The Security Strategist

• Why Fraud Prevention Silos Are Holding Your Business Back

  "The thing to challenge is the fact that fraud prevention is a vertical by itself," says Guido Ronchetti, CTO at XTN Cognitive Security. He stresses that recent fraudulent trends exhibit "no real separation between fraud, cybersecurity, and AML.”In this episode of The Security Strategist podcast, Jonathan Care discusses fraud prevention with Ronchetti and Paolo Carmassi, Head of Sales at XTN. They explore the connection between fraud, cybersecurity, and artificial intelligence (AI), emphasising the need for a holistic approach to tackle modern fraud challenges. The conversation further spotlights how to take advantage of local identity and data privacy as competitive advantages, particularly in Europe. The speakers discuss emerging threats such as shell game malware. The relation between fraud, cybersecurity, and AI is apparent in scenarios like authorised push payment fraud. It often involves an initial data breach, followed by social engineering, and culminating in financial fraud. Future of Fraud Prevention To effectively fight such threats, a detailed picture of the entire "kill chain" is critical. It should include expertise from cybersecurity and anti-money laundering (AML).Expanding on “kill chain,” Carmassi says that "fraud is no longer a case of just the banking industry or the financial services at large. It's something that is starting to spill out into other industries as well." The head of sales points to examples in gambling, with issues like account takeover and bonus abuse, and even the automotive sector, where app vulnerabilities could lead to physical security threats. The emergence of sophisticated bots further complicates this space. That makes it a unified defence strategy pressing across all sectors.Alluding to an example, Ronchetti explained, "Last year we were dealing with one of the top 10 European banks. The reason for that was GDPR." The bank had to replace a well-established American vendor after over a year of a Proof of Concept (POC). This was because the vendor's data-sharing practices, particularly with clients outside the European Union, clashed with GDPR requirements. This incident stresses the importance of a provider's ability to tackle the complex European regulations. The upcoming AI Act further accentuates this divide, with European and US approaches to AI regulation diverging significantly.The episode concludes with insights on the future of fraud prevention, focusing on trust and the integration of behavioural biometrics.TakeawaysFraud prevention must integrate with cybersecurity and AI.The traditional view of fraud as a silo is outdated.Emerging technologies blur the lines between industries.GDPR sets a global standard for data privacy.Cultural and geographical factors influence fraud solutions.New threats like shell game malware are evolving.Younger demographics are becoming targets for fraud.Trust is essential for competitive advantage in fraud prevention.Behavioural biometrics can enhance identity validation.A holistic view of fraud prevention is necessary.Chapters00:00 Introduction to Cognitive Security04:01 Rethinking Fraud...

  --------  

  22:53

  --------

  22:53
• Beyond Traditional IAM: Are You Prepared for Identity Convergence and the Rise of Agentic AI?

