynamic cloud resources spinning up and down in seconds, APIs proliferating across environments, and third-party integrations creating complex dependency chain. Traditional scanning tools simply can't keep pace. In this episode, Franz Fiorim, Field CTO at Trend Micro, explains how their Cyber Risk Exposure Management (CREME) solution addresses these challenges through continuous asset discovery and risk prioritization across the entire attack surface. Joining him are Krista Arndt, Associate CISO at St. Luke's University Health Network, and Brett Conlon, CISO at American Century Investments. They discuss how CREME consolidates external attack surface management, cloud security posture management, and vulnerability remediation into a unified platform that discovers hidden assets through multiple methods including agentless cloud integrations, network discovery sensors, and third-party API connections. Huge thanks to our sponsor, Trend Micro Reduce cost, complexity, and tool sprawl by consolidating critical security and risk disciplines like External Attack Surface Management (EASM), Cloud Security Posture Management (CSPM), Vulnerability Risk Management (VRM), Identity Security Posture, Security Awareness and more into one cyber risk exposure management solution. CREM simplifies security and business operations to enable faster, more strategic risk reduction by replacing fragmented point solutions across these domains.

All links and images can be found on CISO Series. Most data breaches don't happen because attackers are geniuses. They happen because organizations give too much access to too many people for far too long. Despite decades of security frameworks and best practices, enforcing least privilege remains one of cybersecurity's most persistent challenges. The culprit isn't technology: it's politics. In this episode, Mokhtar Bacha, CEO of Formal, discusses how their granular privilege access management solution operates at the packet level to enforce least privilege across databases and APIs. Joining him are Howard Holton, COO and industry analyst at GigaOm, and Arvin Bansal, a Fortune 100 veteran CSO. The conversation tackles the truth about why access management fails, explores how AI agents are exploding the identity landscape, and examines whether automated policy enforcement can finally solve the political friction that has plagued privilege management for years. Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.  

All links and images can be found on CISO Series. In this episode, Simone Rapizzi, CSO at RedCarbon, explains how their AI-powered platform uses specialized models to automate threat detection and response while learning from each customer's unique environment. Joining him are Jonathan Waldrop, former CISO, and John Scrimsher, CISO at Kontoor Brands. Huge thanks to our sponsor, RedCarbon RedCarbon platform enables AI SOC: automates threat detection, incident analysis, and intelligence monitoring across SOCs. Operating 24/7, our AI Agents reduce analyst fatigue and accelerate response times. Seamlessly integrating with SIEM, EDR, and XDR platforms, RedCarbon enables scalable, cost-effective security, adding infinite AI Agents.

In this episode, Matt Hillary, CISO at Drata, explains how their AI-native trust management platform addresses these challenges by automating evidence collection from integrated systems and reducing manual effort by over 90%. Joining him are Mike Lockhart, CISO at EagleView, and Johna Till Johnson, CEO at Nemertes. We talk about how Drata's platform bridges the policy-execution gap through hundreds of out-of-the-box integrations, AI-assisted questionnaire responses that handle 90% of vendor due diligence automatically, and real-time control monitoring that enables GRC teams to operate more like security operations centers, responding quickly to control failures rather than simply passing audits. Huge thanks to our sponsor, Drata  AI at Drata is embedded across every layer, transforming GRC from a defensive necessity into a proactive business driver. With new Agentic AI innovations, MCP releases, and a long-term vision for AI-native trust management, Drata empowers security teams to work faster, reduce manual tasks, and deliver meaningful, scalable business impact. Learn more at Drata.com

SIEM costs are spiraling out of control for organizations. Increasing log volumes, longer compliance-driven retention requirements, and the habit of collecting everything "just in case," the list goes on. Traditional SIEM architecture forces painful choices between cost control and security visibility, with teams constantly fighting to keep log volumes down while still maintaining adequate coverage for investigations. In this episode, Cliff Crosland, co-founder and CEO of Scanner, explains how their data lake approach can reduce SIEM costs by 80-90% while giving organizations full custody of their data in their own cloud storage. Joining him are Nick Espinosa, host of the Deep Dive Radio Show, and Howard Holton, COO and industry analyst at GigaOm. In this episode: Data retention policies The fundamental challenge of managing growing log volumes over time How AI copilots are bridging the gap between security analysts and software engineers in detection workflows. Huge thanks to our sponsor, Scanner Traditional SIEMs are a tax on your security team—bloated, brittle, and budget-killing. Scanner.dev fixes this. Use it as your SIEM, or to supercharge the one you already have. Our AI co-pilot summarizes alerts, suggests next steps, and reduces noise—making analysts faster and smarter. See it in action at Scanner.dev.

