The Security Strategist

Podcast series: The Security Strategist
Guest: Chip Witt, Principal Security Analyst at Radware
Host: Richard Stiennon, Chief Analyst Researcher at IT-Harvest
When attackers target modern enterprises, they don’t break in; they log in. This insight came from the recent episode of The Security Strategist Podcast, where host Richard Stiennon, a cybersecurity analyst and Chief Analyst Researcher at IT-Harvest, speaks to Chip Witt, Principal Security Analyst at Radware.
The conversation spotlights a critical issue faced by most enterprises – defending APIs as if they are just infrastructure while attackers exploit them as part of the business logic. That gap represents the real risk.
What’s the Core Misunderstanding with APIs?
As per Witt, enterprise teams often view APIs as technical plumbing instead of business products. Security programs focus on endpoints and authentication, believing that a locked front door means the house is safe.
However, the true risk lies deeper — in authorisation logic, identity sprawl, and how applications change over time. Modern development methods lead to constant API drift. New routes appear, fields change, and versions multiply. In many organisations, security leaders cannot confidently state which APIs are live in production. The uncertainty to many is theoretical, but in reality, it’s an operational risk.
Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS Challenges
How are Enterprises Shifting Towards Intent-Aware Protection?
As enterprises speed up their use of serverless architectures, microservices, and AI-driven applications, API sprawl intensifies. With sprawl, the security model cannot remain unchanged while the application structure evolves.
According to Witt, the future of API security must be intent-aware. Protection should assess whether a sequence of calls makes sense within its context for the user, system, or resource initiating them. Simply confirming identity is not enough; security also needs to validate behaviour.
Zero trust principles have reshaped strategies for networks and identities. APIs now require similar scrutiny—not just at the perimeter, but within the workflow itself.
APIs are no longer just back-end connectors; instead, they are now the visible surface of the enterprise. The most concerning attacks are not brute-force attempts. Most distressing attacks, in fact, are authenticated actions carried out with malicious intent.
Organisations that continuously track their APIs, enforce strict authorisation, and identify workflow misuse in real time can significantly reduce their risk of breaches. More importantly, they can align security with the business pace. In today’s digital economy, APIs are the product.
Takeaways
APIs are your primary business attack surface, not back-end infrastructure.
Most damaging API attacks use valid credentials and exploit weak authorisation.
Visibility gaps and API drift quietly expand your exposure over time.
Machine-to-machine identities often carry excessive, unmonitored privileges.
Runtime, intent-aware detection is now essential to stopping business logic abuse.

Chapters
00:00 Introduction to API Security
02:04 Understanding API Misconceptions
04:49 Current API Threat Landscape
06:43 Business Logic Abuse in APIs
09:11 Challenges in API Security
12:03 Runtime Protection and Intent Detection
13:40 Key Takeaways for IT Decision Makers

For more information, please visit em360tech.com and radware.com
Follow: @EM360Tech on YouTube, LinkedIn and X
Radware YT: @radware
Radware LinkedIn: https://www.linkedin.com/company/radware/
Radware X: @radware
#APISecurity #BusinessLogicAbuse #AuthenticatedAttacks #RuntimeProtection #IntentAwareSecurity #Radware #Cybersecurity2026 #OWASP #BusinessLogic #ZeroTrust #TechPodcast #EnterpriseSecurity #IntentAwareProtection #TheSecurityStrategist #Cybersecurity