  "What we're seeing now is a lot of the vendors that were traditionally one of the identity pillars are kind of expanding into other pillars,” says Kevin Converse, Vice President, Identity and Access Management, GuidePoint Security. In this episode of The Security Strategist podcast, Richard Stiennon speaks with Converse, VP at GuidePoint Security. They discuss identity management, focusing on identity convergence, the impact of agentic AI, and the complexities of non-human identities. The conversation also taps into ethical dilemmas surrounding AI decision-making and future predictions for digital identity in a rapidly changing technological environment.AI’s Impact on Identity and Access Management (IAM) Identity and Access Management (IAM) takes centre stage in this episode. The speakers spotlight two major relevant trends – identity convergence and the influence of agentic AI on digital identity.Converse explains that traditionally, IAM was built on "three pillars—the IGA stack, the privilege access management, and the access manager." However, a change in fashion is taking place where "a lot of the vendors that were traditionally one of those pillars are kind of expanding into other pillars."This change is a result of cybersecurity challenges that require businesses to adopt comprehensive solutions and tap into new markets. Converse further notes, "Some of it for the capabilities so they can expand on what they're doing, but it's also to hit some customers and verticals that we didn't usually do in identity." This means moving from a multi-tool approach to a more unified platform, aiming to provide a "one-stop shop" for identity needs. "There's a lot of focus on unified platforms for identity, particularly," Converse says, "that's a big investment piece right now." He also points out, "vulnerability management tools right now are getting in there too. You name it, they're coming into identity. Identity is the hot space at the moment."This offers cost-saving potential, but Converse urges caution. "The question is, from an overall risk perspective, is that enough for your company?" He stresses the importance of evaluating whether integrated solutions deliver the same "functionality and the same security posture" as specialised tools. The VP also reminds us that "the tools are all pretty capable, but it's just a matter of understanding exactly what you're trying to accomplish and what you're willing to accept as a risk."TakeawaysIdentity convergence is reshaping the identity management landscape.Agentic AI requires a mature identity framework for effective implementation.Non-human identities present unique challenges in cybersecurity.Ethical considerations are crucial when allowing AI to make decisions.Organisations must balance speed and security in adopting new technologies.Real-time visibility and control are essential for managing non-human identities.AI can automate low-level tasks but requires careful oversight.The convergence of identity pillars can lead to cost savings but may compromise functionality.Future technologies like quantum computing could disrupt current encryption methods.Continuous adaptation is necessary to keep pace with

  --------  

  15:47

  --------

  15:47
• Is Your Attack Surface a Swiss Cheese? Solving Attack Surface Management (ASM) Challenges

  In this episode of The Security Strategist podcast, host Richard Stiennon, industry analyst and author, speaks to Craig Roberts, Principal Software Engineer at Rapid7, about digital exposure and the increasing challenges of Attack Surface Management (ASM).The conversation peels back the layers of hidden vulnerabilities and misconfigurations that plague today’s digital world. The speakers offer expert advice into how businesses can better understand, prioritise, and manage their expanding attack surfaces."It's all about the kind of different steps an attacker takes. The attack surface simply means when an attacker can exploit to get to my goal and align to my mission," says Craig Roberts, Principal Software Engineer at Rapid7.Attack Surface Goes Beyond External ScansAlso the Co-founder of Noetic (acquired by Rapid7), Roberts’ journey into attack surface management began from a practical observation. He found that many cybersecurity incidents came from overlooked assets. Such incidents could be unmonitored servers or lack of Endpoint Detection and Response (EDR). "We set out to raise that hygiene bar through preventative controls," he explains. The typical view of an attack surface is often limited to external website scans. "That's only a small piece of it these days. It's often where an attacker will start. It’s an initial foothold. Everything past that point is also still an attack surface." Emphasising the diverse nature of attack vectors, Roberts adds, "We don't have a homogenous way. Attackers both initially gain access and then start moving towards their target." This means that a single misstep or vulnerability across any of these areas can allow an attacker to achieve their objective.Holistic Exposure Management Looking ahead, Roberts recommends CISOs to focus on having all enterprise data and understanding their environment across all assets. These assets are – cloud, users, and traditional infrastructure. Then, layer on an understanding of "exposures" rather than just Common Vulnerabilities and Exposures (CVEs). This includes cloud misconfigurations, identity-related issues like MFA misconfigurations, and, zero-days."Treat those in a similar way because at the end of the day, we need to prioritise those exposures because the attacker isn't going to care about the weapon they use," Roberts concludes. This holistic approach, built on foundational trust in shared data across various security vendors and tools. Such a strategy is crucial for gaining a central view of risk and efficiently mitigating the diverse threats facing modern enterprises.A key takeaway from the discussion is the importance of understanding an organisations’ assets and how critical each is. Roberts argues that, while organisations may spend significant effort on re-scoring and building "vulnerability intelligence pipelines," it’s not often known which critical assets those vulnerabilities reside on."The asset is a really important thing. How important that is to your business, and what data and mitigations it has in it hugely affects the risk of that vulnerability," he stresses.TakeawaysUnderstanding the attack surface is crucial for effective cybersecurity.Attackers exploit various vulnerabilities to achieve their goals.Prioritization of vulnerabilities is essential due to the overwhelming number of CVEs.Zero-day vulnerabilities pose significant risks that require

