Enterprise Security Weekly (Video)

Interview with Filip Stojkovski on the State of AI in SecOps

Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections.

Segment Resources:

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses.

Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach.

Topic

For this week's topic segment, we've got two very interesting data sources.

The first is Anthropic's first update on Project Glasswing, where...

Interview with Rob Allen from Threatlocker

This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls.

Topic: Do the basics, they said. Easier said than done.

Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share...

Interview with Dimitri Sirota from BigID

Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework.

Segment Resources:

This Week's Topic: Cascading Breaches

We're seeing more and more 3rd and 4th party attacks that ch...

The Weekly Enterprise News

This week, in the enterprise security news,

Mind the Gap: Confidence, AI, and the Future of Exposure Management

Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding...

Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About

Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn't the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate.

The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legacy systems, and unmanaged as...

Rethinking Security from the OS Up in the Age of AI

Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures.

She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the...

Interview with Jim Spignardo

What does it take to build AI workflows that work? Why do so many fail?

Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim.

He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in...

Segment 1: We cover the weekly enterprise news! Segment 2: RSAC interviews from ArmorCode and Filigran

ArmorCode: AI Exposure Management and Governing Shadow AI

AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer workflows, agents and MCP servers, security leaders must enable innovation without losing control over risk, accountability and oversight. In this segment, ArmorCode will discuss its new AI Exposure Management (AIEM) solution, as part of the ArmorCode Agentic AI Platform. ArmorCode will highlight how AIEM gives enterprises clearer visibility into where AI is being used, who...

Interview with Brian Oh from FIS Global

Merchant-Specific Tokenization: Making Embedded Finance More Fraud-Resistant

Payment fraud has not gone away. It has evolved into a largely social engineering-driven problem that increasingly lands on security leaders' desks. In this episode, Brian Oh from FIS Global explains how merchant-specific tokenization and virtual cards work, why embedded finance raises the stakes, and how approaches like behavioral biometrics and tokenized payments can reduce fraud while keeping checkout experiences fast and seamless.

Segment Resources:

Interview with Helen Patton about her new book, Switching to Cyber

Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career.

Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career:

Interview with Lenny Zeltzer: Reflections on Being a CISO

After a cybersecurity career in various roles...

Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks.

Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses.

Interview with Mike Privette - The State of the Cybersecurity Market

Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market...

Interview with Jeremy Snyder from FireTail about AI Governance

Death by a thousand cuts: the AI shadow IT problem

I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going.

Segment 1 Resources:

Interview with Anna Pham

Breaking in with ClickFix: Anatomy of a modern endpoint attack

Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group.

In short, the team observed the threat actors using KongTuke's malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a "scan" to remediate the threats. Upon "...

Interview - Ben Worthy from Airbus Protect

The current state of OT security and business resilience

In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom de...

Segment 1 - Interview with Tim Morris

Bringing intelligence to assets

You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way?

Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts…

Segment 1: Interview with Mathias Katz

What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised?

Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him.

Segment 2: Interview with Wolfgang Goerlich

Addressing the nuanced, nefarious threats of AI

Sure, we need to worry about AI prompt injection and AI data leakage, but what about the...

Interview Segment - Rob Allen - Clickfix

"Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it!

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Interview Segment - Rob Allen - Zero Trust World

...

Segment 1: Interview with Warwick Webb

From Initial Entry to Resilience: Understanding Modern Attack Flows

Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives...

Segment 1: Interview with Thyaga Vasudevan

Hybrid by Design: Zero Trust, AI, and the Future of Data Control

AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world.

In this episode, we'll unpack why real-time visibility and control over data usage are now essential for safe...

Segment 1 with Beck Norris - Making vulnerability management actually work

Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity.

Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and...

First Topic - Podcast Content Plans for 2026

Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode.

With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for GenAI. Three years after the release of ChatGPT, I think we've hit peak GenAI...

For our first episode of the new year, we thought it would be appropriate to dig into some cybersecurity predictions.

First, we cover the very nature of predictions and why they're often so bad. To understand this, we get into logical fallacies and cognitive biases.

In the next segment, we cover some 2025 predictions we found on the Internet.

In the final segment, we discuss 2026, drop some of our own predictions, and talk about what we hope to see this year.

SPOILER: Please fix session hijacking, okay tech industry?

Segment...

For this week's episode of Enterprise Security Weekly, there wasn't a lot of time to prepare. I had to do 5 podcasts in about 8 days leading up to the holiday break, so I decided to just roll with a general chat and see how it went.

