The Security Strategist

Keeping your organisation’s systems secure can feel like an endless battle. Patch management and vulnerability mitigation are often seen as tedious tasks, but they form the backbone of effective cybersecurity. In this episode of the Security Strategist podcast, host Richard Stiennon and Mike Walters, co-founder of Action1, break down why patching remains challenging and share practical strategies to make the process simpler, smarter, and more effective.
Patch Management Remains a Challenge
Patch management has been a concern since the earliest days of computing, dating back to mainframes and early PCs. Despite technological advances, it remains a "busy work" task that many IT teams find overwhelming.
So what makes patching so hard today? One of the main reasons patching is still so difficult is the constant evolution of IT ecosystems. As Walters explains, "The biggest challenge is the ever-evolving nature of software with different applications, sources, and methodologies."
Operating systems, third-party apps, and custom configurations all require tailored approaches for updates and patches, making uniform processes impossible. Large organisations often have hundreds or thousands of devices, each running different software versions requiring specific patches and testing before deployment. The COVID-19 pandemic has dramatically shifted traditional patching strategies. Pre-pandemic, enterprises could rely on corporate networks and distribution points for patches. Now, a dispersed workforce, VPNs, and hybrid cloud architectures have made remote patching more complex.
As Walters notes, "Remote endpoints become a big challenge. You need network-agnostic solutions that work regardless of whether a device is connected to the corporate network or a coffee shop." Connection issues, bandwidth limitations, and endpoint diversity all impact security teams' ability to apply patches swiftly.
Innovative Solutions for Streamlining Patch Management
To address these challenges, organisations are moving towards more intelligent and automated patching strategies. As Walters puts it, the starting point is simple: automation. By removing repetitive manual tasks, teams reduce the risk of human error and create space to focus on higher-value security work. Done properly, automation allows for scheduled updates, controlled testing, and the ability to roll back quickly if something goes wrong.
At the same time, how patches are delivered matters just as much as when. Large updates can put significant strain on networks if pushed out all at once, which is why approaches like peer-to-peer distribution are gaining traction. By allowing endpoints to share updates locally, organisations can reduce bandwidth pressure and avoid bottlenecks. Flexible “catch-up” windows also ensure that devices which miss an update cycle can still be brought into compliance without disrupting operations.
Modern environments are also driving a shift towards cloud-native, agent-based architectures. Instead of relying on a fixed network or VPN, these agents connect directly to cloud services, allowing patches to be deployed consistently across remote, mobile, and distributed devices. This approach reflects the reality of how people work today, where endpoints are no longer confined to a single network.
Finally, effective patching is as much about control as it is about speed. Progressive rollouts—testing updates on a small group before expanding—help organisations avoid widespread disruption. By identifying issues early and isolating them quickly, teams can maintain stability while still ensuring that critical vulnerabilities are addressed without delay.
Action1’s Unique Approach
Action1’s innovative model offers 200 free endpoints forever with no feature limitations, facilitating all sizes and types of organisations to implement effective patching solutions. By removing entry barriers, Action1 enables organisations to test, scale, and secure their patches more affordably.
As Walters shares, "Offering free endpoints helps small IT teams get started, and as they grow, they stay with the platform."This approach promotes widespread adoption, accelerates security improvements, and creates a community of organisations committed to better vulnerability management.
As cybersecurity environments become more complex and distributed, patching will remain a critical task—if not the critical task—of your security strategy.
If you would like to find out more, visit: https://www.action1.com/
Takeaways
The history and persistent nature of patch management issues
How remote and hybrid work models impact patching strategies
The importance of network-agnostic, agent-based patching solutions
How to leverage automation and orchestration to reduce IT workload
Peer-to-peer distribution to optimise bandwidth during large-scale updates
Developing a phased, ring-based approach to patch deployment
Real-world challenges of patching high-availability systems and remote endpoints
Action1’s unique offer of 200 free endpoints without feature limitations
The significance of thinking like an attacker to anticipate vulnerabilities

