The Business of Cybersecurity

What happens when cyber resilience shifts from an IT concern to something that directly impacts revenue, operations, and even national stability?In this episode of The Business of Cybersecurity, I sit down with Mark Molyneux, Field CTO for Northern Europe at Commvault, to break down the UK’s Cyber Security and Resilience Bill and what it really means for organizations trying to stay ahead of increasingly complex threats.At first glance, legislation like this can feel distant, something for compliance teams to worry about later. But as Mark explains, the reality is far more immediate. This bill has been years in the making, shaped by a growing pattern of incidents that have moved beyond isolated IT problems and into events with real economic and societal impact. The conversation quickly shifts from what the bill says to why it matters right now, especially as cyber threats continue to evolve faster than regulation can keep up.One of the most valuable takeaways from our discussion is the distinction between disaster recovery and true cyber recovery. Many organizations believe they are prepared because they have invested heavily in backup systems and failover environments. But as Mark highlights, those assumptions can break down quickly when core systems, identities, or trusted environments are compromised. In those moments, traditional recovery metrics no longer apply, and the focus turns to how quickly a business can return to a clean, operational state.We also explore the risk of treating new regulation as a simple compliance exercise. There is always a temptation to do the minimum required and move on. However, recent real-world incidents have changed the tone of the conversation. Leadership teams are starting to recognize that resilience is about survival, not certification. That shift in mindset is where meaningful progress begins.Mark shares practical guidance for organizations at different stages of their journey. Whether it is selecting a single cybersecurity framework, running realistic tabletop exercises with executive teams, or defining what a minimum viable company actually looks like during a crisis, the emphasis is on taking action now rather than waiting for legislation to dictate the pace.There is also an honest discussion about the limits of regulation. Laws and frameworks will always lag behind the speed of technological change, especially as AI begins to reshape how attacks are launched and executed. That puts the responsibility back on organizations to go further than compliance and build resilience that reflects their real-world risk.This episode is a reminder that cyber resilience is no longer about preventing every possible attack. It is about ensuring the business can continue when something goes wrong.So as new legislation begins to take shape and expectations rise, are you confident your organization could recover quickly from a serious cyber event, or are you still relying on assumptions that have yet to be tested?Please check the partners of the Tech Tech Talks NetworkLearn more about the NordLayer BrowserVisit Denodo.com

What if the real problem with cybersecurity today is not the threats we see, but the way we prove who we are online?In this episode of the Business of Cybersecurity podcast, I sat down with Gonzalo Alonso, CEO of Ditto, to explore why digital identity has quietly become one of the most important and misunderstood challenges in our digital economy. Drawing on his experience at Microsoft, Google, and now Ditto, Gonzalo shares a perspective that challenges long-held assumptions about how identity works, who owns it, and why the current model is starting to break under pressure from AI, regulation, and evolving user expectations.We unpack what is changing across Europe with initiatives like the European Digital Identity Wallet and what that really means in practice for both consumers and businesses. Gonzalo explains how the shift toward user-controlled identity could reshape everything from onboarding and compliance to fraud prevention and cross-border trust. At the same time, he does not shy away from the complexity this creates for organizations that have historically treated identity data as an asset they control.Our conversation also looks at the deeper technical shift from trusting systems to relying on cryptographic proof. Gonzalo brings this to life with real-world examples, including how identity could travel with you across borders, unlock access to services, and even influence financial opportunities. But alongside the opportunity, we also discuss the risks, from device security to identity recovery, and why getting the model right matters just as much as the technology behind it.This episode offers a clear-eyed view of where digital identity is heading, why it matters now, and what leaders need to start thinking about before the rules change around them. So as identity moves from passwords and tokens to something far more personal and portable, are we ready to give control back to the individual, and what does that mean for the businesses built on the old model?

How prepared are businesses for a world where AI agents are quietly becoming some of the most powerful users inside their systems?In this episode of Business of Cybersecurity, I sit down with Uri Haramati, CEO and co-founder of Torii, to unpack a shift that is happening faster than most organizations can keep up with. AI is no longer sitting on the sidelines as a productivity tool. It is now deeply embedded across platforms like Slack, Google Workspace, and CRM systems, often operating with levels of access that rival or even exceed human users. As Uri explains, that changes the entire security conversation, especially when many of these agents are effectively invisible to traditional identity and governance models.What stood out to me in this conversation is how quickly AI adoption has moved from experimentation to something far more operational. Uri shares insights from Torii’s 2026 SaaS Benchmark Report, which reveals that enterprises added nearly 700 new AI applications in just one year, with 61 percent of all apps operating outside of IT oversight. That creates a growing blind spot, where non-human identities, API tokens, and automated workflows are interacting with sensitive data without clear ownership or lifecycle management. It is a shift that feels familiar, echoing past waves like BYOD, but this time the scale and speed are on another level.We also explore why this is not simply a story about risk. There is a clear business driver behind this surge in AI adoption. Organizations are under pressure to control costs, reduce manual work, and get more value from their software stack. AI is stepping into that role, but it introduces new challenges around usage-based pricing, unexpected spend, and governance models that were designed for a much slower era of IT. Uri makes the case that the real issue is not adopting AI too quickly, but failing to evolve governance at the same pace.By the end of the conversation, one idea really stayed with me. Within the next couple of years, non-human identities could outnumber human ones inside most enterprises. That raises a simple but uncomfortable question. If every actor in your system needs to be treated as an identity, how many do you actually have, and how many are you truly managing?If this is a topic you are grappling with, I highly recommend checking out Torii’s 2026 SaaS Benchmark Report and connecting with Uri to continue the conversation. But for now, I would love to hear your perspective. Are we building the right guardrails for this new era of AI-driven access, or are we already further behind than we think?

