Security You Should Know

All links and images can be found on CISO Series. Organizations excel at generating massive volumes of unstructured data through recorded meetings. The struggle lies in extracting value from it. The reality is that most of this data is never touch again after its created. The temporal nature of voice communication creates unique challenges. These conversations capture real-time insights and concerns that are highly valuable for immediate decision-making. But traditional data management approaches fail to surface actionable intelligence before it becomes stale. In this episode, Joe Essenfeld, CEO and co-founder at FORA, explains how their platform addresses these challenges by automatically processing recorded meetings to generate personalized, contextual summaries while maintaining strict data privacy controls. Joining him are Howard Holton, CEO at GigaOm, and Derek Fisher, Director of Cyber Defense at Temple University. The conversation explores how FORA’s AI-powered personalization engine creates individualized meeting cards based on organizational context and project involvement. The platform implements sophisticated filtering to remove personal banter and protects sensitive information through automated labeling systems that can detect IP discussions, HR-sensitive content, and accidental recordings. Huge thanks to our sponsor, FORA   Recorded meetings are the fastest-growing source of shadow data. FORA gives enterprises unified visibility and control—enforcing retention, access, and compliance across platforms. Security teams eliminate blind spots while employees gain powerful insights. With FORA, you know exactly what recorded data exists, where it’s stored, and who can access it.  

All links and images can be found on CISO Series. In this episode, Rob Allen, chief product officer at ThreatLocker, explains how their Storage Control solution addresses these challenges by implementing program-level access restrictions that work alongside traditional user permissions. Joining him are Jonathan Waldrop, CISO-at-large, and Nick Ryan, former CISO at RSM. The conversation explores how ThreatLocker's endpoint-focused approach applies default-deny principles not just to what programs can run, but to what data they can access. This allows users to work normally while preventing unauthorized programs from reaching sensitive information. This streamlined block-request-approve process can resolve access needs within 60 seconds. Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment.  Threatlocker.com/CISO  

All links and images can be found on CISO Series. Asset visibility remains a persistent challenges in cybersecurity. Despite working on this challenge for decades, CISOs continue to struggle with knowing what assets exist in their environments, where they’re located, and what risks they present. The problem has only intensified with dynamic cloud resources spinning up and down in seconds, APIs proliferating across environments, and third-party integrations creating complex dependency chain. Traditional scanning tools simply can’t keep pace. In this episode, Franz Fiorim, Field CTO at Trend Micro, explains how their Cyber Risk Exposure Management (CREME) solution addresses these challenges through continuous asset discovery and risk prioritization across the entire attack surface. Joining him are Krista Arndt, Associate CISO at St. Luke’s University Health Network, and Brett Conlon, CISO at American Century Investments. They discuss how CREME consolidates external attack surface management, cloud security posture management, and vulnerability remediation into a unified platform that discovers hidden assets through multiple methods including agentless cloud integrations, network discovery sensors, and third-party API connections. Huge thanks to our sponsor, Trend Micro Reduce cost, complexity, and tool sprawl by consolidating critical security and risk disciplines like External Attack Surface Management (EASM), Cloud Security Posture Management (CSPM), Vulnerability Risk Management (VRM), Identity Security Posture, Security Awareness and more into one cyber risk exposure management solution. CREM simplifies security and business operations to enable faster, more strategic risk reduction by replacing fragmented point solutions across these domains.

All links and images can be found on CISO Series. Most data breaches don't happen because attackers are geniuses. They happen because organizations give too much access to too many people for far too long. Despite decades of security frameworks and best practices, enforcing least privilege remains one of cybersecurity's most persistent challenges. The culprit isn't technology: it's politics. In this episode, Mokhtar Bacha, CEO of Formal, discusses how their granular privilege access management solution operates at the packet level to enforce least privilege across databases and APIs. Joining him are Howard Holton, COO and industry analyst at GigaOm, and Arvin Bansal, a Fortune 100 veteran CSO. The conversation tackles the truth about why access management fails, explores how AI agents are exploding the identity landscape, and examines whether automated policy enforcement can finally solve the political friction that has plagued privilege management for years. Huge thanks to our sponsor, Formal Formal secures humans, AI agent’s access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.  

