Enterprise Security Weekly (Audio)

• The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413

  Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security. This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them! Topic Segment: Is AI taking our jerbs or not? I listened to most of a debate between Marcus Hutchins and Daniel Miessler over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared. Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole. Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage? Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question. The Enterprise News In this week's enterprise security news, Not much interesting funding to discuss Securonix acquires ThreatQuotient Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something) Yet another free vulnerability database ChatGPT can now clandestinely record meetings Threat detection resources a VERY expensive Zoom call (for the victim) Should we stop using SOC2s? Should we give up on least privilege? How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-413

  --------  

  1:52:05

  --------

  1:52:05
• Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - David Lee, Amit Masand, Chip Hughes, Ashley Stevenson, John Pritchard, Matt Caulfield - ESW #412

  In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We’ll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you’ll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-412

  --------  

  1:38:23

  --------

  1:38:23
• Insider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Rob Allen, Matthew Warner, Yotam Segev - ESW #411

  Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry’s first AI native,unified Data Security Platform. Yotam Segev, Cyera’s CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera’s skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company’s latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it’s a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew’s vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we’re building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

  --------  

  1:19:04

  --------

  1:19:04
• The enterprise security news, more secure by removing credentials, & RSAC interviews - Marty Momdjian, Amit Saha, Dr. Tina Srivastava - ESW #410

  Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn’t store credentials anymore? We explore Badge’s innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis’ new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-410

  --------  

  1:38:02

  --------

  1:38:02
• Building Cyber Resilience: AI Threats, Mid-Market Risks & Ransomware Trends - Karl Van den Bergh, Tony Anscombe, Eyal Benishti, Nick Carroll, Chad Alessi, Chris Peluso - ESW #409

  Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what’s keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today’s threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-409

  --------  

  1:38:33

  --------

  1:38:33

More Education podcasts

Trending Education podcasts

About Enterprise Security Weekly (Audio)

Enterprise Security Weekly (Audio): Podcasts in Family