In an era where enterprise data sprawls across cloud platforms, collaboration tools, and SaaS environments, CISOs are under constant pressure to reduce risk without becoming the department that slows everything down. That tension sits at the heart of a recent episode of the Security Strategist, where host Jonathan Care speaks with Ariel Zamir, founder and CEO of Ray Security, about what pragmatic, modern data security actually looks like.
Their conversation cuts through the noise around cybersecurity tools and frameworks and focuses instead on how CISOs can think differently about enterprise data, risk management, and control.
Understanding Enterprise Data Risk Starts With Reality
One of the most grounded points Zamir makes is also the simplest, and that is, most enterprise data is not being used. At any given time, around 98 per cent of enterprise data sits dormant. From a data security perspective, that should immediately raise questions. Why is data that no one needs today exposed in the same way as data actively driving the business?
For CISOs, this reframes the challenge. Instead of trying to secure all data equally, the priority becomes understanding which data is actually accessed, by whom, and when. This shift matters because risk does not come from volume alone, but from unnecessary exposure. Dormant data with overly broad access control is often invisible to the business, yet highly visible to attackers.
By grounding cybersecurity decisions in how data is really used, security teams can reduce enterprise data risk without introducing friction for employees who are simply trying to do their jobs.
Permission Hygiene, Access Control, and Dynamic Security
A recurring theme in the discussion is permission hygiene. Over time, access rights accumulate. People change roles, projects end, contractors leave, but permissions rarely get cleaned up. The result is an expanding attack surface that no amount of policy documentation can realistically govern.
Zamir argues that improving permission hygiene and access monitoring should come before heavy data classification initiatives. Tightening access control, understanding access patterns, and removing unnecessary permissions can dramatically reduce risk with relatively low operational impact.
Crucially, this does not mean locking everything down. Dynamic controls play a key role here. Instead of blocking access by default, organisations can monitor for unusual behaviour and respond in context. Alerts, step-up verification, or temporary restrictions allow security teams to manage risk while preserving user experience. From a business perspective, this approach aligns far better with how work actually happens.
This is also where agentic AI and agentless monitoring enter the picture. As autonomous systems increasingly access data on behalf of users, traditional identity-based controls struggle to keep up. Agentless approaches help close coverage gaps without requiring intrusive deployments, while agentic AI introduces new questions about accountability and oversight that CISOs can no longer ignore.
Just-in-Time Classification and the Legal Implications of Automation
Traditional data classification has long been treated as a foundational security activity, but the podcast challenges that assumption. Classifying vast amounts of dormant data upfront is expensive, slow, and often disconnected from real risk. Instead, Zamir advocates for just-in-time classification, applying context only when data is accessed.
This approach supports more effective risk management while easing the burden on security teams. It also aligns better with regulatory expectations, where proportionality and intent increasingly matter.
However, automation and agentic AI introduce legal implications that CISOs must consider when developing their strategies. When autonomous agents access, move, or transform data, organisations need clarity on responsibility, auditability, and compliance. Dynamic controls and temporal insights into data access are not just technical safeguards; they are essential for demonstrating governance in an environment where human and machine actions intersect.
Taken together, the conversation highlights a more measured path forward. By focusing on how enterprise data is actually used, improving permission hygiene, and applying controls dynamically, CISOs can enhance data security without slowing down the business. It is less about adding more tools and more about making smarter, context-aware decisions in a landscape where risk is shaped by time, access, and intent.
For more information on this, visit: https://raysecurity.io/
Takeaways
Around 98 per cent of enterprise data sits idle, creating hidden security risks.
Focusing on data dormancy helps prioritise protection and reduce exposure.
Permission hygiene and dynamic controls reduce risk without slowing business workflows.
Just-in-time classification cuts overhead by securing data only when accessed.
Agentless monitoring and oversight of agentic AI improve coverage and accountability.
Legal and governance frameworks must evolve to handle autonomous data access.

Chapters
00:00 Introduction to Cybersecurity Challenges
01:38 Understanding Data Dormancy and Its Implications
05:10 Focusing on Critical Data for Security
08:21 The Importance of Permission Hygiene
10:53 Just-in-Time Classification for Data Security
12:28 Dynamic Controls for Business Needs
16:43 Agentless Monitoring and Coverage Gaps
19:32 Integrating Logs and APIs for Security
21:34 Future Trends in Cybersecurity