  --------  

  23:09

  --------

  23:09
• Quantum Computing, AI, & Ransomware: Inside Infosecurity Europe 2025 Key Themes

  Infosecurity Europe, Europe's leading cybersecurity event, is celebrating its 30th anniversary from June 3rd to 5th at ExCeL London. This year's conference is setting the stage for major moments in the enterprise tech space. The event aims to foster collaboration and promises to showcase the top cutting-edge cybersecurity solutions.In this episode of the Security Strategist podcast, host Shubhangi Dua speaks with Saima Poorghobad, Portfolio director RX Global, the organiser of Infosecurity Europe about the upcoming Infosecurity Europe conference. They discuss the significance of the event, which celebrates its 30th anniversary, and explore key topics such as quantum computing, AI, and ransomware that will be highlighted this year. Saima shares insights into new features and innovations at the conference, emphasizing the importance of networking and preparation for attendees."What we're really passionate about at Infosecurity Europe is building a safer cyber world for everyone," says Poorghobad. "We support this mission by giving the community somewhere that they can combine innovation with insights, with relationships." Over the past three decades, Infosecurity Europe has served as a crucial cornerstone for the cybersecurity community, evolving alongside the rapidly changing threat scenarios, from the early internet to the rise of cloud and AI.Setting Agenda With Quantum Computing One emerging theme at Infosecurity Europe 2025 is expected to be quantum computing. Once a distant prospect but now quantum computing is a near-term horizon. The conference will kick off with a headline keynote from Professor Brian Cox, exploring how black holes and quantum mechanics hold the answer to the future of computing and cybersecurity. This will be followed by a panel discussion moderated by BBC cyber correspondent Joe Tidy, focusing on immediate actions organisations should take. Poorghobad emphasising the practical applications of this says, "teaming up that session with Professor Brian Cox followed by that panel kind of gives you that overarching theory and view of the overarching threat to see how we can actually implement and what should we be doing today and make it really practical?"Geopolitics is another major driver of cyber. For this, Rory Stewart, former diplomat, politician, and host of "The Rest Is Politics," will speak at the event on global power dynamics. He plans to particularly discuss how shifting alliances, emerging threats, and potential global trade wars could impact access to essential hardware and software for cybersecurity. AI and Generative AI continue to be a key theme. Despite their initial hype, they remain at the forefront of cyber concerns. Cited as the most pressing threat in Infosecurity Europe's annual Trends Report, AI lowers the barrier to entry for bad actors and enhances capabilities for skilled attackers. A keynote session titled "Calling BS on AI" will bring together AI experts to provide insights on defending against AI threats, particularly deepfakes and AI-powered social engineering campaigns.For more details on the event and some surprises planned, watch the full...

  --------  

  26:07

  --------

  26:07
• Part 1: How Endpoint Security Got To Now? with Endgame

  With organizations poised to spend more than $5B+ on endpoint security software this year, it raises the question: What should enterprises be asking from security vendors, and how can they parse signal from all the marketing noise? In this three-part podcast series, hosted by freelance analyst Bob Tarzey, he speaks to Ian McShane who as a former Gartner analyst focuses on the endpoint security market. Ian McShane has written extensively about the failure of antivirus vendors to defend against modern attacks, and the marketing hype surrounding “next-gen” antivirus.Part 1 - How Endpoint Security Got To NowIn this podcast, Bob Tarzey talks to VP and endpoint security expert from Endgame, Ian McShane. They discuss the history of endpoint security, the failings of signature-based anti-virus and how it is integral for all organizations.

  --------  

  14:52

  --------

  14:52

More Business podcasts

Trending Business podcasts

About The Security Strategist

The Security Strategist: Podcasts in Family