DrZeroTrust

In this episode, I sit down with Ofer Klein to dig into the messy truth about #ai governance, “shadow AI,” and why most CISOs are already behind the curve. We’re talking about the reality that AI isn’t just a shiny new tool — it’s a #cybersecurity #threat vector, a compliance nightmare, and the next accelerant for both attackers and defenders.If your organization thinks it can “wait and see,” you’ve already lost. Visibility, governance, and proactive strategy aren’t optional anymore — they’re survival.Tune in and find out why AI will either accelerate your business or dismantle it — and why your security leadership better decide which side of that equation they’re on.

In this episode of The Dr. ZeroTrust Show, I sit down with Geoff Halstead, co-founder and Chief Product Officer of Faction Networks, to delve into the realities of Zero Trust Networking.We break down:Why legacy and #iot devices remain a massive #risk surfaceHow hardware plays a decisive role in #cybersecurity strategy.The investment challenges are holding back true innovation.Why accountability and continuous monitoring are non-negotiable for building a secure digital future.If you’re serious about securing infrastructure against modern threats, this is a conversation you don’t want to miss.

In this episode, Mike Elkins maps a whole‑of‑business blueprint for digital safety that actually reduces risk you can measure. We break down what “holistic” really means in practice: identity as the control plane, data‑centric design, continuous verification, least privilege, segmentation that shrinks blast radius, and automation that removes human bottlenecks. From cloud and SaaS to OT/IoT and third‑party risk, Chase shows how to connect policy, architecture, and operations so security becomes a repeatable system—not a pile of tools.TakeawaysWhy piecemeal controls create “debt‑in‑depth”How to center Zero Trust on identities, not networksPragmatic micro‑segmentation and just‑in‑time accessA simple metric stack for the board (exposure, blast radius, dwell time)How to align GRC with day‑to‑day enforcementNo FUD. No silver bullets. Just the playbook to make “holistic” real.

In this hard-hitting episode of The DrZeroTrust Show, we peel back the layers of FEMA’s #vulnerabilities—not in hurricanes or wildfires, but in its #digital backbone and #leadership. From fragile #cybersecurity defenses to internal dysfunction, these issues strike at the core of FEMA’s ability to deliver when America needs it most. I’ll break down how systemic missteps and weak strategies threaten resilience, and what must change if our nation is to withstand the crises of tomorrow.This isn’t just about disaster relief—it’s about national security, accountability, and the future of government response in the cyber age. Tune in to get the unfiltered truth.

Cyber meets Congress—no spin, no buzzwords. In this episode of The Dr. ZeroTrust Show, we break down what it's like to work with the folks on Capitol Hill from a Tech CEO's perspective. In this episode, you will hear about how leaders should approach collaborating with lawmakers, and perhaps even learn a thing or two about what it means to lead from the front as a CEO.If this helped, like, subscribe, and drop your questions in the comments—what should we tackle next?#cybersecurity #capitolhill #congress #zerotrust #policy #nationalsecurity #cisa #NIST #CIRCIA #SBOM #AIpolicy #electionsecurity #criticalinfrastructure

Cybersecurity conferences: equal parts chaos, collaboration, and caffeine. ☕💻 Behind the buzzwords and vendor swag, real innovation happens. We’ll break down how these gatherings shape the industry, spark partnerships, and prep us for the next wave of #threats. Tune in for no-BS insights on making the most of these events.

We pull no punches on the escalating #cyberwarfare threat from state-sponsored actors, with China leading the charge. From alarming penetration test results to underfunded state laws like Ohio’s latest effort, this episode dissects why America’s response is dangerously inadequate. This isn’t just another #cybersecurity scare—it’s a call for a complete strategic overhaul to safeguard national #security before it’s too late.TakeawaysChina is currently leading in cyber warfare against the U.S.The threat landscape is rapidly evolving, with increasing vulnerabilities.Broken access control remains the most common vulnerability in systems.Cybersecurity spending is slowing down, which is concerning for national security.Ohio's new cybersecurity law lacks funding and practical enforcement measures.Leadership in cybersecurity is crucial for effective defense strategies.Many organizations are still using outdated technology and practices.The need for comprehensive training and resources in cybersecurity is critical.Legislative measures must be backed by funding to be effective.The conversation highlights the urgency for a new approach to cybersecurity.