All links and images can be found on CISO Series. In this episode, Simone Rapizzi, CSO at RedCarbon, explains how their AI-powered platform uses specialized models to automate threat detection and response while learning from each customer's unique environment. Joining him are Jonathan Waldrop, former CISO, and John Scrimsher, CISO at Kontoor Brands. Huge thanks to our sponsor, RedCarbon RedCarbon platform enables AI SOC: automates threat detection, incident analysis, and intelligence monitoring across SOCs. Operating 24/7, our AI Agents reduce analyst fatigue and accelerate response times. Seamlessly integrating with SIEM, EDR, and XDR platforms, RedCarbon enables scalable, cost-effective security, adding infinite AI Agents.

In this episode, Matt Hillary, CISO at Drata, explains how their AI-native trust management platform addresses these challenges by automating evidence collection from integrated systems and reducing manual effort by over 90%. Joining him are Mike Lockhart, CISO at EagleView, and Johna Till Johnson, CEO at Nemertes. We talk about how Drata’s platform bridges the policy-execution gap through hundreds of out-of-the-box integrations, AI-assisted questionnaire responses that handle 90% of vendor due diligence automatically, and real-time control monitoring that enables GRC teams to operate more like security operations centers, responding quickly to control failures rather than simply passing audits. Huge thanks to our sponsor, Drata  AI at Drata is embedded across every layer, transforming GRC from a defensive necessity into a proactive business driver. With new Agentic AI innovations, MCP releases, and a long-term vision for AI-native trust management, Drata empowers security teams to work faster, reduce manual tasks, and deliver meaningful, scalable business impact. Learn more at Drata.com

SIEM costs are spiraling out of control for organizations. Increasing log volumes, longer compliance-driven retention requirements, and the habit of collecting everything "just in case," the list goes on. Traditional SIEM architecture forces painful choices between cost control and security visibility, with teams constantly fighting to keep log volumes down while still maintaining adequate coverage for investigations. In this episode, Cliff Crosland, co-founder and CEO of Scanner, explains how their data lake approach can reduce SIEM costs by 80-90% while giving organizations full custody of their data in their own cloud storage. Joining him are Nick Espinosa, host of the Deep Dive Radio Show, and Howard Holton, COO and industry analyst at GigaOm. In this episode: Data retention policies The fundamental challenge of managing growing log volumes over time How AI copilots are bridging the gap between security analysts and software engineers in detection workflows. Huge thanks to our sponsor, Scanner Traditional SIEMs are a tax on your security team—bloated, brittle, and budget-killing. Scanner.dev fixes this. Use it as your SIEM, or to supercharge the one you already have. Our AI co-pilot summarizes alerts, suggests next steps, and reduces noise—making analysts faster and smarter. See it in action at Scanner.dev.

All links and images can be found on CISO Series Security awareness is critical to cultivate in your organization. But security awareness training can often miss the mark. Traditional training is slow and reactive. As deepfakes and LLM-enhanced attacks become common, organizations need training solutions that can adapt and provide relevant training. In this episode, Brian Long, CEO of Adaptive Security, explains how their platform provides engaging training that can be customized in a matter of minutes. Joining him are Janet Heins, CISO at ChenMed, and Gary Chan, CISO at SSM Health. Huge thanks to our sponsor, Adaptive Security AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive’s new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.

All links and images can be found on CISO Series. Wire fraud and payment security remain persistent challenges for organizations, with the FBI reporting a 33% increase in BEC losses between 2023 and 2024. The complexity of B2B payment processes creates multiple attack vectors that traditional email security solutions can't fully address. In this episode, Shai Gabay, co-founder and CEO of Trustmi, explains how their platform connects the dots across the entire payment ecosystem to prevent fraud before money leaves the organization. By integrating with existing payment workflows and leveraging AI to build behavioral baselines, Trustmi aims to eliminate the manual controls and siloed systems that make B2B payments vulnerable to attack. Joining him are Bethany De Lude, CISO Emeritus, and Adam Glick, CISO at PSG Equity. Huge thanks to our sponsor, Trustmi Eliminate socially engineered fraud with Trustmi’s Behavioral AI platform. Empower IT and finance teams to detect BEC, vendor impersonation, and payment errors in real time—protecting your business and bottom line. Learn more at trustmi.ai.