In an environment where cyber threats evolve faster than regulation, UK organisations are being asked to defend themselves with rules written for a different era. That tension sits at the centre of a recent episode of the Security Strategist, where host Trisha Pillay speaks with William Wright, Chief Executive Officer of Closed Door Security and Scotland’s first accredited (chartered) hacker. Their conversation moves beyond headlines and funding announcements to examine why, despite growing awareness and investment, both public and private sector organisations in the UK continue to be compromised.
The Biggest Cybersecurity Challenges Facing UK Organisations
As Wright explains, cybersecurity cannot be understood purely from policy documents or tooling dashboards. It has to be understood from the attacker’s point of view. From where he stands today, the UK cybersecurity landscape is marked by a growing gap between how organisations believe they are protected and how exposed they actually are.
One of the most persistent misconceptions Wright highlights is the belief that buying cybersecurity tools automatically makes an organisation secure. Too many businesses, he argues, rely on poorly implemented services or procure technology they don’t fully understand.
The result is a false sense of confidence. Organisations assume they are protected, but still fall victim to ransomware, business email compromise, and financial fraud. Often, the tools they’ve invested in are never properly tested, validated, or tuned to their environment.
Awareness is another issue. Despite constant media coverage of cyber attacks, cybersecurity is still not consistently treated as a board-level risk. When it remains a technical afterthought rather than an operational priority, organisations struggle to respond effectively when incidents occur.
Wright also challenges the idea of a simple “skills gap.” While much of the discussion focuses on a lack of junior talent, he argues the real problem sits at the top. Too many cybersecurity decisions are being made by individuals without deep, hands-on experience, particularly in senior or policy-shaping roles. This lack of expertise leads to misaligned strategies, both in organisations and in government.
The UK Government’s Cyber Action Plan
The UK government’s £210 million cyber action plan is, in Wright’s view, a welcome signal but not a solution. Any investment in cybersecurity is positive, yet the plan largely reflects practices the private sector has been using for years.
This creates a familiar pattern as the private sector absorbs the damage, while the public sector learns from it later. Economically, Wright argues, this approach is flawed. When businesses are repeatedly compromised, the impact extends far beyond individual organisations.
Legislation is another weak point. Cyber threats evolve daily, but laws move slowly. The Computer Misuse Act, for example, has not been meaningfully updated in over a decade. In a world of cloud computing, automation, and AI-driven attacks, this leaves the UK operating with outdated guardrails.
What Government Can Learn From Offensive Security
As the CEO of an offensive security firm, Wright sees the same pattern repeatedly that organisations are compromised using relatively unsophisticated methods. These are not advanced, state-of-the-art attacks. They are basic weaknesses that remain unaddressed. The problem, he suggests, is that policymakers are often advised by people who have never actively attacked real systems. This disconnect shows up in legislation and regulation that look sound on paper but fail in practice.
Other governments have taken a different approach. Bug bounty programmes, for example, allow ethical hackers to test government infrastructure and responsibly disclose vulnerabilities. These programmes force transparency and accountability. Despite this, the UK has been slow to adopt similar models.
Where Cyber Resilience Efforts Should Focus Next
Beyond legislation, Wright points to funding and enforcement as critical gaps. Many public sector organisations know where their risks are, but lack the budget to fix them. Meanwhile, regulatory bodies often lack the authority to enforce remediation.
Without both funding and enforcement, reports identifying serious vulnerabilities are filed away rather than acted upon. This cycle repeats until an attack forces emergency investment, which is often too late.
Emerging Threats Organisations Must Prepare For
Looking ahead, Wright identifies two major areas of concern. The first is the use of AI in cyber attacks. AI is not replacing attackers, but it is dramatically accelerating them. Tasks that once took hours can now be completed in minutes, shrinking the window for detection and response.
The second is technology supply chain risk. Attacks on widely used software tools can give attackers access to thousands of organisations at once. Past incidents involving widely trusted vendors show how devastating these compromises can be, particularly when they go unnoticed for long periods.
Despite the scale of the challenge, Wright’s advice is grounded and practical. Multi-factor authentication is non-negotiable. Organisations without MFA are, in his words, “sailing blind.”
He also urges businesses to validate their security investments. Spending heavily on defence while allocating minimal budget to testing is self-defeating. Security tools do not work perfectly out of the box, and penetration testing must go beyond surface-level assessments. Finally, Wright stresses the importance of depth. Black-box testing alone is not enough. Organisations need to assume breach scenarios and test how attackers move inside their environments, particularly through identity-based attacks such as phishing.
Takeaways
Cybersecurity is frequently mistaken for deploying tools, rather than managing risk.
Cyber risk must be treated as a board-level responsibility, not a technical afterthought.
The real cybersecurity skills gap exists at senior and decision-making levels.
Cyber legislation is largely reactive and struggles to keep pace with modern threats.
Bug bounty programmes can help governments identify weaknesses before attackers do.
Offensive security insight strengthens defensive strategy and decision-making.
Legacy systems can be secured when risks are properly understood and addressed.
AI is accelerating the scale and speed of cyber attacks, not replacing attackers.
Security investments must be validated through continuous testing and assurance.
Multi-factor authentication is a foundational requirement for modern cyber resilience.

Chapters
00:00 Introduction to Cybersecurity Landscape
02:56 William Wright's Journey in Cybersecurity
05:56 Current Cybersecurity Challenges in the UK
08:53 Evaluating the UK Government's Cyber Action Plan
12:03 The Impact of Legislation on Cybersecurity
15:01 Lessons from Offensive Security for Government
16:55 Notable Cybersecurity Breaches and Their Impacts
19:59 Future Focus: Improving Cyber Resilience
24:01 Emerging Cyber Threats: AI and Supply Chain Risks
27:48 Practical Advice for Organisations
31:05 Conclusion and Key Takeaways