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses significant developments in cybersecurity, including Palo Alto's $25 billion acquisition of CyberArk, the implications of rising AI threats, and the ongoing challenges posed by data breaches and ransomware. He emphasizes the need for a more robust cybersecurity framework, particularly in light of recent trends in fraud and the consolidation of the cybersecurity industry. The discussion also touches on the political influences affecting cybersecurity education and the importance of adopting Zero Trust principles.TakeawaysPalo Alto's acquisition of CyberArk is a significant move in the cybersecurity landscape.The consolidation of cybersecurity firms raises concerns about market competition.Data breaches linked to Shiny Hunters highlight vulnerabilities in CRM systems.AI is increasingly being used in sophisticated cyberattacks.The AI fraud crisis is already impacting various sectors, including government programs.Political influences are affecting hiring practices in cybersecurity education.CISA's new guidance on Zero Trust emphasizes the importance of microsegmentation.Ransomware attacks are evolving, with a notable increase in targeting the oil and gas sector.The volume of data stolen in ransomware attacks is on the rise.Cybersecurity requires continuous adaptation to emerging threats and technologies.

In this conversation, Dr. Chase Cunningham discusses the current state of cybersecurity, focusing on market growth, the workforce gap, the impact of data breaches, and the role of AI. He emphasizes the importance of zero trust architecture and highlights the human factors that contribute to cybersecurity risks. The discussion also covers incident trends and the need for organizations to adapt their strategies to mitigate risks effectively.TakeawaysThe cybersecurity market is projected to grow significantly, reaching $878 billion by 2034.Data breaches are becoming increasingly costly, with the healthcare sector being the most affected.Zero trust architecture is gaining traction as organizations seek to reduce breach costs.There is a significant gap in the cybersecurity workforce, with millions of unfilled positions.Despite the demand for cybersecurity professionals, many qualified individuals remain unemployed.AI is transforming the cybersecurity landscape, but it also poses new risks.Human factors remain a significant vulnerability in cybersecurity.Organizations must implement technology to mitigate risks associated with human error.The majority of cybersecurity incidents are often attributed to a small percentage of employees.Zero-Trust strategies are essential for future cybersecurity resilience.

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses the recent ransomware attack on Marks & Spencer, the implications of Ingram Micro's investigation into a ransomware incident, and the lessons learned from major cyber attacks. He highlights the importance of cybersecurity measures, job opportunities in the field, and government initiatives aimed at improving cybersecurity. The conversation also explores the rise of sophisticated cyber threats, including deepfake scams and the activities of the hacker group Scattered Spider, concluding with insights into the future of cybersecurity.TakeawaysMarks & Spencer's ransomware attack was the result of social engineering.The attack involved impersonation of employees to reset passwords.Micro segmentation and multi-factor authentication could have mitigated the attack.Ingram Micro is investigating a ransomware attack that is affecting its operations.Lessons from past cyberattacks emphasize the need for software updates and ongoing training.Deepfake scams are becoming a significant threat.There are numerous job opportunities in the field of cybersecurity.Government funding for cybersecurity is crucial for rural hospitals.The SEC is settling with SolarWinds over cybersecurity failures.Organizations often overlook cybersecurity best practices.