All links and images can be found on CISO Series Security awareness is critical to cultivate in your organization. But security awareness training can often miss the mark. Traditional training is slow and reactive. As deepfakes and LLM-enhanced attacks become common, organizations need training solutions that can adapt and provide relevant training. In this episode, Brian Long, CEO of Adaptive Security, explains how their platform provides engaging training that can be customized in a matter of minutes. Joining him are Janet Heins, CISO at ChenMed, and Gary Chan, CISO at SSM Health. Huge thanks to our sponsor, Adaptive Security AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive's new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.

All links and images can be found on CISO Series. Wire fraud and payment security remain persistent challenges for organizations, with the FBI reporting a 33% increase in BEC losses between 2023 and 2024. The complexity of B2B payment processes creates multiple attack vectors that traditional email security solutions can't fully address. In this episode, Shai Gabay, co-founder and CEO of Trustmi, explains how their platform connects the dots across the entire payment ecosystem to prevent fraud before money leaves the organization. By integrating with existing payment workflows and leveraging AI to build behavioral baselines, Trustmi aims to eliminate the manual controls and siloed systems that make B2B payments vulnerable to attack. Joining him are Bethany De Lude, CISO Emeritus, and Adam Glick, CISO at PSG Equity. Huge thanks to our sponsor, Trustmi Eliminate socially engineered fraud with Trustmi's Behavioral AI platform. Empower IT and finance teams to detect BEC, vendor impersonation, and payment errors in real time—protecting your business and bottom line. Learn more at trustmi.ai.

Implmenting new technologies for the business is already a daunting task. Cloud and SaaS have made some of the implementation easier, but it also makes it easier to not fully comprehend the risks you're taking on. All it can take is a company credit card. Organizations struggle with shadow IT, misconfigurations, and unauthorized access across multiple cloud environments, often lacking visibility into their actual cloud assets. In this episode, Tyson Garrett, CTO of TrustOnCloud, explains how their platform provides constantly updated threat models for major cloud services, helping organizations implement controls based on their risk appetite. Joining him are Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University, and Davi Ottenheimer, vp, digital trust and ethics at Inrupt. Huge thanks to our sponsor, TrustOnCloud TrustOnCloud delivers actionable, continuously updated threat models for 220+ AWS, Azure, and GCP services. Empower CISOs and security teams to pinpoint risks, adapt controls, and accelerate secure cloud adoption. Stay ahead of cloud threats with research trusted by global systemic banks, enterprises, and governments. Learn more at TrustOnCloud.com

Security orchestration sounds great in theory, but in practice, coordinating between different security tools remains a headache. As workflows need to move faster to keep pace with AI-driven attacks, security professionals find themselves overwhelmed with manual "muck work" rather than focusing on business enablement. In this episode, Matt Muller, field CISO at Tines, explains how their no-code workflow automation platform helps security teams eliminate manual work that bogs them down. Joining him are Bil Harmer, information security advisor at Craft Ventures, and Brett Conlon, CISO at American Century Investments. Huge thanks to our sponsor, Tines   Build, run, and monitor your most important workflows with Tines. Tines' AI-enabled, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at Tines.com.