What happens when AI makes your security teams faster, but leaves the same people carrying all the risk?In this episode of Business of Cybersecurity, I sit down with Shan Kulkarni, CEO of Nullify, to discuss a growing tension that many security leaders are already feeling. AI is helping developers ship code faster than ever. Still, for product security teams, that speed often creates even more alerts, more vulnerabilities to review, and more pressure on already stretched teams. Shan argues that the real issue is not productivity alone. It is accountability. When copilots increase output while ownership remains with the same engineers, the workload does not disappear. It multiplies.We explore why Shan believes the next phase of enterprise AI will be shaped by autonomous AI employees rather than assistant-style tools. He explains how Nullify is designed to onboard, reason, and act like a human security engineer, with access to code bases, ticketing systems, cloud environments, and internal documentation. From validating whether a vulnerability is truly exploitable to assigning fixes and following up with developers, Shan shows how AI workers could replace several disconnected security tools and the extensive manual coordination required.Our conversation also gets into trust, which remains one of the biggest barriers to adoption in high-risk environments. Shan talks openly about the safeguards needed before companies will feel comfortable allowing AI to take action instead of simply making suggestions. We discuss merge-ready patches, exploit confidence scores, the rising threat surface created by AI-generated code, and why authorization, authentication, and business logic flaws may become some of the biggest risks in modern software.It is a timely conversation about what security teams actually need right now: fewer dashboards, fewer false positives, and better ways to manage growing responsibility in a world of machine-speed software delivery. If you are trying to understand where AI fits inside security operations, and whether autonomous systems can truly ease the burden rather than increase it, this episode should give you plenty to think about. What do you think, are we heading toward a future of AI teammates in cybersecurity, and how much responsibility are you willing to hand over?

What if the biggest blind spot in cybersecurity today is the place where most work actually happens, the browser?In this episode of the Business of Cybersecurity podcast, I sat down with Adam Bateman, co-founder and CEO of Push Security, to explore a growing shift in how modern attacks are carried out and why traditional defenses are increasingly struggling to keep up. Adam brings a rare perspective to the conversation, having spent years in offensive security and red team operations simulating real-world attacks against major enterprises before founding Push Security.One of the central ideas we unpacked is the claim that the browser has quietly become the new endpoint. As organizations move more work into cloud applications and SaaS platforms, the connection between users and company systems increasingly runs through the browser rather than traditional networks or local applications. The problem is that most security tools still focus on endpoints, networks, and email. That leaves what Adam describes as a “missing middle,” the space between a user logging in and the moment a breach is discovered.We also discuss how phishing attacks have evolved beyond the inbox. Push has observed that as much as thirty-four percent of the malicious phishing attempts they detect now originate outside email, appearing instead through platforms like LinkedIn messages, Google search results, or other online channels. These platform-native attacks bypass traditional email gateways entirely, often targeting senior executives and employees with privileged access to business systems.Adam also shares insights from a recent campaign his team uncovered called ConsentFix, an attack technique that combines browser manipulation with OAuth consent abuse. Instead of exploiting software vulnerabilities or deploying malware, these attacks manipulate trusted workflows inside cloud platforms and identity systems. The result is a compromise that can occur entirely within a browser session, often without triggering traditional security alerts.Throughout our conversation we explore why these browser-native threats are growing, how attackers are using AI to scale social engineering campaigns, and why visibility into browser activity may become one of the most important capabilities for modern security teams. Adam also explains how Push Security approaches this challenge by bringing real-time detection and response directly into the browser environment where work and attacks increasingly collide.If cybersecurity teams are still focused only on networks, endpoints, and email, they may be missing the layer where attackers now spend most of their time. As work moves deeper into cloud platforms and SaaS tools, could the browser become the next frontline in enterprise defense?

What really determines whether a company survives a cyberattack, the sophistication of the attacker or how well the organization prepared before the breach ever happened?In this episode of Business of Cybersecurity, I sat down with Andrew Carr, Managing Director at Booz Allen Hamilton and leader of the firm’s Commercial Threat Detection and Response practice. Andrew has spent nearly two decades working in digital forensics, ransomware response, and incident investigations across both government and enterprise environments. During our conversation, he shared lessons drawn from hundreds of cyber incidents and explained why preparation, clarity, and coordination often matter far more than the tools organizations deploy.One of the most striking themes in this conversation was the importance of the first seventy-two hours during a cyber crisis. Andrew explained that organizations that stabilize quickly tend to have one thing in common. They understand their environments with precision. They know where critical data lives, how systems connect, and which assets attackers are most likely to target. When that visibility is missing, those early hours are often spent trying to answer basic questions rather than containing the incident.We also explored why traditional incident response exercises sometimes fail to prepare organizations for real attacks. Many companies still run tabletop exercises within individual departments, yet real cyber incidents rarely stay confined to a single team. Andrew described why effective rehearsals must involve the entire business, from technical responders to executive leadership, and why organizations need to define what he calls the “minimum viable company,” the core functions required to keep operations running during a major disruption.Another key takeaway from our discussion was the role of leadership. Cybersecurity can no longer be treated as a purely technical function handled by the IT or security team. Andrew argues that cyber risk is a business risk, and executives across the organization must understand how decisions, priorities, and communication shape the response when a crisis unfolds.We also discussed emerging risks around supply chains and AI systems, and how organizations are beginning to think more seriously about resilience rather than prevention alone. In a world where no company can block every attack, the ability to respond quickly and recover effectively is becoming the true measure of cybersecurity maturity.If you lead a technology team, oversee risk, or simply want to understand how organizations prepare for high-stakes cyber incidents, this conversation offers a clear look inside the realities of modern incident response. When the next breach happens, will your organization be scrambling to understand its environment, or ready to act within those critical first seventy-two hours?