In this conversation, Dr. Zero Trust discusses various cybersecurity incidents, including the Norwegian dam hack, retail data breaches, and the challenges posed by data brokers. He emphasizes the importance of proactive security measures and the need for better regulations in the digital age. The discussion also touches on leadership changes at Cyber Command, emerging cybersecurity startups, and ethical considerations in the industry.TakeawaysThe Norwegian dam hack highlights the risks of weak passwords.Proactive security measures are essential for critical infrastructure.Data breaches in retail can affect millions of individuals.Leadership changes at Cyber Command may impact cybersecurity strategy.Data brokers operate in a regulatory gray area across states.Privacy concerns are exacerbated by the lack of federal regulations.Cybersecurity incidents in airlines can have widespread implications.The VA data breach serves as a historical lesson for cybersecurity.Emerging startups are addressing various cybersecurity challenges.Ethical considerations in cybersecurity practices are crucial.

In this episode, Dr. Zero Trust discusses a record-breaking data breach involving 16 billion exposed passwords, the implications of cyber warfare in current geopolitical conflicts, and the challenges surrounding digital sovereignty in Europe. The conversation highlights the need for better cybersecurity practices and the evolving nature of warfare in the digital age.Takeaways16 billion passwords exposed in a massive data breach.The data breach raises questions about the accuracy of reported figures.Cybercriminals are shifting tactics, using info stealers and malware.The future of warfare involves cyber operations combined with kinetic actions.Deep fakes and manipulated media are becoming prevalent in conflicts.Cybersecurity measures like MFA and strong passwords are essential.Legislators are often unaware of the complexities of cybersecurity.Digital sovereignty claims in Europe are questionable due to reliance on US companies.The intersection of cyber and traditional warfare is increasingly blurred.Public awareness of cybersecurity threats is crucial for national security.

In this conversation, Dr. Chase Cunningham and Eric Krohn discuss the evolving landscape of cybersecurity, particularly focusing on the impact of AI and Zero Trust principles. They explore the challenges small and medium businesses face in adopting new technologies, the importance of risk management, and the need for a collaborative approach between technology and business strategies. The discussion also touches on the recent funding trends in cybersecurity startups and the role of AI in enhancing security measures while addressing the human element in cybersecurity practices.TakeawaysThe AI boom is reshaping the cybersecurity landscape.Zero Trust is becoming a standard practice in security.Risk management strategies must evolve with technology.AI can enhance cybersecurity but requires careful implementation.Small and medium businesses face unique challenges in cybersecurity.Funding for cybersecurity startups is on the rise.Collaboration between tech and business is essential for success.AI can help simplify complex cybersecurity processes.Understanding the human element is crucial in cybersecurity.The future of cybersecurity will be driven by innovation and adaptability.

How does a company deal with AI sprawl? What is the "oh shit" moment when an enterprise realizes how much risk AI is introducing? Where can we fix this issue? Why was Reco 4 years ahead of the problem, and what have they learned as they took their solution to market? Lots of insight on this one with the co-founder of Reco!

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various aspects of cybersecurity, focusing on recent data breaches, the implications for businesses, and the challenges faced by small and medium-sized enterprises (SMBs). He highlights the Victoria's Secret data breach as a case study, examines vulnerabilities in water utilities, and critiques the government's approach to cybersecurity funding and information sharing. The discussion also touches on the market dynamics surrounding cybersecurity firms like CrowdStrike and the implications of workforce changes within the Cybersecurity Infrastructure Agency (CISA).TakeawaysCybersecurity breaches can significantly impact business operations and stock performance.Organizations should proactively assess their connections to compromised entities.The government lacks effective reporting mechanisms for cybersecurity vulnerabilities.Small and medium-sized businesses are often left out of cybersecurity discussions.Congress needs to clarify definitions and incentivize cybersecurity participation among SMBs.Funding cuts to cybersecurity agencies can undermine national security efforts.CrowdStrike's market performance raises questions about accountability in cybersecurity.CISA is facing significant workforce challenges that may affect its effectiveness.Popular Chrome extensions can pose security risks by leaking sensitive data.Proactive measures are essential to mitigate cybersecurity threats.