Chapters:
00:40 - Mike Walters’ background and company journey
02:00 - Why patching remains a complex, evolving task
04:35 - The need for specialisation and solving patching for good
05:11 - Why patch management feels like busy work and its inherent difficulties
06:44 - Lessons from early vulnerability management experiences
09:38 - Handling patching challenges for remote and mobile users
10:15 - The implementation of agent deployment and catch-up windows
12:22 - Innovative bandwidth management using peer-to-peer distribution
14:55 - The value of automation and trust in large-scale environments
16:50 - Utilising update rings for safer, staged patch deployment
17:45 - Prioritising patching for zero-day vulnerabilities and rapid response
18:43 - Action1’s free tier for small IT environments supporting smaller organisations
21:35 - Practical insights for IT leaders: automation, application patching, and attacker mindset
24:53 - Closing thoughts: automation and proactive attack thinking

The way organizations access and use enterprise data has fundamentally changed. Knowledge workers now operate in browser-based environments, relying heavily on SaaS applications and increasingly experimenting with AI-powered tools to boost productivity.
In the Security Strategist podcast, Chris Steffen, Vice President of Research at Enterprise Management Associates (EMA), spoke with Michael Leland, Field Chief Technology Officer at Island, about the growing cybersecurity challenges associated with browsers, SaaS platforms and AI tools and how organizations can adapt their enterprise security strategies.
While this shift has accelerated innovation, it has also introduced new cybersecurity risks. Sensitive information now flows through consumer browsers, AI assistants, browser extensions and cloud platforms; often outside the visibility of traditional security controls. As a result, enterprise security teams must rethink how they approach data protection, governance and access control in a browser-driven workplace.
Why Browser-Based Workflows Are Creating New Enterprise Security Risks
Enterprise security models were historically built around network perimeters, firewalls and on-premise infrastructure. Today, however, most work happens inside web browsers, where employees interact with SaaS platforms, cloud storage systems and AI tools.
According to Leland, this shift has significantly expanded the attack surface.
“The majority of knowledge workers are accessing business applications primarily via the web, whether it’s a SaaS application or a web front end to a legacy application. But they’ve been doing so in a consumer browser,” he explains.
Consumer-grade browsers were designed for convenience and personal use, not enterprise security. As a result, they often introduce vulnerabilities that can expose sensitive corporate data.
Traditional enterprise controls such as VPNs, secure web gateways and zero trust architectures attempt to mitigate these risks. However, these tools frequently operate outside the browser itself, leaving gaps in visibility and control.
The challenge becomes even more complex when browser extensions are added to the mix. Many extensions request extensive permissions and can access sensitive information inside SaaS applications.
“In the last 18 months, almost 40 per cent of browser extensions published have something to do with AI. Some offer real productivity gains, but the provenance of many of these tools is questionable,” Leland notes.
This growing ecosystem of extensions and cloud tools has created a new security frontier where enterprise data protection must operate directly at the user interaction layer.
How AI Sprawl Is Complicating Data Governance
Alongside browser-driven workflows, organizations are also dealing with a rapid surge in AI adoption. From tools like ChatGPT and Copilot to embedded AI features inside SaaS platforms, AI is becoming a standard part of the modern workplace.
However, this rapid adoption is also creating a phenomenon known as AI sprawl. Knowledge workers increasingly select their own AI tools based on preference or convenience, leading to a patchwork of unsanctioned platforms operating across the enterprise.
“Each knowledge worker may have their own AI tool of choice. So the whole BYO AI—bring your own AI—trend is becoming very real,” says Leland.
While these tools can deliver productivity gains, they also create serious data governance risks. Many AI platforms process prompts and inputs in external cloud environments, meaning that sensitive information could be inadvertently shared or stored outside company-controlled systems. Even seemingly harmless productivity tools may capture user data.
Why Visibility and Data Boundaries Are Critical for Protecting Enterprise Data
With browser usage and AI adoption accelerating, many cybersecurity teams are shifting their focus toward controlling data at the point of interaction rather than relying solely on network-based controls.
One emerging concept is the use of data boundaries—defined environments where organizations can control how sensitive information moves between applications.
A data boundary acts as a secure enclave that determines which applications are trusted and what data can flow between them.
“If you trust application A and application B, you might allow data to move freely between them,” Leland explains. “But you still enforce guardrails that prevent data from leaving that boundary.”
This approach allows organizations to balance security and productivity, an increasingly important consideration as knowledge workers rely on multiple SaaS platforms and AI assistants to complete daily tasks.
Another critical component of modern enterprise security is visibility. Security leaders cannot govern AI tools or protect sensitive data if they do not understand how employees are using them. As enterprises continue to embrace cloud applications and AI tools, protecting sensitive data will require a shift in cybersecurity thinking.
If you would like to find out more, visit island.io
Takeaways:
Establish a secure data boundary to control data flow between trusted applications.
Utilize AI to automate data protection and enhance real-time monitoring.
Foster a culture of security awareness among employees to strengthen your organization’s security posture.