Also, apologies, for any audio quality issues, as the meal I promised to make for dinner this day required a lot of prep, so I was in the kitchen for the whole episode! For reference, I made the recipe for morisqueta michoacana from Rick Martinez's cookbook, Mi Cocina. I used the wrong...

Interview with Frank Vukovits: Focusing inward: there lie threats also

External threats get discussed more than internal threats. There's a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn't infringe on any individual organization's privacy. That's why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones.

Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is...

Interview Segment: Tony Kelly

Illuminating Data Blind Spots

As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets.

Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the...

Interview with Danny Jenkins: How badly configured are your endpoints?

Misconfigurations are one of the most overlooked areas in terms of security program quick wins. Everyone freaks out about vulnerabilities, patching, and exploits.

Meanwhile, security tools are misconfigured. Thousands of unused software packages increase remediation effort and attack surface. The most basic misconfigurations lead to breaches. Threatlocker spotted this opportunity and have extended their agent-based product to increase attention on these common issues.

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more!

Interview with Wendy Nather...

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year's conference.

In this episode:

-You Don't Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how...

Interview with Ravid Circus

Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity's 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations.

Segment Resources:

https://seemplicity.io/papers/the-2025-remediation-operations-report/

https://seemplicity.io/news/seemplicity-releases-2025-remediation-operations-report-91-of-organizations-experience-delays-in-vulnerability-remediation/

https://seemplicity.io/blog/2025-remediation-operations-report-organizations-still-struggle/

Topic Segment: Thoughts on Anthropic's latest security report

Ex-SC Media journalist Derek Johnson did a great job writing this one...

Segment 1: Interview with Rob Allen

It's the Year of the (Clandestine) Linux Desktop!

As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.

In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.

Segment Resources:

Segment 1: OT Security Doesn't Have to be a Struggle

OT/ICS/SCADA systems are often off limits to cybersecurity folks, and exempt from many controls. Attackers don't care how fragile these systems are, however. For attackers aiming to disrupt operations, fragile but critical systems fit criminals' plans nicely.

In this interview, we discuss the challenge of securing OT systems with Todd Peterson and Joshua Hay from Junto Security.

This segment is sponsored by Junto Security. Visit https://securityweekly.com/junto to learn more!

Segment 2: Topic - Spotting Red Flags in Online...

Segment 1: Interview with Joel Burleson-Davis

Frontline workers can't afford to be slowed down by manual, repetitive logins, especially in mission-critical industries where both security and productivity are crucial. This segment will explore how inefficient login methods erode productivity, while workarounds like shared credentials increase risk, highlighting why passwordless authentication is emerging as a game-changer for frontline access to shared devices. Joel Burleson-Davis, Chief Technology Officer of Imprivata, will share how organizations can adopt frictionless and secure access management to improve both security and frontline efficiency at scale.

Segment Resources:

Segment 1: Interview with Dave Lewis from 1Password

In this week's sponsored interview, we dive into the evolving security landscape around AI agents, where we stand with AI agent adoption. We also touch on topics such as securing credentials in browser workflows and why identity is foundational to AI agent security.

This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more!

In this week's enterprise security news,

Segment 1: David Brauchler on AI attacks and stopping them

David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks.

NCC Group’s AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test...

Segment 1 - Interview with Dr. Anand Singh

We're always thrilled to have authors join us to discuss their new book releases, and this week, it is Dr. Anand Singh. He seriously hustled to get his new book, Data Security in the Age of AI, out as soon as possible so that it could help folks dealing with securing AI rollouts right now! We'll discuss why he wrote it, how he got it done so quickly, and who needs to read it.

Segment Resources:

At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today’s AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks.

In this special Enterprise Security Weekly episode, we bring together insights from top experts:

How identity security can keep pace with the evolving threat landscape, with Brett Winterford

Today’s threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team’s most recent investigations, as well as recommendations for organizations looking to strengthen their defenses.

Segment Resources

Interview with Tod Beardsley

This interview is sponsored by runZero.

Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM.

Check out https://securityweekly.com/runzero to learn more!

Topic Segment: NPM Incidents

In this week’s topic segment, we’re discussing all the NPM supply chain attacks from the past 3 weeks.

I recently published a roundup of these incidents over on my Substack.

Weekly Enterprise News

Finally, in the enterprise security news,

Segment 1 - Interview with Jeff Pollard

Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security

For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best:

As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where...

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity’s most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue’s global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere.

Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as al...