What happens when the backup you trusted turns out to be anything but immutable?In this episode of Business of Cybersecurity, I sit down with Anthony Cusimano from Object First to unpack one of the most misunderstood words in cyber resilience right now: immutability. It is a term that appears in countless vendor pitches and product pages, but as Anthony explains, the reality behind those claims can vary wildly. In a world where attackers are actively targeting backups as part of modern ransomware campaigns, that gap between promise and reality can have serious consequences.Anthony helps me separate marketing language from real architectural protection. We explore why a simple checkbox or software setting is not enough to make backup data truly safe, and why organizations need to think much more carefully about how backup storage is designed, isolated, and protected. He also explains why backup strategy can no longer sit quietly in the background as a routine IT function. It now sits right at the heart of cyber resilience.One of the biggest takeaways from this conversation is how ransomware operators have changed their tactics. Backups used to be the fallback plan, the thing that gave businesses a path back after an attack. Now, attackers know that too, which is why backup systems themselves have become a priority target. Anthony explains how this shift has changed the role of backup admins, raised the stakes for recovery planning, and forced security leaders to rethink what “safe” really means.We also get into the role of Zero Trust in backup storage, the risks of false confidence when immutability is poorly implemented, and the practical questions CIOs, CISOs, and infrastructure teams should be asking vendors before they trust them with business-critical recovery data. This is where the conversation gets especially useful, because Anthony does not stay at the theory level. He brings it back to what teams should be checking, testing, and validating right now.Another part of the discussion looks at how AI is changing the threat picture. As attacks become more automated and more adaptive, organizations will need recovery strategies that are built for pressure, not just written for compliance. Anthony shares his perspective on why long-standing best practices still matter, and why businesses should be far more intentional about where their most important data lives and how quickly it can be recovered.I also appreciated Anthony’s strong defense of backup professionals, the people who often carry enormous responsibility without much recognition until something goes wrong. This episode is a reminder that resilience is never just about technology. It is also about the people trusted to keep the business standing when everything else is under pressure.So if your organization believes its backups are immutable, the real question is simple. Are they truly protected at the architecture level, or are you trusting a label that might not hold up when it matters most?Connect with Anthony CusimanoLearn more about Object FirstAbsolute Immutability: The Ultimate Ransomware DefenseYouTube

For two decades, the mantra in technology has been simple: connect everything. More APIs, more integrations, more remote access, more cloud. But what happens when that hyper-connectivity becomes the very thing that amplifies risk?In this episode of Business of Cybersecurity, I sit down with Steven Brodie, Chief Revenue Officer at Goldilock Secure, a NATO-backed cybersecurity firm challenging the industry’s long-standing assumptions. Steven argues that in 2026 we are finally confronting the downside of overconnectivity, where sprawling networks and forgotten links create enormous blast radiuses when breaches occur. Instead of defaulting to constant connection, he introduces the idea of “right-sized connectivity,” where systems are connected only when required, no more and no less.We explore why so many modern breaches spread so quickly, and how architectural decisions made in the name of speed and convenience have left organizations exposed. Steven explains how most attacks are software-driven, moving laterally at machine speed, often faster than teams can patch. In that arms race, patching alone is no longer enough. Goldilock Secure approaches the problem differently by adding a physical layer of segmentation that can remotely connect or disconnect assets without sending commands over the public internet. The goal is simple: buy time, contain incidents, and prevent a localized breach from becoming a company-wide crisis.We also discuss the tension between security and operational continuity. How do you introduce deliberate firebreaks into a network without slowing down the business? Steven is clear that this is not about returning to air-gapped islands everywhere. It is about controlled connection and controlled disconnection. Boards, he argues, should rethink cybersecurity metrics away from checklist compliance and toward containment, resilience, and clear audit trails that demonstrate who accessed what, and when.As AI accelerates attack automation and zero-day vulnerabilities shrink response windows, the question facing every CISO and board is whether their architecture has grown beyond what is defensible. Are you relying purely on logical controls that can be subverted in software, or are you prepared to add physical boundaries that act as real firebreaks?I would love to hear your take. Has hyper-connectivity become a strategic liability in your organization, or is it still viewed as a competitive advantage?

How prepared are enterprises and government agencies for the next wave of AI-driven risk?I sit down with Tim Freestone, Chief Strategy Officer at Kiteworks, to unpack the findings from the Kiteworks 2026 Data Security & Compliance Risk Forecast and what it reveals about the true state of data resilience today. As AI accelerates business processes and agentic systems gain more autonomy, Tim argues that the real challenge is no longer about adding another security tool. It is about gaining repeatable control over how sensitive data moves across organizations, partners, and automated systems.We explore why third-party involvement in breaches has surged to nearly one in three incidents and what that means for board-level accountability. Tim explains how traditional third-party risk assessments struggle to scale in an AI-enabled world, and why data-layer controls and modern digital rights management approaches are being revisited in a more practical form. We also examine the shift from ransomware headlines to the rising dominance of social engineering, and why micro-learning and human error prevention may offer a more realistic path forward than annual compliance training.Our conversation also tackles the regulatory pressure building across regions, from evolving GDPR requirements to the EU AI Act. Tim makes the case for unified, data-centric compliance models that provide file-level visibility and auditability, rather than fragmented controls across siloed systems. We discuss the growing relevance of data security posture management, the shrinking timeline for quantum risk, and the “harvest now, decrypt later” threat that leaders can no longer afford to dismiss as a distant concern.Finally, we turn to identity as the new perimeter in a world where AI agents act with increasing autonomy. Tim shares why identity alone is insufficient and why combining identity with data location defines the modern security boundary. For leaders facing limited budgets and skill constraints, his advice is pragmatic: start with visibility, align with established frameworks like NIST, and use AI-enabled copilots to accelerate cyber maturity rather than fall behind.If you are responsible for security, compliance, or risk outcomes, this episode offers a clear-eyed look at what is changing, accelerating, and must be addressed now. Are you truly in control of every send, share, receive, and save of sensitive data across your ecosystem?