Implmenting new technologies for the business is already a daunting task. Cloud and SaaS have made some of the implementation easier, but it also makes it easier to not fully comprehend the risks you're taking on. All it can take is a company credit card. Organizations struggle with shadow IT, misconfigurations, and unauthorized access across multiple cloud environments, often lacking visibility into their actual cloud assets. In this episode, Tyson Garrett, CTO of TrustOnCloud, explains how their platform provides constantly updated threat models for major cloud services, helping organizations implement controls based on their risk appetite. Joining him are Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University, and Davi Ottenheimer, vp, digital trust and ethics at Inrupt. Huge thanks to our sponsor, TrustOnCloud TrustOnCloud delivers actionable, continuously updated threat models for 220+ AWS, Azure, and GCP services. Empower CISOs and security teams to pinpoint risks, adapt controls, and accelerate secure cloud adoption. Stay ahead of cloud threats with research trusted by global systemic banks, enterprises, and governments. Learn more at TrustOnCloud.com

Security orchestration sounds great in theory, but in practice, coordinating between different security tools remains a headache. As workflows need to move faster to keep pace with AI-driven attacks, security professionals find themselves overwhelmed with manual "muck work" rather than focusing on business enablement. In this episode, Matt Muller, field CISO at Tines, explains how their no-code workflow automation platform helps security teams eliminate manual work that bogs them down. Joining him are Bil Harmer, information security advisor at Craft Ventures, and Brett Conlon, CISO at American Century Investments. Huge thanks to our sponsor, Tines   Build, run, and monitor your most important workflows with Tines. Tines’ AI-enabled, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at Tines.com.

All links and information can be found on CISO Series. DLP can be a bit of a four-letter word in cybersecurity. False positives are a major problem with any traditional DLP solution because setting the right policy for your organization's needs is always a moving target. In this episode, Nitay Milner, co-founder and CEO of Orion Security, explains how they provide a "zero-policy" approach to DLP that brings in the missing piece of context to the category. Joining him are Steve Knight, former CISO at Hyundai Capital America, and Jack Kufahl, CISO at Michigan Medicine. Huge thanks to our sponsor, Orion Security Orion is the first AI-native DLP that prevents data exfiltration with a zero-policy approach. Powered by Orion’s proprietary “Indicators of Leakage” AI engine, they automatically detect data incidents with context-aware accuracy - eliminating false positives and manual work. Orion brings a new approach to DLP - it’s like EDR for your data. Already trusted by enterprises in finance, aviation, healthcare, and beyond. Learn more at https://orionsec.io  

Managing risk is the name of the game for a CISO. Quantification is a major part of that job, but it doesn't end there. Without a means of communicating that quantification to the rest of the business, quantification just adds to the noise. In this episode, UJ Desai, Senior Director of Product Management, Partner Programs at Qualys explains how they provide a comprehensive solution for the Risk Operations Center, with comprehensive ways to ingest data from your applications, make sense of the data, and give your organization the tools to make the right priorities with it. Joining him are our panelists, Montez Fitzpatrick, CISO at Navvis, and Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University. Huge thanks to our sponsor, Qualys     Cut through cybersecurity noise with Qualys Enterprise TruRisk Management. Quantify risk in financial terms, prioritize critical threats, and streamline remediation. Gain actionable insights for faster risk reduction and communicate business impact clearly to stakeholders. Empower your teams to measure, communicate, and eliminate cyber risk more effectively. Learn more at qualys.com/etm.

Security teams today are expected to manage two fronts—building and maintaining proactive defenses, and staying ready to respond at any moment to threats that slip through. But unless someone actively watches those alerts 24/7, your detection tools are expensive noise generators. In this episode, Rob Allen, chief product officer at ThreatLocker, lays out why their Cyber Hero® MDR offering is built not as a standalone security strategy, but as a complement to a deny-by-default, proactively hardened environment. With real-time visibility, flexible communication, one-click remediation, and human-backed support—not just automation—ThreatLocker’s MDR offering is positioned to deliver value even when the alerts are quiet. Joining him are TC Niedzialkowski, head of IT and security at Opendoor, and Sasha Pereira, CISO at WASH. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Large language models are most useful to your business when they have access to your data. But these models also overshare by default, providing need-to-know information without sophisticated access controls. But organizations that try to limit the data accessed by an LLM risk undersharing within their organization, not giving the information users need to do their jobs more efficiently. In this episode, Sounil Yu, CTO at Knostic, explains how they address internal knowledge segmentation, offer continuous assessments, and help prevent oversharing while also identifying under-sharing opportunities. Joining him are our panelists, Ross Young, CISO-in-residence at Team8, and David Cross, CISO at Atlassian. Huge thanks to our sponsor, Knostic Knostic protects enterprises from LLM oversharing by applying need-to-know access controls to AI tools like Microsoft 365 Copilot. Get visibility into overshared data, fix risky exposures, and deploy AI confidently—without data leakage. If you’re rolling out Copilot or Glean, you need Knostic.  