All links and information can be found on CISO Series. DLP can be a bit of a four-letter word in cybersecurity. False positives are a major problem with any traditional DLP solution because setting the right policy for your organization's needs is always a moving target. In this episode, Nitay Milner, co-founder and CEO of Orion Security, explains how they provide a "zero-policy" approach to DLP that brings in the missing piece of context to the category. Joining him are Steve Knight, former CISO at Hyundai Capital America, and Jack Kufahl, CISO at Michigan Medicine. Huge thanks to our sponsor, Orion Security Orion is the first AI-native DLP that prevents data exfiltration with a zero-policy approach. Powered by Orion's proprietary "Indicators of Leakage" AI engine, they automatically detect data incidents with context-aware accuracy - eliminating false positives and manual work. Orion brings a new approach to DLP - it's like EDR for your data. Already trusted by enterprises in finance, aviation, healthcare, and beyond. Learn more at https://orionsec.io  

Managing risk is the name of the game for a CISO. Quantification is a major part of that job, but it doesn't end there. Without a means of communicating that quantification to the rest of the business, quantification just adds to the noise. In this episode, UJ Desai, Senior Director of Product Management, Partner Programs at Qualys explains how they provide a comprehensive solution for the Risk Operations Center, with comprehensive ways to ingest data from your applications, make sense of the data, and give your organization the tools to make the right priorities with it. Joining him are our panelists, Montez Fitzpatrick, CISO at Navvis, and Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University. Huge thanks to our sponsor, Qualys     Cut through cybersecurity noise with Qualys Enterprise TruRisk Management. Quantify risk in financial terms, prioritize critical threats, and streamline remediation. Gain actionable insights for faster risk reduction and communicate business impact clearly to stakeholders. Empower your teams to measure, communicate, and eliminate cyber risk more effectively. Learn more at qualys.com/etm.

Security teams today are expected to manage two fronts—building and maintaining proactive defenses, and staying ready to respond at any moment to threats that slip through. But unless someone actively watches those alerts 24/7, your detection tools are expensive noise generators. In this episode, Rob Allen, chief product officer at ThreatLocker, lays out why their Cyber Hero® MDR offering is built not as a standalone security strategy, but as a complement to a deny-by-default, proactively hardened environment. With real-time visibility, flexible communication, one-click remediation, and human-backed support—not just automation—ThreatLocker's MDR offering is positioned to deliver value even when the alerts are quiet. Joining him are TC Niedzialkowski, head of IT and security at Opendoor, and Sasha Pereira, CISO at WASH. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Large language models are most useful to your business when they have access to your data. But these models also overshare by default, providing need-to-know information without sophisticated access controls. But organizations that try to limit the data accessed by an LLM risk undersharing within their organization, not giving the information users need to do their jobs more efficiently. In this episode, Sounil Yu, CTO at Knostic, explains how they address internal knowledge segmentation, offer continuous assessments, and help prevent oversharing while also identifying under-sharing opportunities. Joining him are our panelists, Ross Young, CISO-in-residence at Team8, and David Cross, CISO at Atlassian. Huge thanks to our sponsor, Knostic Knostic protects enterprises from LLM oversharing by applying need-to-know access controls to AI tools like Microsoft 365 Copilot. Get visibility into overshared data, fix risky exposures, and deploy AI confidently—without data leakage. If you're rolling out Copilot or Glean, you need Knostic.  

Unauthorized site access remains a significant security concern for organizations. But why does this issue persist, and how can it be effectively addressed? In this episode, Rob Allen, chief product officer at ThreatLocker, discusses the core functionality of ThreatLocker's Web Control solution: blocking access to unauthorized sites without meddling with DNS servers—a common pitfall among other tools. Rob explains that the simplicity of defining where employees can and cannot access is pivotal. This approach not only helps keep users away from malicious sites but also steers them clear of non-productive ones, thereby enhancing resource allocation. Rob is joined by our panelists, TC Niedzialkowski, Head of IT & Security at Opendoor, and Sasha Pereira, CISO, WASH. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Linux is the backbone of critical infrastructure, yet it often flies under the radar when it comes to endpoint monitoring. From legacy servers to embedded systems, Linux devices are frequently unprotected, either due to operational risk, overlooked assets, or the false assumption that Linux is "secure by default." In this episode, Craig Rowland, founder and CEO of Sandfly Security, introduces an agentless approach to EDR purpose-built for Linux systems. By operating over SSH and running rapid, randomized checks without traditional kernel hooks, Sandfly can monitor unprotected Linux endpoints, detect fileless and dormant attacks, and uncover SSH key-based lateral movement—all without tipping over sensitive systems. Joining Craig are Jerich Beason, CISO at WM, and Steve Zalewski, co-host of Defense in Depth, dive into where this solution fits in the broader Linux security conversation and why it might be the missing piece for OT and critical infrastructure teams. Huge thanks to our sponsor, Sandfly Security Sandfly delivers agentless Linux EDR that deploys instantly across all distributions and architectures - from cloud servers to embedded devices and legacy systems. Our platform detects evasive threats, monitors SSH keys, and identifies system drift without performance impacts. Comprehensive Linux security without the endpoint agent risk.