How can cybersecurity stop being treated as a tax on growth and start becoming something founders actually lean on to win trust, customers, and long-term advantage?In this episode of Business of Cybersecurity, I reconnect with Taylor Hersom, Founder and CEO of Eden Data, for a wide-ranging and honest conversation about what security really looks like in an AI-first world. Taylor has built his career inside compliance, risk, and cybersecurity, from Deloitte to launching Eden Data during COVID, and now helping venture-backed startups and global enterprises rethink how security fits into the business itself. Rather than framing cybersecurity as fear-driven insurance, he explains why it works best when treated as a signal of maturity, discipline, and credibility.We spend time unpacking how generative AI and agentic systems are changing the risk landscape, often faster than regulation and enforcement can keep up. Taylor shares why data, not models, remains the real asset worth protecting, and why so many organizations are still operating in a kind of AI Wild West. Without slipping into alarmism, he explains where companies are most exposed today, from training data to shadow AI tools quietly entering workflows, and why governance, transparency, and basic controls matter more than flashy security spending.What really stands out is Taylor’s practical take on turning compliance into a growth lever. We talk about SOC 2 and ISO standards, not as box-checking exercises, but as tools that can actually improve operations, customer confidence, and sales conversations when done properly. He explains why oversharing security posture can be a competitive advantage, how founders should think differently than large enterprises, and why bad audits and rubber-stamp certifications may create more risk than they remove.We also explore the human side of cybersecurity, including why most breaches still come down to everyday mistakes, not elite hackers, and how automation, monitoring, and better system design can reduce risk without burning out teams. Taylor shares a grounded view of how AI could finally help solve staffing shortages and alert fatigue inside security teams, and why emerging AI security standards may soon become the next credibility badge companies want to display.We close on a lighter note with book and music recommendations, but the core message is clear. Cybersecurity no longer lives in a silo, and the organizations that understand this are already using trust as a business advantage rather than a defensive posture. As AI becomes woven into every workflow, the companies that communicate clearly about how they protect data and customers may be the ones that stand out most.So as security, compliance, and AI continue to collide over the next few years, will your organization treat cybersecurity as a burden to manage, or as a story worth telling?Useful LinksConnect with Taylor Hersom on LinkedInLearn more about Eden DataFollow on LinkedInThanks to our sponsors, Alcor, for supporting the show.

What does the UK’s new Cyber Security and Resilience Bill actually mean for mid-sized businesses that sit quietly inside complex supply chains, often assuming the rules are aimed at someone else?In this episode of Business of Cybersecurity, I sit down with Jason Revill, Global Security Practice Technology Lead at Avanade, to unpack why this legislation represents a genuine shift in how cyber risk will be judged, enforced, and felt across the UK mid-market. While much of the public debate has focused on critical national infrastructure, Jason explains why managed service providers and mid-sized firms are now firmly in scope, particularly those that underpin larger enterprises. Mandatory incident reporting, tougher expectations, and turnover-based penalties are changing cyber resilience from a technical concern into a board-level business issue.We explore why outsourcing cybersecurity no longer reduces accountability, even though nearly half of UK mid-market firms rely on third parties to manage their defenses. Jason shares real-world insight into how supply chain vulnerabilities are driving a growing share of breaches, why identity and access management has become a weak link, and how attackers increasingly exploit trust between organizations rather than technical flaws alone. The conversation also looks at the rising threat of legal action following breaches, with group claims against well-known UK brands signaling a wider shift in public and regulatory expectations.Crucially, this is not a fear-driven discussion. Jason offers a grounded perspective on how mid-sized organizations can move beyond checkbox compliance and embed security into everyday operations without grinding the business to a halt. We talk openly about cost, trade-offs, and why resilience planning only works when it is owned by the whole organization, not just the security team. For leaders heading into a new year facing tighter scrutiny and higher stakes, this episode offers clarity on what good looks like in practice and how to start building it.If cyber resilience is quickly becoming a license to operate rather than an optional safeguard, how prepared is your organization for the expectations that customers, regulators, and even the public are about to place on it, and what would it take to get ahead of that curve rather than react after the fact?Useful LinksConnect With Jason RevillLearn More About AvanadeCyber Security and Resilience BillTech Talks Network is sponsored by Denodo

How do you protect factory floors, utilities, and critical infrastructure when IT and OT finally run on the same nervous system? That is the challenge at the heart of my latest conversation with John Walsh, Field CTO at IGEL Technology, recorded live at the IGEL Now and Next event in Frankfurt.Back in March in Miami, John and I talked about zero trust as an ecosystem rather than a product, a way to bring unified management and strong policy enforcement to the endpoint. This time, we take that thinking to the operational technology world, where the stakes feel very different. When a cyberattack hits a factory, it is not only data at risk. It can stop production lines, damage equipment, and cost millions in downtime. John explains how a prevention first mindset, backed by IGEL’s immutable OS, Universal Management Suite, and OEM ready integrations, is helping manufacturers and OEMs move security out to the edge where attacks actually begin.Across the episode, John lifts the lid on IGEL’s work with partners such as Intel, Honeywell, Zscaler, and others who see OT as a growth frontier. We talk about US Department of Defense zero trust 2.0 requirements, European regulation, and what it really takes to extend zero trust thinking from the office to the plant. From dark industrial networks to containerized workloads at the edge, from sensor attestation to the kill chain, this is a grounded look at how endpoint security, confidential compute, and sovereign architectures are reshaping industrial resilience.This one is for anyone who cares about the future of secure infrastructure, whether you work in manufacturing, utilities, or simply want a clearer view of where zero trust is heading as AI powered threats accelerate. Do you believe prevention first security can truly keep pace with autonomous attacks, or are we still leaning too heavily on detection and response thinking from an older era of cyber? I would love to hear your thoughts.

What does business continuity really mean when thousands of devices across a hospital or enterprise go dark? In this episode, Jason Mafera, Chief Technology Officer for Healthcare at IGEL, joins me at the Now and Next event in Frankfurt to explore why endpoint resilience has become one of the most overlooked priorities in cybersecurity.Jason explains why hospitals and healthcare providers have zero tolerance for downtime, and how the same principle applies across every industry where endpoint failure halts operations. He breaks down how IGEL’s prevention-first approach and its Business Continuity and Disaster Recovery solution can restore access within minutes, even during a ransomware event that would otherwise take weeks or months to recover from.For cybersecurity analysts evaluating endpoint protection, Jason offers valuable insight into what a prevention-first model looks like in practice. He describes how secure-by-design, read-only operating systems, dual boot capabilities, and layered recovery options create an architecture that is both lightweight and resilient. Analysts looking to compare endpoint strategies will find this discussion useful for understanding how organizations can combine operational uptime, rapid recovery, and measurable ROI without adding complexity or cost.We also discuss how prevention-first design changes the economics of IT. Jason shares examples of how organizations are cutting costs, improving patient safety, and aligning endpoint strategy with Zero Trust frameworks to strengthen both security and productivity.It is a fascinating look at how the business of cybersecurity is changing, and why protecting the endpoint is no longer optional. Are enterprises finally ready to treat endpoint continuity as part of their core business strategy? I would love to hear your thoughts after the episode.Useful LinksConnect with Klaus Oestermann on LinkedInLearn more about IGELFollow on LinkedIn, Twitter and YouTubeTech Talks Daily is Sponsored by NordLayer:Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