In an era of accelerating digital change, understanding the tactics employed by modern attackers is crucial for organisations doing everything in their power to protect their sensitive information. In this episode of the Security Strategist podcast, host Richard Stiennon and Chester Wisniewski, Director, Global Field CISO of Sophos, examine the findings of the Active Adversary Report, compiled by Wisniewski and his team, shedding light on how cyber threats are changing and what security leaders can do to adapt their strategies.
Understanding the Active Adversary Report
The Active Adversary Report, compiled by Wisniewski’s team at Sophos, provides invaluable insights into the common pitfalls organisations face when responding to cyber incidents. With Chester's extensive experience in cybersecurity and incident response, the report aims to analyse real-world data from hundreds of incident responses across 50 countries. The report categorises incidents into two main groups: those who seek immediate help during a crisis and those who utilise managed detection and response services. By examining these cases, the report identifies key indicators that contribute to security breaches, offering organisations a roadmap to enhance their security posture.
The Focus on Identity Theft
One of the most startling revelations from the report is that nearly 70 per cent of incidents last year were linked to identity-related issues such as stolen passwords, session tokens, or phishing attacks. Chester explains that attackers are increasingly leveraging identity theft because it is often easier to log in as an authorised user than to break into a system. This trend underscores the importance of security teams to prioritise identity management as part of their overall strategy.
Wisniewski also emphasises that the ease of access through stolen credentials presents fewer telltale signs of unauthorised activity, making it harder for organisations to detect breaches. In the past, cybercriminals often exploited vulnerabilities in software like Flash and Java, but as security measures have improved, they have shifted their tactics toward the more vulnerable area of user identity. This shift indicates a pressing need for organisations to bolster their identity security protocols.
Balancing Vulnerability Management with Identity Security
As organisations work to strengthen their security measures, the challenge of balancing patch management with a focus on identity security. He points out that while patching vulnerabilities remains essential, many organisations face difficulties, particularly those with hybrid workforces. Unpatched VPN gateways and firewalls have become common entry points for attackers, making it critical for organisations to prioritise their patch management efforts based on exposure and the sensitivity of the data involved.
Wisniewski advocates for a more strategic approach to identity management, highlighting that the adoption of multifactor authentication (MFA) is still lacking across many organisations. He notes that many systems still rely on basic MFA methods, such as six-digit codes or push notifications, which do not provide adequate protection against sophisticated attacks. To truly enhance security, organisations must consider more robust identity verification methods and address the complexities introduced by non-human identities as well.
The Challenge of Non-Human Identities
In the current technological climate, non-human identities such as API keys present significant challenges for security teams. There have been recent incidents where API keys were exploited to gain unauthorised access to sensitive systems, pointing out that organisations must be vigilant in managing these non-human identities. As organisations adopt technologies like passkeys for human users, understanding and securing non-human identities is becoming increasingly important.
With cyber risks becoming more complex, organisations must adapt their security strategies to address these challenges effectively. Here are a few things businesses can do to protect themselves:
Prioritise identity security by implementing robust protocols and strategies to combat identity theft.
Balance patch management with a focus on securing critical assets and data.
Enhance multifactor authentication practices to ensure stronger protection against unauthorised access.
Develop a comprehensive understanding of non-human identities and implement measures to secure them.

By staying informed about the latest trends and insights in cybersecurity, organisations can better equip themselves to fend off the growing tide of cyber threats. For more information, visit https://www.sophos.com/
Takeaways
Nearly 70 per cent of incidents last year involved identity-related issues.
Attackers find it easier to log in as authorised users.
Patching and vulnerability management are challenging for organisations.
MFA adoption remains low despite its importance.
Most attacks occur outside of normal business hours.
Median incident response time is significantly reduced with MDR services.
Employees can act as early warning systems for security threats.
Focusing on basic cybersecurity practices is essential.
AI can help streamline data analysis in incident response.
AI is also being used to enhance phishing attacks.

Chapters
00:00 Introduction to Cybersecurity Challenges
02:57 Understanding the Active Adversary Report
05:55 The Shift Towards Identity-Based Attacks
08:48 Balancing Patching and Identity Management
12:04 Operational Challenges for CISOs
15:09 Leveraging Employee Awareness for Security
18:12 Practical Steps for CISOs to Strengthen Resilience
20:56 The Role of AI in Cybersecurity

