Enterprise Security Weekly (Audio)

Segment 1: We cover the weekly enterprise news!
Segment 2: RSAC interviews from ArmorCode and Filigran
ArmorCode: AI Exposure Management and Governing Shadow AI
AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer workflows, agents and MCP servers, security leaders must enable innovation without losing control over risk, accountability and oversight. In this segment, ArmorCode will discuss its new AI Exposure Management (AIEM) solution, as part of the ArmorCode Agentic AI Platform. ArmorCode will highlight how AIEM gives enterprises clearer visibility into where AI is being used, who owns it and the potential risks it introduces across heterogeneous environments. By turning AI usage and signals from existing security and IT systems into governed, auditable outcomes, AIEM helps organizations reduce shadow AI risk, assign accountability and accelerate AI adoption with stronger control and board-ready governance. ArmorCode will also share findings from its new 2026 State of AI Risk Management report, developed in partnership with The Purple Book Community and based on responses from more than 650 enterprise security leaders. The discussion will connect ArmorCode's latest product innovation to the broader industry need for scalable, enterprise-ready AI risk governance.
ArmorCode AI Exposure Management is available now as a solution deployed on the ArmorCode Agentic AI Platform. To learn more, visit https://securityweekly.com/armorcodersac.
Beyond IOCs: A Framework for High-Impact Cyber Threat Intelligence
In a time where the ability to turn intelligence into decisive action is a true competitive advantage, organizations must move beyond reactive alert triage to a proactive, threat-informed defense. This segment explores how unifying threat intelligence with adversarial attack simulation enables a Continuous Threat Exposure Management (CTEM) framework that replaces hype with measurable outcomes. We will discuss why these are no longer just technical security conversations, but critical business strategies that provide the board and C-suite with the clarity and confidence to reduce risk and focus resources where they matter most.
This segment is sponsored by Filigran. Visit https://securityweekly.com/filigranrsac to learn more about them!
Segment 3: RSAC interviews with Sekioa and Fortra
Agentic AI: Don't Make Your SOC Faster at Being Wrong
Adding AI agents to an unprepared SOC doesn't make it smarter; it just makes it "faster at being wrong." Georges Bossert challenges the industry hype to explain why true autonomy relies on reliable context and structured runbooks, not just prompts. He will discuss how to build the necessary foundations to automate rapidly without losing control.
This segment is sponsored by Sekoia.io. Visit https://securityweekly.com/sekoiarsac to discover their AI SOC Platform!
Scripted Sparrow: A Prolific BEC Group
In December, Fortra Intelligence and Research Experts (FIRE) released a major report exposing Scripted Sparrow, one of the most active Business Email Compromise (BEC) collectives operating today. The group sends an estimated 6 million highly targeted scam emails each month, impersonating executive coaching firms and leveraging spoofed reply chains, missing attachment lures, and evolving multilingual campaigns. FIRE's investigation links the collective to 119 domains, 245 webmail accounts, and 256 bank accounts, with members operating across three continents and continually refining their fraud techniques at scale.
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-454