In today’s digital battlefield, prevention is no longer enough. Firewalls and endpoint protection might keep the doors locked, but attackers are slipping in through the windows. In this episode of Tech Talks Daily, I sit down with Brian Dye, CEO of Corelight, to explore how the cybersecurity game has changed and why network detection and response (NDR) has become the new frontline of digital defense.Brian brings an extraordinary track record from senior roles at Symantec, McAfee, and Citrix, giving him a rare perspective on how cyber strategy has evolved from antivirus software to AI-driven network intelligence. As he explains, “The days of when things were nice and loud and easy to find have come and gone.” Attackers now live off the land, using legitimate IT tools like PowerShell to hide in plain sight, while generative AI accelerates the weaponization of new exploits in hours instead of weeks.We discuss why Corelight’s open-source heritage gives it a unique edge in the GenAI era, how automation is reshaping response workflows, and what it really takes to achieve sub-15-second threat response. Brian also opens up about leadership lessons learned from his years in the industry, Corelight’s growth from startup to global scale, and the cultural principles that keep innovation alive through rapid expansion.This conversation goes far beyond cybersecurity buzzwords. It is a candid look at the reality facing modern defenders, where data is readiness, visibility is power, and resilience is built one decision at a time. Whether you are a CISO, developer, or business leader, this episode offers a grounded, human perspective on the future of cyber defense and what it means to truly understand what went “bump in the night.”

Experian’s Chief Product Officer for Identity and Fraud in the UK and Ireland, Paul Weathersby, joins me to unpack how criminals are using generative tools to fabricate documents, clone voices, perfect phishing at scale, and stitch together synthetic identities. We dig into the sharp rise in SIM swap attacks, why eSIM provisioning can accelerate takeovers, and how coordinated crews now treat fraud like a business with playbooks and orchestration.Paul explains what works on the defensive side right now. Think adaptive, multilayered authentication that reacts to real risk signals, mobile network checks to identify recent SIM changes, behavioral biometrics, enhanced document and liveness detection, and AI that accelerates investigations while reducing false positives and compliance costs. We also look at more innovative data use, graph analytics to expose fraud rings, cross-industry intelligence sharing, and the FCA’s supersized sandbox that helps teams test models at high volume.If you care about stopping account takeovers without breaking customer experience, this conversation is a practical blueprint for 2026 and beyond.SIM swapping increased by over 1,000%How to protect yourself from SIM swapping*********Visit the Sponsor of Tech Talks Network:Land your first job in tech in 6 months as a Software QA Engineering Bootcamp with Careeristhttps://crst.co/OGCLA

Qualys CEO Sumedh Thakar joins me to unpack what cyber risk management really looks like when budgets are tight, signals are noisy, and AI is changing the game. Sumedh’s journey started in Pune with parents who prized education above everything. He arrived in the US with one hundred dollars, joined Qualys as one of its first software engineers, and two decades later is leading a global platform that helps banks, governments, and enterprises protect their digital infrastructure.We dig into why compliance keeps tripping companies up, why the impact of digital crime now dwarfs many physical crimes, and how leaders can talk about cyber in a language boards actually understand. Sumedh explains the shift from counting exposures to quantifying business risk, and why the Security Operations Center is giving way to a Risk Operations Center that prioritizes what truly matters, accepts what must be accepted, and transfers the rest through insurance.We also explore the cloud security market’s next phase as AI workloads pour into public and private clouds, why “attack surface” is not the same as “risk surface,” and how to weigh AI opportunity against model and data uncertainty. Sumedh closes with hard-won leadership lessons on time, teams, and defining success, and recommends Marshall Rosenberg’s Nonviolent Communication for anyone who wants to communicate beyond the words and lead with clarity.Visit the Sponsor of Tech Talks Network:Land your first job in tech in 6 months as a Software QA Engineering Bootcamp with Careeristhttps://crst.co/OGCLA

What happens when there are 100 machine identities for every human one in your organisation? This is not a prediction for the future. It is the world we are already operating in, and the implications are profound.In this episode of Business of Cybersecurity, I speak with David Higgins, Senior Director at CyberArk, about how AI agents, autonomous systems, and the sheer scale of machine credentials in the enterprise are reshaping identity security. We discuss why password reuse, unsecured personal devices, and skipped updates remain stubbornly common even though awareness training has been around for decades. David explains that the issue is rarely laziness. Instead, it is often a lack of secure and practical alternatives that still fit the way people work.We dig into how phishing and social engineering tactics have evolved, with AI enabling deepfake audio and video that can pass casual inspection, and how attackers are increasingly bypassing tech-savvy users entirely by targeting helpdesks and third-party support teams. We also look at the commoditisation of stolen credentials and why buying access on the dark web can now be easier than running a phishing campaign.A major theme in our conversation is the role of culture in security. David challenges the outdated idea that humans are always the weakest link, arguing instead for a more collaborative approach that blends security objectives with user experience. We explore strategies like adaptive authentication, behavioural context analysis, and just-in-time privilege models that reduce risk without slowing down legitimate work.The discussion then turns to the identity challenges created by agentic AI. These are AI-driven systems that can interpret goals, adapt, and communicate directly with other AI agents and human colleagues. Unlike traditional machine identities, their behaviour changes over time, creating an entirely new category of security risk. David outlines how organisations can begin to secure these identities now, rather than deferring the problem until it becomes unmanageable.By the end of this episode, you will have a clear view of why identity-first security is essential in a machine-dominated environment, what practical steps can be taken to close gaps without adding unnecessary friction, and why aligning identity strategy with your organisation’s digital roadmap is no longer optional.