For years, patch management has been treated as a solved problem—until reality strikes. Outdated applications, portable executables, patch conflicts, and shadow software leave organizations unknowingly exposed. The tools may exist, but the process often breaks down. In this episode, Rob Allen, chief product officer at ThreatLocker, discusses why their new patch management solution goes beyond legacy approaches. With built-in patch packaging, pre-deployment testing, and granular control, the platform helps teams navigate complex environments while keeping rollback, risk tolerance, and deny-by-default strategies in play. Joining him are Mike Woods, vp of cybersecurity at GE Vernova, and Steve Zalewski, co-host of Defense in Depth. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Automated attacks are growing in speed and sophistication, far outpacing the human defenses most organizations rely on. Whether it's credential stuffing, scraping, or denial-of-wallet attacks, bots can drain your resources before they even steal a cent. In this episode, Sam Crowther, founder of Kasada, discusses how their bot detection and mitigation solution flips the economics of attacks. By disrupting automated behavior at wire speed—without impacting user experience—Kasada ensures you're doing business with real people, not fake clicks. Joining him are panelists Jimmy Sanders, president of ISSA International, and Jason Elrod, CISO at MultiCare Health System. Huge thanks to our sponsor, Kasada

Managing privileged access across a sprawling IT environment remains one of cybersecurity's toughest balancing acts. Admin privileges are often granted too broadly and retained for too long, opening dangerous pathways for lateral movement and ransomware. In this episode, Rob Allen, chief product officer at ThreatLocker, introduces their Elevation Control tool — a solution designed to help security teams remove unnecessary privileges, apply just-in-time elevation for specific apps, and restrict lateral movement, even within elevated sessions. Joining him are Mike Woods, vp of cybersecurity at GE Vernova, and Steve Zalewski, co-host of Defense in Depth. Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Security operations centers (SOCs) are drowning in alerts, forcing analysts to waste time chasing down false positives while real threats slip through. The problem isn't just efficiency—it's burnout, missed signals, and limits on what security teams can reasonably triage. In this episode, Edward Wu, CEO and founder of Dropzone AI, explains how their AI-powered SOC analyst automates triage and investigation for security alerts. The result is more efficient operations, faster detection of real threats, and a significant reduction in alert fatigue. He's joined by our panelists, TC Niedzialkowski, head of IT and security at Opendoor, and Steve Zalewski, co-host of Defense in Depth. Huge thanks to our sponsor, Dropzone AI False positives slow you down. Missed threats put you at risk. Dropzone AI reasons through every alert, pulling context from multiple sources to deliver trusted conclusions in minutes. No noise. No blind spots. Just clear, evidence-backed answers. See it in action—Request a Demo.

Securing endpoints is a persistent challenge, especially in a hybrid working environment. The human factor is an unavoidable element with endpoint security, which means you have to be ready for a lot of unexpected behavior. Centrally managed policies for endpoints can only enhance security if they don't compromise the flexibility the business needs. In this episode, Rob Allen, chief product officer at ThreatLocker, discusses how their Network Control solution offers a endpoint-based firewall to protect these devices. Rob is joined by our panelists, Janet Heins, CISO at ChenMed, and Shaun Marion, vp, CSO at Xcel Energy. Got feedback? Join the conversation on LinkedIn. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Customer security reviews often miss their mark, leaving organizations scrambling to compensate with extensive questionnaires that divert attention away from genuine risk management. The inconsistency of these processes and the lack of clear authority or visibility contribute to prolonged timelines and increased frustration. So, how can companies maintain trust without drowning in the complex processes that come with these reviews? In this episode, Chris Gomes, head of product at Conveyor, discusses how they automate the response to security questionnaires and focus on relieving the burden on customer trust offices overwhelmed by extensive review processes. Chris is joined by our panelists, Steve Gentry, advisor at Cognate Cyber, and Eduardo Ortiz-Romeu, vp, global head of cybersecurity at Techtronic Industries. Huge thanks to our sponsor, Conveyor Conveyor's AI Agent, Sue, automates the entire security review process by handling every customer request for security documents and answering security questionnaires. She also coordinates every step in-between like tagging SMEs, updating tickets, and collaborating with other teams so you do less busywork and your deals close faster. Learn more at Conveyor.com.