Unauthorized site access remains a significant security concern for organizations. But why does this issue persist, and how can it be effectively addressed? In this episode, Rob Allen, chief product officer at ThreatLocker, discusses the core functionality of ThreatLocker's Web Control solution: blocking access to unauthorized sites without meddling with DNS servers—a common pitfall among other tools. Rob explains that the simplicity of defining where employees can and cannot access is pivotal. This approach not only helps keep users away from malicious sites but also steers them clear of non-productive ones, thereby enhancing resource allocation. Rob is joined by our panelists, TC Niedzialkowski, Head of IT & Security at Opendoor, and Sasha Pereira, CISO, WASH. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Linux is the backbone of critical infrastructure, yet it often flies under the radar when it comes to endpoint monitoring. From legacy servers to embedded systems, Linux devices are frequently unprotected, either due to operational risk, overlooked assets, or the false assumption that Linux is “secure by default.” In this episode, Craig Rowland, founder and CEO of Sandfly Security, introduces an agentless approach to EDR purpose-built for Linux systems. By operating over SSH and running rapid, randomized checks without traditional kernel hooks, Sandfly can monitor unprotected Linux endpoints, detect fileless and dormant attacks, and uncover SSH key-based lateral movement—all without tipping over sensitive systems. Joining Craig are Jerich Beason, CISO at WM, and Steve Zalewski, co-host of Defense in Depth, dive into where this solution fits in the broader Linux security conversation and why it might be the missing piece for OT and critical infrastructure teams. Huge thanks to our sponsor, Sandfly Security Sandfly delivers agentless Linux EDR that deploys instantly across all distributions and architectures - from cloud servers to embedded devices and legacy systems. Our platform detects evasive threats, monitors SSH keys, and identifies system drift without performance impacts. Comprehensive Linux security without the endpoint agent risk.

For years, patch management has been treated as a solved problem—until reality strikes. Outdated applications, portable executables, patch conflicts, and shadow software leave organizations unknowingly exposed. The tools may exist, but the process often breaks down. In this episode, Rob Allen, chief product officer at ThreatLocker, discusses why their new patch management solution goes beyond legacy approaches. With built-in patch packaging, pre-deployment testing, and granular control, the platform helps teams navigate complex environments while keeping rollback, risk tolerance, and deny-by-default strategies in play. Joining him are Mike Woods, vp of cybersecurity at GE Vernova, and Steve Zalewski, co-host of Defense in Depth. Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Automated attacks are growing in speed and sophistication, far outpacing the human defenses most organizations rely on. Whether it’s credential stuffing, scraping, or denial-of-wallet attacks, bots can drain your resources before they even steal a cent. In this episode, Sam Crowther, founder of Kasada, discusses how their bot detection and mitigation solution flips the economics of attacks. By disrupting automated behavior at wire speed—without impacting user experience—Kasada ensures you’re doing business with real people, not fake clicks. Joining him are panelists Jimmy Sanders, president of ISSA International, and Jason Elrod, CISO at MultiCare Health System. Huge thanks to our sponsor, Kasada

Managing privileged access across a sprawling IT environment remains one of cybersecurity’s toughest balancing acts. Admin privileges are often granted too broadly and retained for too long, opening dangerous pathways for lateral movement and ransomware. In this episode, Rob Allen, chief product officer at ThreatLocker, introduces their Elevation Control tool — a solution designed to help security teams remove unnecessary privileges, apply just-in-time elevation for specific apps, and restrict lateral movement, even within elevated sessions. Joining him are Mike Woods, vp of cybersecurity at GE Vernova, and Steve Zalewski, co-host of Defense in Depth. Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.