In this episode, I sat down with Mike Britton, CIO at Abnormal AI to explore the increasingly urgent overlap between AI governance and cybersecurity. With AI accelerating faster than regulation, and attackers already using these tools for harm, Mike offers a pragmatic take on what needs to happen next.We dig into the realities of regulating AI in a fragmented world, drawing comparisons between Europe’s application-based approach and the US’s patchwork of state-level initiatives. Mike shares why he believes regulation should focus on context and application, not just model size, and why human oversight must stay part of the loop.We also cover:How Abnormal uses behavioral AI to catch phishing and email attacks before they hit inboxesWhy sandboxes and risk-based regulation can protect innovation without losing controlThe threat of over-regulation pushing innovation toward regimes with fewer ethical safeguardsThe challenge of navigating AI vendors at security events, where almost everyone claims AI capabilitiesThe real-world risks of AI bias, misuse, and geopolitical influence in open-source modelsMike also shares practical guidance for CIOs and CISOs on model validation, audit trails, kill switches, and how to distinguish genuine AI value from marketing spin.🧠 One key takeaway: Attackers are already using AI. If security teams don’t fight fire with fire, they’re at risk of falling behind.🔗 For more, check out abnormal.ai or connect with Mike on LinkedIn.

In this episode of The Business of Cybersecurity, I’m joined by John Queally, Senior Director of Revenue Operations at Clari, for a conversation that goes far beyond spreadsheets and pipeline forecasts. We explore why RevOps has become mission-critical for cybersecurity firms facing escalating threats, intense market pressure, and growing expectations around AI.John unpacks how cybersecurity leaders from Okta to Fortinet are rethinking the entire revenue engine to fund innovation, reduce friction, and stay ahead of attackers. We discuss the growing gap between AI ambition and data reality, and why 67% of revenue leaders are not trusting their data should be a wake-up call for anyone betting big on automation.From real-time prospecting and clean data infrastructure to unified cross-departmental collaboration, this is a masterclass in how operational strategy, not just security tooling, is shaping the future of cyber resilience.John also shares what it really takes to unify go-to-market teams, how RevOps is shifting from reactive reporting to proactive insight, and why the most powerful transformation starts with the "unsexy" work of cleaning up your data stack.If you’ve ever underestimated the role of RevOps in a tech-driven industry or dismissed data hygiene as someone else’s problem, this conversation will change your mind.🎧 Listen in to learn:Why AI can’t fix broken dataHow cybersecurity firms are aligning ops, sales, and customer success in real timeWhat separates high-growth companies from those stuck debating dashboardsVisit Clari.com to learn more about the work John and his team are doing, or connect with him directly on LinkedIn.Ask ChatGPT

In this episode of The Business of Cybersecurity, I’m joined by Christian Reilly, Field CTO for EMEA at Cloudflare, to unpack what real-world cyber resilience looks like across industries and what’s holding many organisations back. From legacy systems in healthcare and education to cloud-native agility in gaming and fintech, Christian explains why some sectors are better prepared for modern cyber threats and what the rest can learn from them.We explore the power of simplicity in cybersecurity strategy, the shift toward zero trust, and the cultural importance of treating employee training as a relentless, personal mission rather than a compliance checkbox. Christian also shares sharp insights on the growing risks posed by AI and quantum computing, the need for post-quantum cryptography, and how data protection is fast becoming the cornerstone of competitive advantage.If your boardroom still treats security as an IT issue or your workforce sees it as a blocker, this conversation will change how you think about cyber preparedness. We discuss Cloudflare’s latest research findings, the future of AI-powered SecOps, and how organisations can move from passive defence to proactive, strategic resilience.Listen now to learn how forward-thinking businesses are simplifying their stacks, mobilising end-user education, and building security into the core of their operations rather than bolting it on after the fact.

In this episode of The Business of Cybersecurity, I speak with Trevor Dearing, Director of Critical Infrastructure at Illumio, to unpack some eye-opening truths from their latest ransomware report.We explore why more than half of global companies still have to halt operations when ransomware strikes and why so many UK businesses remain reluctant to report incidents. Trevor shares candid insights into what is working, what is not, and why shifting focus from prevention to containment could be the real key to resilience.He explains how modern containment tactics like advanced obfuscation and one-click ringfencing can limit damage and keep critical operations running, even when attackers break through. We also discuss why only 13 percent of companies believe their cyber resilience is strong enough and what it will take to close that gap as regulations tighten worldwide.If you want a grounded take on how to prepare for the attacks that will inevitably come, rather than just hoping they never do, this conversation is for you.Search Tech Talks Network for more episodes that connect cybersecurity and real-world business strategy.

When I spoke with Mark Lluic, CEO in Residence at Zscaler, on the Business of Cybersecurity podcast, we didn't spend time rehashing the basics. We looked at how leadership thinking must evolve. If your security posture is still built for light rain, what happens when a hurricane hits?Mark has spent years helping organizations rethink security from the ground up. Instead of chasing alerts or layering new tools onto outdated systems, he advocates for a proactive, systems-first approach. One that prioritizes architecture and continuity over quick fixes.Zero Trust Isn't Just for Remote WorkZero Trust started as a security fix for remote access, but that's just one piece of the puzzle. Mark made a sharp observation: many companies still trust users more when they're sitting in the office. That's a dangerous assumption.Modern Zero Trust means treating all traffic with the same level of scrutiny, regardless of its origin. Every access request should be evaluated based on its context: who is making the request, what device they're using, what they're trying to do, and whether that behavior fits a known pattern.The Problem with the Patch-and-Pray ModelSecurity teams often react to new threats by throwing more tools into the mix. Over time, this patchwork creates more problems than it solves. Complexity grows, visibility shrinks, and attackers exploit the gaps.Mark pointed to research showing that many teams are overwhelmed by the tools they already have in place. Others are held back by outdated systems or a lack of staff with the right skills. That creates a situation where attackers need to succeed once, while defenders must stop everything every time.A Better Way Forward: Resilient by DesignSo, what does a stronger strategy look like? Mark recommends starting with architecture. Build systems that expect disruption. Apply continuous risk assessment. Incorporate business continuity from the start rather than as an afterthought. And don't limit Zero Trust to a single use case. Make it your foundation.For leaders looking to take action, Mark laid out some clear first steps:Start by reviewing where Trust is currently assumed. Challenge those defaults. Apply the same standards inside your network as you do for external traffic. Think about context every time you evaluate access.Ensure that your legacy systems are also included in this effort. But remember, you don't need to replace everything overnight.Resilience is about ensuring your organization remains standing, regardless of what challenges it faces. That means planning, testing your response, and building security into your infrastructure not bolting it on later.Listen to the full episode to hear why this shift is a leadership decision that defines how your organization faces tomorrow's threats.