We hear all the time that identity is the new perimeter. If we place that much importance on identity, then compromised credentials can give away the keys to the kingdom. In an environment where hybrid infrastructures introduce visibility challenges, the need for advanced monitoring techniques for identities becomes clear. In this episode, Paul Nguyen, co-founder and co-CEO at Permiso Security, discusses how Permiso enables organizations to fortify their defenses against insider threats and malicious actors. Paul is joined by our panelists, Trina Ford, CISO of iHeartMedia, and Eduardo Ortiz-Romeu, vp, global head of cybersecurity at Techtronic Industries. Huge thanks to our sponsor, Permiso Security Protect all identities with comprehensive security against credential compromise, account takeover, and insider risks. Our solution provides unified visibility across authentication boundaries, eliminating fragmented cloud security. Learn more at Permiso.io

Managing application control amid increasing ransomware threats while not impeding business flow remains a challenge. Organizations need a layered defense to bolster their security posture without overinvesting in overlapping tooling. In this episode, Rob Allen, chief product officer at ThreatLocker, discusses how their deny-by-default approach to application control helps simplify this persistent challenge. Rob is joined by our panelists, Janet Heins, CISO at ChenMed, and Shaun Marion, vp, CSO at Xcel Energy. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

The tendency to focus on merely checking boxes to achieve compliance can lead to superficial solutions that may not effectively reduce operational risk. A strategic pivot towards ensuring compliance through holistic security measures is key; long-term, it demands less effort and provides more substantial protection. In this episode, Craig Unger, founder and CEO of HyperProof, discusses the company's efforts to help companies achieve compliance and manage third-party risks. Craig is joined by our panelists, Trina Ford, CISO of iHeartMedia, and former CISO TC Niedzialkowski Huge thanks to our sponsor, Hyperproof Take control of your compliance and risk management with Hyperproof. Simplify audits, automate workflows, and gain complete visibility into your security posture. Trusted by industry leaders, Hyperproof empowers your team to mitigate risks and boost productivity. See it in action—get a demo today!  

SaaS visibility remains a mixed bag. Within company sanctioned tools we have visibility. But when it comes to visibility across tools, we struggle. And don't forget all of the SaaS apps your employees use that you don't know about. How do you start to address that SaaS visibility gap? In this episode, Russell Spitler, co-founder and CEO of Nudge Security, discusses how using email as the foundation for SaaS visibility makes the whole situation much easier to manage. Russell is joined by our panelists, Steve Zalewski, co-host of Defense in Depth, and Nick Espinosa, host of the nationally syndicated Deep Dive Radio Show. Huge thanks to our sponsor, Nudge Security Nudge Security solves the identity security, IT governance, and third-party risk challenges resulting from SaaS sprawl and GenAI use. With complete SaaS discovery on Day One and automated IT governance workflows, customers can eliminate blind spots, harden security posture, and mitigate supply chain risks without slowing down the business. Learn more at NudgeSecurity.com.

Open source is a bedrock of modern enterprise software. But support for various components is all over the place. The ecosystem doesn't have the right incentives in place, leading to end-of-life security issues many organizations aren't ready to address. When community support for open-source components dries up over time, what is your recourse? In this episode, Aaron Frost, founder and CEO, HeroDevs, discusses how HeroDevs is addressing this problem by providing secure, drop-in replacements to give enterprises the time they need to safely transition to supported software. Aaron is joined by our panelists, DJ Schleen, head of security, Boats Group, and Russ Ayres, deputy CISO & head of cyber, Equifax. Huge thanks to our sponsor, HeroDevs Outdated software puts your security at risk. HeroDevs' Never-Ending Support ensures your legacy systems stay secure, compliant, and functional. Proactively protect against vulnerabilities in unsupported frameworks like Spring or AngularJS. Don't let end-of-life open-source software be your weak link—secure your stack today with HeroDevs.