Chapters
00:00 Introduction to Cybersecurity and AI
03:07 The Evolution of Browsers for Knowledge Workers
06:03 Challenges in Enterprise Security
09:04 Balancing Data Protection and Productivity
11:48 Navigating AI Risks in the Workplace
14:59 Understanding AI Sprawl and Governance
17:50 The Role of Presentation Layer in Data Protection
21:10 Real-World Applications in Financial Services
23:57 Final Thoughts on Securing Knowledge Workers

Keeping your organisation’s systems secure can feel like an endless battle. Patch management and vulnerability mitigation are often seen as tedious tasks, but they form the backbone of effective cybersecurity. In this episode of the Security Strategist podcast, host Richard Stiennon and Mike Walters, co-founder of Action1, break down why patching remains challenging and share practical strategies to make the process simpler, smarter, and more effective.
Patch Management Remains a Challenge
Patch management has been a concern since the earliest days of computing, dating back to mainframes and early PCs. Despite technological advances, it remains a "busy work" task that many IT teams find overwhelming.
So what makes patching so hard today? One of the main reasons patching is still so difficult is the constant evolution of IT ecosystems. As Walters explains, "The biggest challenge is the ever-evolving nature of software with different applications, sources, and methodologies."
Operating systems, third-party apps, and custom configurations all require tailored approaches for updates and patches, making uniform processes impossible. Large organisations often have hundreds or thousands of devices, each running different software versions requiring specific patches and testing before deployment. The COVID-19 pandemic has dramatically shifted traditional patching strategies. Pre-pandemic, enterprises could rely on corporate networks and distribution points for patches. Now, a dispersed workforce, VPNs, and hybrid cloud architectures have made remote patching more complex.
As Walters notes, "Remote endpoints become a big challenge. You need network-agnostic solutions that work regardless of whether a device is connected to the corporate network or a coffee shop." Connection issues, bandwidth limitations, and endpoint diversity all impact security teams' ability to apply patches swiftly.
Innovative Solutions for Streamlining Patch Management
To address these challenges, organisations are moving towards more intelligent and automated patching strategies. As Walters puts it, the starting point is simple: automation. By removing repetitive manual tasks, teams reduce the risk of human error and create space to focus on higher-value security work. Done properly, automation allows for scheduled updates, controlled testing, and the ability to roll back quickly if something goes wrong.
At the same time, how patches are delivered matters just as much as when. Large updates can put significant strain on networks if pushed out all at once, which is why approaches like peer-to-peer distribution are gaining traction. By allowing endpoints to share updates locally, organisations can reduce bandwidth pressure and avoid bottlenecks. Flexible “catch-up” windows also ensure that devices which miss an update cycle can still be brought into compliance without disrupting operations.
Modern environments are also driving a shift towards cloud-native, agent-based architectures. Instead of relying on a fixed network or VPN, these agents connect directly to cloud services, allowing patches to be deployed consistently across remote, mobile, and distributed devices. This approach reflects the reality of how people work today, where endpoints are no longer confined to a single network.
Finally, effective patching is as much about control as it is about speed. Progressive rollouts—testing updates on a small group before expanding—help organisations avoid widespread disruption. By identifying issues early and isolating them quickly, teams can maintain stability while still ensuring that critical vulnerabilities are addressed without delay.
Action1’s Unique Approach
Action1’s innovative model offers 200 free endpoints forever with no feature limitations, facilitating all sizes and types of organisations to implement effective patching solutions. By removing entry barriers, Action1 enables organisations to test, scale, and secure their patches more affordably.
As Walters shares, "Offering free endpoints helps small IT teams get started, and as they grow, they stay with the platform."This approach promotes widespread adoption, accelerates security improvements, and creates a community of organisations committed to better vulnerability management.
As cybersecurity environments become more complex and distributed, patching will remain a critical task—if not the critical task—of your security strategy.
If you would like to find out more, visit: https://www.action1.com/
Takeaways
The history and persistent nature of patch management issues
How remote and hybrid work models impact patching strategies
The importance of network-agnostic, agent-based patching solutions
How to leverage automation and orchestration to reduce IT workload
Peer-to-peer distribution to optimise bandwidth during large-scale updates
Developing a phased, ring-based approach to patch deployment
Real-world challenges of patching high-availability systems and remote endpoints
Action1’s unique offer of 200 free endpoints without feature limitations
The significance of thinking like an attacker to anticipate vulnerabilities