Are junior cybersecurity professionals outpacing their senior colleagues in readiness for modern threats?In this episode of The Business of Cybersecurity, Neil C. Hughes sits down with Max Vetter, Vice President of Cyber at Immersive Labs, to examine a surprising trend: less experienced team members are consistently completing more difficult training content than veterans with eight or more years in the field. It’s a data point that challenges assumptions and raises urgent questions about how organizations approach skills development in cybersecurity.Max shares findings from recent research that expose worrying gaps in readiness, especially at the senior level, and outlines a practical checklist for building resilient, threat-ready teams. He makes a compelling case for continuous, challenge-based learning across all levels of expertise, not just for new hires, but for seasoned professionals who may risk falling behind.Together, Neil and Max explore:Why traditional training approaches might be failing senior professionalsHow complacency and lack of tailored development can erode cyber resilienceThe cultural shifts needed to make continuous learning a team-wide priorityWhat boards and business leaders should know about workforce readiness gapsWhether you're leading a SOC, managing risk at the executive level, or shaping your organization's cyber strategy, this episode offers real-world insight into the human dynamics behind technical defenses.Are we doing enough to upskill cybersecurity veterans before the next threat hits? Tune in and join the conversation.

Legacy systems are everywhere, quietly powering core operations in some of the world’s largest enterprises. But behind that familiarity is risk. In this episode of The Business of Cybersecurity, Paul Savill, Global Practice Leader of Networking and Edge Compute at Kyndryl, joins me to break down why aging infrastructure is becoming a major liability in today’s security posture.We talk candidly about the security implications of 44 percent of enterprise technology being “out of life” and unsupported. Paul shares how that vulnerability becomes even more exposed as IoT devices proliferate and AI-powered attacks grow more sophisticated. It’s no longer a question of whether legacy tech is a problem, but how long organizations can afford to ignore it.This conversation moves beyond the buzzwords and straight into the operational reality. Paul explains how Kyndryl’s post-IBM spin-off transformation included shifting to a cloud-first, zero trust model—and why that decision was just as much about improving agility and cost control as it was about reducing risk.We also explore the human side of cybersecurity. Paul outlines how Kyndryl’s internal phishing simulations and scenario-based training have led to a measurable increase in employee-reported incidents. It’s a compelling argument for why building a cybersecurity culture beats any off-the-shelf solution.From AI-enhanced social engineering threats to the disconnect between IT and OT teams, this episode highlights the practical steps business leaders can take to modernize without compromising day-to-day operations. If your cybersecurity strategy still depends on outdated tools and last year’s training modules, it might be time to rethink the foundation.For more insight, check out the Kyndryl Readiness Report at kyndryl.com,

Nearly half of all internet traffic is now generated by non-human sources, and a growing share of that activity is driven by increasingly sophisticated bots. In this episode of The Business of Cybersecurity, Neil is joined by Lynn Marks, Senior Product Manager at Imperva, to break down the findings from the latest Bad Bot Report and explore what businesses need to know as these threats accelerate.Lynn explains why the shift in bot activity is no longer about brute force or exploiting technical vulnerabilities. Today’s attackers are targeting business logic itself. From automated purchasing of high-demand items to manipulating pricing and availability data in the travel sector, bots are now bypassing traditional security tools by taking advantage of how platforms are designed to function.APIs are particularly vulnerable. Nearly 50 percent of account takeover attacks now target APIs directly, largely because they are abundant, consistently structured, and often poorly monitored. Shadow APIs and lack of cross-functional visibility create significant blind spots for security teams.Some industries are facing an outsized share of these attacks. Gaming platforms are targeted for their in-game currencies and experience systems, while travel providers contend with constant scraping of flight data and availability. In both cases, attackers are capitalizing on high user demand and competitive pressure to exploit weaknesses in systems that were never built with these threats in mind.Lynn also discusses the rise of residential proxies and mobile user agents, which make it increasingly difficult to distinguish real users from bad actors. And with a surge in global AI regulation expected in 2025, she outlines what organizations can do to prepare. From understanding internal AI use to implementing layered protection across APIs and mobile applications, Lynn provides practical advice for teams looking to get ahead of the threat curve.In a digital world where nearly half of all traffic is now synthetic, how confident are you in your ability to spot the difference?

Recorded live at IGEL Now & Next 2025 in Miami, this conversation with John Walsh, Field CTO for Critical Sectors at IGEL, explores how organizations can rethink edge security through a preventative lens. With decades of experience in high-assurance environments, John shares how zero trust is moving from theory into applied strategy and why endpoint protection is still ground zero in the modern threat landscape. From hybrid work challenges to AI-powered threats, this episode breaks down how IGEL’s immutable OS and collaborative approach are helping secure some of the most sensitive sectors in the world. Are your endpoints ready for what’s next?