Podcast series: The Security Strategist
Guest: Doug Merritt, Chairperson, CEO, and President of Aviatrix
Host: Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech
Cloud security now involves more than just protecting a single environment. As organisations grow across multiple clouds, integrate SaaS platforms, modernise applications, and deploy AI-driven workloads, the attack surface expands in complex ways that are hard to see and even harder to manage.
In the recent episode of The Security Strategist podcast, Doug Merritt, Chairperson, CEO, and President of Aviatrix, a cloud network security company, sits down with Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech. They discuss why gaps in cloud networking visibility are becoming one of the biggest security risks for businesses today.
The conversation also covers how cloud complexity has changed over time, why old security models struggle to keep up, and what practical steps leaders can take to lower exposure before attackers exploit hidden pathways.
Securing the World’s Digital Fabric
On a mission to secure “the world’s digital fabric,” Merritt spotlights the reasons explaining that organisations often perceive cybersecurity through “constructs and silos.” However, attackers see the entire landscape, which leads to a gap in the perspective.
Most enterprises started their cloud journey with lift-and-shift migrations, moving familiar applications from data centres to the cloud. Over time, these applications were modernised, broken into containerised services, and expanded with serverless functions, APIs, and third-party SaaS platforms.
Merritt notes that applications today often involve "10 to 15 different major components from start to finish," many of which exist across different clouds or outside direct organisational control.
This variety has brought speed and innovation, but it has also led to vastly different workload behaviours. Some workloads are long-lasting, others are temporary, and many can be accessed publicly.
According to the Aviatrix CEO, this "really powerful landscape" has resulted in "an incredibly powerful attack surface." Without consistent visibility and remediation across all workloads, attackers can find "which workloads have value and which workloads are unprotected" and move laterally until they reach critical assets.
AI adds additional challenges. While the technology seems new, he further emphasises that AI agents are still workloads with identities, operating at high speed and broad permission levels. They rely completely on network connectivity, making the network a crucial point for both visibility and control. In a hyper-connected environment, he argues, the network should be seen as a key security layer rather than just a transport system.
How to Prepare for the Next Wave of Cloud Threats
When asked what CIOs, CISOs, and cloud leaders should focus on next, Merritt alludes to a reality check. He urges leaders to choose a single complex application and ask their teams to identify every workload involved, every network path taken, and whether there is visibility into "every packet that goes into the workload and comes back out."
In most cases, he says, organisations find that they cannot do this. This gap reveals the first and most urgent issue: a lack of understanding of the environment itself. Without a clear map of workloads and communication paths, security teams operate with blind spots.
The Chairperson of Aviatrix insists that visibility must come before control. Once organisations understand their exposure, they can prioritise the "most dangerous communication pathways" and secure them. He warns that many large enterprises still have "thousands of workloads with direct internet connections and no filter in front," describing this exposure as "horrific," given how easily even less sophisticated attackers could exploit it.
He also points out that visibility and enforcement must be close to the workload. Centralised controls increase costs and latency, while distributed enforcement allows for faster response and containment. Ultimately, just observing traffic isn't enough; organisations need to be able to act.
Cloud security isn’t about adding more tools; it’s about changing perspective. By mapping workloads, understanding communication paths, and using the network as a consistent layer for visibility and enforcement, organisations can reduce lateral movement, limit blast radius, and prepare more effectively for the next generation of cloud threats.
Takeaways
Organisations need to focus on the uncovered attack surface.
The digital fabric includes diverse workloads across multiple clouds.
Visibility and remediation are critical in managing workloads.
The complexity of multi-cloud environments is increasing.
AI is accelerating the evolution of cloud security challenges.
Networking plays a pivotal role in security strategies.
Collaboration between security, networking, and cloud teams is essential.
Mapping workloads and communication pathways is crucial for security.
Organisations must prioritise securing high-risk workloads.
Understanding the shared responsibility model is vital for cloud security.

Chapters
00:00 Introduction to Cloud Security Challenges
03:03 Understanding the Digital Fabric
05:56 Navigating the Modern Attack Surface
08:46 Key Trends in Cloud Adoption
12:11 The Complexity of Multi-Cloud Environments
14:51 The Evolving Role of Networking in Security
17:58 Bridging the Gap Between Teams
21:02 Real-World Solutions and Case Studies
23:53 Preparing for Future Threats
29:09 Final Thoughts and Key Takeaways

#CloudSecurity #MultiCloud #CloudNetworking #Aviatrix #CISO #AttackSurface #CloudThreats #EnterpriseSecurity #TechPodcast #SecurityStrategist #DigitalFabric #AIinSecurity #WorkloadSecurity
For more information, visit aviatrix.ai and em360tech.com.
Follow: @EM360Tech on YouTube, LinkedIn and X
Aviatrix YT: @AviatrixSystems
Aviatrix LinkedIn: https://www.linkedin.com/company/aviatrix-systems/