Chapters:
00:40 - Mike Walters’ background and company journey
02:00 - Why patching remains a complex, evolving task
04:35 - The need for specialisation and solving patching for good
05:11 - Why patch management feels like busy work and its inherent difficulties
06:44 - Lessons from early vulnerability management experiences
09:38 - Handling patching challenges for remote and mobile users
10:15 - The implementation of agent deployment and catch-up windows
12:22 - Innovative bandwidth management using peer-to-peer distribution
14:55 - The value of automation and trust in large-scale environments
16:50 - Utilising update rings for safer, staged patch deployment
17:45 - Prioritising patching for zero-day vulnerabilities and rapid response
18:43 - Action1’s free tier for small IT environments supporting smaller organisations
21:35 - Practical insights for IT leaders: automation, application patching, and attacker mindset
24:53 - Closing thoughts: automation and proactive attack thinking

Podcast Series: The Security Strategist
Host: Richard Stiennon, Chief Research Analyst at IT-Harvest
Guest: Dr Chris Pierson, Founder and CEO of BlackCloak
There has always been a boundary in the enterprise technology corporate network. However, that boundary has been fading for a while, and now it may have completely vanished.
In the recent conversation on The Security Strategist podcast, cybersecurity expert Dr Chris Pierson, also the Founder and CEO of BlackCloak, joined host Richard Stiennon, Chief Research Analyst at IT-Harvest.
The BlackCloak CEO presented a reality that many CISOs are only now facing. The most critical vulnerabilities in an enterprise may lie far beyond corporate control, embedded in the personal lives of its leadership.
Why Attackers are After Soft Targets?
Pierson explains that attackers are no longer focused on directly breaching secure enterprise systems. Instead, they are targeting individuals with the highest levels of access in a more effective way.
Executives and board members have always been appealing targets, but the strategies have changed. Personal email accounts, home Wi-Fi networks, and even family members are now part of the attack surface. These environments generally lack the layered defences of corporate infrastructure, making them easier to exploit.
The stakes are high. A compromised home network or personal device can quickly provide access to enterprise systems. Even simple attacks, such as text messages pretending to be from a CEO, can work when aimed at those outside formal security measures.
What makes this trend especially dangerous is its subtlety. These attacks rarely look like the major breaches that make the news. Instead, they happen quietly, taking advantage of everyday behaviours in settings that were never meant to withstand sophisticated threats.
Also Watch: How Do Attackers Exploit Executives’ Personal Lives to Breach Companies?
Why Privacy Measures Aren’t Enough
In response, many enterprises have implemented privacy-focused solutions to reduce the digital footprint of executives by removing personal data from broker sites. This is a logical first step, but as Pierson points out, it only offers partial protection.