What happens when a country aims to carve its own cybersecurity regulatory path post-Brexit while the rest of the region moves toward harmonized frameworks like the EU’s NIS2 directive? In this episode of The Business of Cybersecurity Podcast, we unpack the evolving conversation around the UK’s Cyber Security and Resilience Bill with Ricardo Ferreira, Field CISO at Fortinet.Ricardo offers a sharp, comparative analysis between the UK's proposed bill and the EU's more prescriptive NIS2 directive. He explains why the UK's current approach lacks the specificity needed to tackle critical issues like supply chain security, board-level accountability, and sector-specific risk frameworks. While the UK’s legislative draft includes promising buzzwords and broad commitments, Ricardo notes that it falls short on actionable guidance and enforcement mechanisms—areas where NIS2 has already set a clearer precedent.But amid these gaps lies a strategic opportunity. Ricardo discusses how the UK can leverage its regulatory independence to selectively adopt the most effective elements from NIS2, crafting a more agile and industry-friendly cybersecurity framework. He highlights the importance of involving diverse stakeholders—from industry bodies to international partners—in shaping regulation that’s both resilient and responsive to evolving threats.The conversation also explores:The importance of making board members directly accountable for cybersecurity riskWhy workforce training must be mandated alongside technical requirementsLessons from NIS2 on post-breach response and business continuity planningThe need for advisory committees and continuous legislative updates to keep regulation relevant in an AI-driven threat environmentRicardo closes the episode with a personal story about how visionary leadership early in his career helped shape his trajectory—reminding us that real resilience is built not just through technology or regulation, but through people who see potential and invest in it.If you're navigating cybersecurity compliance, policy development, or executive accountability, this episode is a timely and thought-provoking listen.

What does it take to protect financial institutions when they're the number one global target for DDoS attacks? In this episode of The Business of Cybersecurity, Neil C. Hughes welcomes Richard Meeus, Director of Security Technology and Strategy EMEA at Akamai Technologies, to explore insights from Akamai's latest State of the Internet (SOTI) report focusing on cybersecurity trends in the financial services sector.Richard shares a decade's worth of threat intelligence backed by trillions of daily DNS requests and billions of cyberattack observations, offering a data-rich perspective on why financial organizations are squarely in the crosshairs. From a 24-hour DDoS attack on Israel peaking at 800 Gbps to the rise of politically motivated hacktivism, Richard outlines why the Middle East and North Africa (MENA) region has become a hotspot for these digital assaults—and what financial firms can do about it.The conversation also covers the emerging risk of shadow APIs—forgotten, unmanaged, or defunct APIs that can unintentionally expose sensitive personal or financial data. Richard explains how many businesses still underestimate their API footprint and shares practical steps for regaining visibility and control.Zero Trust is another central theme. Instead of positioning it as an overwhelming overhaul, Richard suggests organizations reframe it as a modern VPN replacement, focusing first on core business systems and micro-segmentation to restrict lateral movement. With a strategic approach, implementing Zero Trust becomes feasible and a key step in limiting breach impact.Richard also offers a candid look at balancing proactive and reactive DDoS defense, emphasizing the importance of both automatic mitigation and human-led response to more sophisticated, multi-vector attacks. He highlights how Akamai supports both fronts, including working with global authorities to help take down threat actors like Anonymous Sudan.Finally, the conversation turns to the future. With EU regulations like the Digital Operational Resilience Act (DORA) on the horizon, financial institutions must invest in real-time visibility, intuitive data access, and actionable threat insights to stay compliant and resilient.Whether you're in the C-suite, on the frontlines of your SOC, or guiding your enterprise's security roadmap, this episode delivers an honest and data-driven view of what it takes to defend the financial sector in a time of growing complexity and geopolitical tension.

What happens when the digital systems powering our national energy, water, and healthcare services become the next frontline in cybersecurity? As smart grids, connected utilities, and cloud-first operations rapidly reshape critical infrastructure, the threats facing these systems are evolving just as quickly. In this episode, Tony Burton, Managing Director of Cyber Security & Trust at Thales UK, joins the podcast to unpack the findings from the Thales Data Threat Report and explore what it really takes to secure the backbone of modern society.With over two decades in national security and resilience, Tony brings sharp insight into the pressing risks that critical infrastructure faces—from rising ransomware attacks and insider threats to human error and the expanded digital attack surface introduced by cloud adoption and smart technologies. He explains why over 42% of critical infrastructure organizations have already reported data breaches and why 93% are seeing an uptick in cyberattacks. The conversation doesn’t stop at the threats—it goes deep into the real-world consequences, such as cascading failures across sectors, widespread outages, and compromised public safety.We also explore how organizations can take action now. Tony outlines the importance of adopting zero trust architecture, designing systems with human behavior in mind, and implementing detection and response capabilities that reflect the physical realities of operational technology. He also shares powerful insights from Thales’ Cyber Resilience Lab in Ebbw Vale, a cutting-edge environment where real smart grid systems are tested under simulated attacks to strengthen resilience.From preparing for quantum computing to managing complex hybrid cloud environments, Tony offers a playbook for leaders who are serious about protecting national infrastructure in a high-stakes environment. Whether you’re a CISO, infrastructure leader, or tech strategist, this episode will provide a roadmap for mitigating risk, increasing awareness, and planning ahead.What role should technology—and leadership—play in protecting the systems that power society? Join the conversation and share your thoughts on building resilience in a connected world.

What does it really mean to trust nothing and verify everything? In this first episode of The Business of Cybersecurity, Neil is joined by John Kindervag—the creator of the Zero Trust cybersecurity model for a conversation that redefines how we think about protecting digital systems.John shares the untold story behind the creation of Zero Trust, from challenging traditional perimeter-based models to watching the concept grow into a global movement now embedded in national cybersecurity mandates. Far from being a buzzword, Zero Trust is presented here as a strategic framework that begins with a single protect surface and scales without disruption.Together, Neil and John explore how Zero Trust is misunderstood, often mistaken for a product, and too often reduced to identity management. They break down the core five-step process for implementation, the importance of context over blind trust, and how cloud environments and AI are reshaping cybersecurity expectations.But this conversation also carries a personal weight, as both Neil and John reflect on deeply moving experiences with childhood cancer—and how those journeys informed a new way to think about managing risk, or as John reframes it, managing danger.This isn’t just a technical talk. It’s a story about questioning the status quo, staying adaptable in a rapidly evolving threat environment, and using strategy not assumptions to secure the systems businesses depend on.Is your organization still relying on outdated models of trust? And what would it look like to build something truly resilient?