Interview with Brian Oh from FIS Global
Merchant-Specific Tokenization: Making Embedded Finance More Fraud-Resistant
Payment fraud has not gone away. It has evolved into a largely social engineering-driven problem that increasingly lands on security leaders' desks. In this episode, Brian Oh from FIS Global explains how merchant-specific tokenization and virtual cards work, why embedded finance raises the stakes, and how approaches like behavioral biometrics and tokenized payments can reduce fraud while keeping checkout experiences fast and seamless.
Segment Resources:
FIS Global - The Future of Embedded Finance
PYMNTS Article - FDIC Support Clears a Path for Tokenized Deposits to Scale
FIS Global Blog - How behavioral biometrics are leading the way in secure banking and fraud defense for Digital One™ Flex clients
FIS Global Blog - Inside Flex's Advanced Fraud Defense: What Tech Leaders Need to Know
Interviews with Mickey Bresman from Semperis and Ashish Jain from OneSpan
The Making of Midnight in the War Room
Semperis is producing Midnight in the War Room, a full length feature film on cyberwar and CISO heroism and their work defending their companies against the onslaught of cyberattacks. Midnight in the War Room puts a human face on the front lines of cyber defense and will reveal the weight carried by defenders every day and why resilience must be built not only into systems, but into people and institutions.
This segment is sponsored by Semperis! Visit https://securityweekly.com/semperisrsac to learn more.
Why Passkeys Are Ready for Prime Time in Modern Banking
Authentication has long required an uneasy tradeoff between strong security and smooth user experience. This interview segment explores why passkeys are ready now for even the highest risk banking use cases, why banks should be moving quickly to adopt them, and how OneSpan delivers the most complete, secure, and enterprise ready passkey solution on the market.
This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!
Interviews with Jimmy White from F5 and Thyaga Vasudevan from SkyHigh Security
Securing AI Agents: Managing Runtime Risk in Enterprise AI Systems
As organizations deploy AI agents and automated workflows, security challenges are increasingly emerging once these systems interact with APIs, enterprise data, and business processes in production.
For more information about F5, please visit https://securityweekly.com/f5rsac.
AI's Security Inflection Point: Hybrid, Browser Security, and Data Compliance
The rapid adoption of AI applications is reshaping enterprise security architectures. As organizations integrate AI copilots, agentic workflows, and cloud-native platforms, traditional network-centric security models are proving insufficient.
This segment is sponsored by Skyhigh Security. Visit https://securityweekly.com/skyhighrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-453

Interview with Helen Patton about her new book, Switching to Cyber
Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career.
Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career:
on Amazon
on Barnes & Noble
and on the publisher's website
Interview with Lenny Zeltzer: Reflections on Being a CISO
After a cybersecurity career in various roles, doing everything from product management to malware analysis training, Lenny spent 6 years in the CISO seat at Axonius, from near the inception of the company through its growth from its modest Series A stage in 2019 to the present, with nearly a billion in funding today.
Lenny's CISO Essays:
What Being a CISO Taught Me About Security Leadership
As a CISO, Are You a Builder, Fixer, or Scale Operator?
The Chief Insecurity Officer
Interview with Alexandre Sieira: The state of TPCRM is shifting
The gold standard for third party cyber risk management has long been the humble questionnaire. While we've seen security rating services companies generate scores by scanning a company's external resources. Both approaches are widely considered inaccurate for either creating trust relationships or determining the true risk of doing business with a third party.
Every analysis of this problem comes to the same conclusion: without internal data about the state of systems and the security program, TPCRM can't improve substantially. Most this believe this to be an impossible problem: third parties would never share data this sensitive with a customer and first parties assume the same.
What if they did?
That's exactly the premise behind Tenchi Security, and Alexandre joins us to talk about how they've accomplished the 'impossible' in Brazil and aim to expand their success to the US.
Resources:
Thoughts from a panel discussion at a recent FS-ISAC event, shared on LinkedIn
Predicts 2026: Third-Party Cybersecurity Risk Management Evolves for the AI Era (Gartner Subscribers only, sorry)
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-452

Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks.
Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses.
Interview with Mike Privette - The State of the Cybersecurity Market
Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check.
In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report.
Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy!
Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these!
Weekly Enterprise News
Finally, in the enterprise security news,
funding announcements seem to be ramping up before RSA
Should security architects be shifting right?
How McKinsley's AI platform got hacked… by AI
Amazon is having a bad time with AI lately
Europe announces a Google Workspace/Microsoft 365 replacement
Robot dogs are apparently guarding datacenters now
Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-451

Interview with Jeremy Snyder from FireTail about AI Governance
Death by a thousand cuts: the AI shadow IT problem
I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going.
Segment 1 Resources:
https://www.firetail.ai/ai-breach-tracker
Interview with Allie Mellen about her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield
We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran.
Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out!
Pick up the book!
from Wiley
from Barnes & Noble
from Amazon
Allie's personal website
The Weekly Enterprise News
Finally, in the enterprise security news,
Vibes and funding!
Starting to see some disruption in the vuln mgmt space (finally!)
Tons of new free tools
lots of essays
lots of reports
logs of breaches
the talks our hosts are giving at RSAC conference
and someone is selling an actual cone of silence???
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-450