Today, personal data isn’t limited to a single source. It is constantly collected, sold, leaked, and reshuffled across many channels. Even when successfully removed from one platform, it often reappears elsewhere—sometimes accidentally, through everyday activities like online shopping or registration for accounts.
More importantly, cutting down visibility does little to tackle active threats. An attacker doesn’t need complete information to succeed; they just need enough.
This creates a misleading sense of progress for security leaders. Privacy efforts may reduce the attack surface, but they don’t eliminate the underlying risks. Without additional layers of protection, executives remain vulnerable in environments where attackers increasingly target them.
Also Read: Deepfakes, Data Brokers, and Home Networks: The Executive Threat Landscape CISOs Can’t Ignore in 2026
What is the New Layer of Enterprise Security?
What is developing is not merely an extension of existing cybersecurity practices but a new discipline. It’s an approach that treats executives as a critical, high-risk perimeter on their own.
The CEO of BlackCloak describes this as a more comprehensive protection model that covers all aspects of an executive’s digital life. It goes beyond corporate endpoints to include personal devices, home networks, and the wider ecosystem where executives and their families live.
Enterprise security can no longer focus solely on corporate assets. The home network, personal devices, and even the family environment are now part of the overall risk landscape. At the same time, the line between cyber and physical threats continues to blur, increasing the stakes further.
For IT leaders in enterprise technology, the question is no longer whether these risks exist but how they are being managed. As attackers continue to adapt, the path into the enterprise is not through the front door but through the people who have the keys and everything that surrounds them.
Key Takeaways
Executives are the new cybersecurity perimeter and top attack targets.
Personal devices and home networks increase enterprise cyber risk.
Data broker removal alone cannot protect executive privacy.
Digital executive protection requires multi-layered security solutions.
Cybersecurity strategies must address physical and cyber threat convergence.

Chapters
00:00 Introduction to Cybersecurity Challenges for Executives
01:02 Understanding Executive Risk and Attack Surfaces
06:31 The Role of Data Brokers in Cybersecurity
10:13 Home Networks as New Battlegrounds
13:00 Comprehensive Digital Executive Protection Strategies
18:40 The Importance of Outsourcing Executive Protection

For more information, please visit em360tech.com and blackcloak.io.
EM360Tech YouTube: @enterprisemanagement360
EM360Tech LinkedIn: @EM360Tech
EM360Tech X: @EM360Tech
Follow: @EM360Tech on YouTube, LinkedIn and X
BlackCloak YT: @blackcloakcyber
LinkedIn: @BLACKCLOAK
BlackCloak X: @BlackCloakCyber
#ExecutiveCybersecurity #DigitalExecutiveProtection #CyberRisk #BlackCloak #CISO #HomeNetworkSecurity #Cybersecurity #ExecutiveRisk #CorporateBreaches #CyberStrategy #CEORisk #HomeNetwork #PersonalLives #AttackSurface #DataBrokers #CyberThreats #PhysicalThreats #TheSecurityStrategist #DrChrisPierson #RichardStiennon #EM360Tech #SecurityStrategy #CorporateSecurity #AccountTakeover #SoftTargets #HomeWiFiBreach