The velocity of innovation necessitates an agile approach to infrastructure management, which often leads to complexity and, consequently, vulnerabilities. Organizations are in a relentless race to identify and prioritize security gaps, but how can we effectively manage and mitigate these risks? In this episode, Jay Mar-Tang, field CISO at Pentera, discusses how Pentara blends the efficiency of automation with insightful human judgment to addresses the gaps in traditional security processes while enhancing effectiveness and response times. Jay is joined by our panelists, Keith McCartney, vp, security and IT, DNAnexus, and Nick Espinosa, host of the nationally syndicated Deep Dive Radio Show. Huge thanks to our sponsor, Pentera Pentera, established in 2015, leads the charge in Automated Security Validation. We empower organizations to pinpoint their true security gaps and prioritize based on true exposure, providing a strong defense against cyber threats. Trusted by thousands worldwide, Pentera offers security posture, clarity and precise guidance for remediation.

The sheer volume of security alerts and data being generated by various sources like firewalls, servers, and endpoint devices is daunting. The challenge lies in sifting through this vast amount of information to identify genuine threats without throwing manual effort at it. Traditional security logs merely tell us what happened but do not provide insights on what's happening now. The demand is for more actionable intelligence that focuses on different, more relevant data types rather than just more data. In this episode, Subo Guha, chief product officer at Stellar Cyber, discusses the company's efforts to turn raw security alerts and IT data into actionable intelligence at scale. Subo is joined by our panelists, Nick Espinosa, host of the nationally syndicated Deep Dive Radio Show, and Steve Zalewski, co-host of Defense in Depth. Huge thanks to our sponsor, Stellar Cyber

Understanding and mitigating insider risk has taken a front seat in organizational security strategies. What once was a niche concern, we're seeing significant escalation in insider threats, particularly from nation-state actors, with insiders becoming victims of coercion or identity theft. In this episode, Mohan Koo, president & co-founder, DTEX Systems, explains why understanding human behavior, continuous data tracking, and proactive collaborations are key components in staying ahead of evolving risks. Joining Mohan in this discussion are Janet Heins, CISO, ChenMed, and Bethany De Lude, CISO emeritus. Huge thanks to our sponsor, DTEX Systems As the trusted leader in insider risk management, DTEX stops insider threats and prevents data loss. By combining data loss prevention, user and entity behavior analytics, and user activity monitoring in a single platform, DTEX proactively identifies malicious and non-malicious behavior, without sacrificing privacy or network performance.

The fragmentation and vast amount of data generated from enterprise tools create a convoluted landscape for cybersecurity professionals to navigate. This complexity is exacerbated in large companies with dynamic environments, where innovation and growth must be balanced with the ever-present need for security. In this episode, Piyush Sharrma, CEO and co-founder at Tuskira discusses what the company is doing to unify security tools and validate defenses in this sea of data. Piyush is joined by our panelists, Mike Woods, vp, cybersecurity, GE Vernova, and Keith McCartney, vp, security and IT, DNAnexus. Huge thanks to our sponsor, Tuskira Tuskira simplifies cybersecurity by unifying data from 150+ tools into a proactive, AI-driven security mesh. Resolve operational complexity by aligning defenses like EDRs, WAFs, & more with real-world vulnerabilities. Accelerate response times with automated exploit validation & risk mitigation. Stop patching noise and start focusing on the threats that truly matter. 

What if you could get a no-nonsense look at security solutions in just 15 minutes? Security You Should Know, the latest podcast from the CISO Series, does just that. Hosted by Rich Stroffolino, each episode brings together one security vendor and two security leaders to break down a real-world problem and the solution trying to fix it. Expect straight answers on: How to explain the issue to your CEO What the solution actually does (and doesn't do) How the pricing model works Then, our security leaders ask the tough questions to see what sets this vendor apart. Subscribe now and and stay ahead of the latest security solutions. Visit CISOseries.com for more details. Security You Should Know: Connecting security solutions with security leaders.