There is a moment in every investigation where time becomes the deciding factor.
Not capability, not intent, but time. In modern counter-terrorism, that moment arrives faster than ever because the evidence is no longer waiting to be found. It already exists, scattered across devices, platforms, and networks, growing silently in volume.
The question is no longer whether the data is there. It’s whether it can be understood quickly enough to matter.
In this episode of Security Strategist, EM360Tech host Trisha Pillay and Chris Johnson, CEO of Cyacomb, explore how digital evidence is reshaping counter-terrorism and why the real challenge isn’t access to information, but the ability to act on it without crossing the line into overreach.
Why Digital Evidence Is Reshaping Counter-Terrorism
Digital evidence has become central to modern counter-terrorism investigations. From mobile devices and encrypted messaging platforms to online communities, nearly every case now involves large-scale digital analysis. The challenge is not access, it’s volume and complexity.
A single device can hold vast amounts of data, and across thousands of investigations, this creates significant backlogs. Investigators must sift through irrelevant, fragmented, and often encrypted information to identify credible threats.
At the same time, the threat landscape is changing drastically. Terrorist networks are more decentralised, digitally enabled, and adaptive in how they communicate. This forces law enforcement to rethink how investigations are conducted basically shifting toward digital forensics, data analysis, and real-time intelligence gathering. As Johnson highlights, the ability to deal with data quickly is not new, but the scale of the problem has changed dramatically.
Managing Data, Risk and Operational Pressure
Speed sits at the centre of modern counter-terrorism operations, where even minor delays in analysing digital evidence can result in missed warning signs or postponed intervention. The increasing speed is far from straightforward. Investigators must contend with vast volumes of data spread across multiple devices, alongside a growing diversity of formats and platforms that complicate analysis.
Layered on top of this are manual processes that slow case progression and persistent operational backlogs that delay access to critical insights. The result is a bottleneck in which time-sensitive intelligence risks being lost in a sea of noise. In response, organisations are turning to advanced digital forensics tools and automation to streamline workflows, prioritise relevant data, and reduce the burden of manual investigation. However, efficiency alone does not solve the problem. Accelerating processes without robust controls introduces new risks, particularly when handling sensitive personal data, where speed must be carefully balanced with accuracy, oversight, and compliance.
Privacy and Security with AI in Digital Investigations
Artificial intelligence is becoming an increasingly significant tool in digital forensics and counter-terrorism investigations, largely due to its ability to process data at scale, identify patterns, and rapidly surface relevant insights. This capability enables faster identification of high-risk material, more informed decision-making during investigations, and a reduced dependence on manual data review, which has traditionally been time-consuming and resource-intensive.
However, the integration of AI into law enforcement also introduces important ethical and legal challenges that cannot be overlooked. Counter-terrorism operations must remain firmly within established frameworks that safeguard privacy and civil liberties, as failing to do so risks undermining public trust in both the technology and the institutions that deploy it. In response, privacy-assured AI and specialist investigative tools are emerging, designed to minimise exposure to irrelevant personal data, concentrate only on content linked to potential threats, and support transparent, compliant investigative processes. As Johnson notes, while AI has a clear and valuable role in modern law enforcement, its effectiveness ultimately depends on the responsibility and governance with which it is implemented.
The Future of Counter-Terrorism
The next phase of counter-terrorism will be defined by the ability to turn data into actionable intelligence quickly and responsibly.
This means:
Reducing investigative backlogs;
Integrating AI into core workflows;
Improving collaboration across systems and teams;
Embedding privacy into the design of investigative technologies.

Digital evidence will only continue to grow. The organisations that succeed will be those that can navigate the intersection of speed, scale, and privacy without compromising any one of them. In modern counter-terrorism, advantage is no longer just about access to information; it’s about how effectively you can act on it.
Takeaways
Digital evidence and data volumes in investigations
Evolving threat landscape and global tensions
Privacy, civil liberties, and ethical considerations
Operational efficiency and technological innovations
Future trends in law enforcement technology

Chapters
00:00 The Evolving Role of Digital Evidence in Counter-Terrorism
07:10 Challenges in Analysing Digital Evidence
13:02 Balancing Privacy and Security in Investigations
20:09 Future of Counter-Terrorism and Technology