In this conversation, Dr. Chase Cunningham and Michael Shieh from Mammoth Cyber discuss the evolution of Zero Trust security, focusing on browser security and AI's role in enhancing security measures. They explore the concept of data-first security, the significance of mobile security, and the future of Zero Trust in the context of increasing cyber threats. Michael emphasizes the need for a browser-centric approach to security, which allows for better control and visibility over user behavior and data access.TakeawaysMammoth Cyber focuses on browser-centric security solutions.The evolution of web applications has increased data leakage risks.AI tools are becoming integral to browser security.Data isolation allows users to access data without downloading it.User productivity should not be hindered by security measures.The attack surface for cyber threats is broader than ever.Browser security is essential for all users, not just enterprises.Phishing training is less effective than implementing browser isolation.Mobile security is crucial as users access company data on personal devices.The future of Zero Trust will heavily involve browser security solutions.

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various pressing issues in cybersecurity, including the recent leadership changes at CISA, NATO's proposal for cybersecurity spending, market trends in cybersecurity IPOs, and the alarming number of exposed credentials. He emphasizes the importance of cybersecurity in business growth and critiques the healthcare sector's approach to cybersecurity investments. The conversation also touches on emerging threats and concludes with a call to action for the cybersecurity community to address these challenges.TakeawaysCISA's leadership changes raise questions about its effectiveness.NATO's inclusion of cybersecurity in spending targets is a significant development.Market trends indicate a shift towards IPOs in cybersecurity.The exposure of 184 million login credentials highlights ongoing security issues.Cybersecurity teams contribute significantly to business growth.Healthcare organizations prioritize IT security but struggle with implementation.Hackers are increasingly exploiting cloud services for attacks.CrowdStrike's lack of accountability raises concerns in the industry.The cybersecurity community must work together to address emerging threats.There is a need for greater transparency and accountability in cybersecurity incidents.

In this conversation, Dr. Chase Cunningham and Omer from Legit Security discuss a significant vulnerability discovered in GitLab Duo, an AI assistant integrated into GitLab. They explore how prompt injection techniques can be exploited to manipulate the AI into leaking sensitive source code and other confidential information. The discussion highlights the implications of AI context in security, the responsibility of companies to manage these risks, and the evolving landscape of AI-related attacks. Omer emphasizes the need for vigilance as new attack vectors emerge, making it clear that while GitLab has patched the vulnerability, the potential for future exploits remains.TakeawaysGitLab Duo is an AI assistant that helps manage code and projects.A vulnerability was found that allows for prompt injection attacks.Prompt injections can manipulate AI to leak sensitive information.The context used by AI can be exploited against it.Companies must take responsibility for AI outputs.GitLab has patched the vulnerability but risks remain.New prompt injection techniques are constantly emerging.AI systems are not truly intelligent; they follow programmed responses.The relationship between AI and security is evolving rapidly.Future attacks will likely focus on contextual vulnerabilities.

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various aspects of cybersecurity, including the impact of ransomware attacks on businesses, the importance of strong password practices, and the emerging threats posed by ransomware as a service operations like Dragon Force. He highlights recent data breaches in retail, the significance of red teaming in cybersecurity, and the security risks associated with Chinese-made solar inverters. The conversation also touches on legislative responses to cybersecurity threats and a recent ransomware attack on Coinbase.TakeawaysLive streaming can be frustrating and often isn't truly live.Ransomware attacks can significantly impact stock prices.Investors can find opportunities in companies affected by breaches.Ransomware as a service is a growing threat in cybersecurity.Weak passwords are a common vulnerability in many organizations.Data breaches often lead to stolen customer information.Red teaming can help organizations identify vulnerabilities before they are exploited.Chinese-made devices pose potential security risks to critical infrastructure.Legislative measures are being considered to address cybersecurity threats.Companies like Coinbase are exploring alternative responses to ransomware demands.

In this conversation, Dr. Zero Trust shares his experiences from the RSA show, discussing the overall atmosphere, vendor interactions, and the introduction of the 10 Ring app for vendor reviews. He highlights certain vendors' threats and emphasizes the importance of data-driven analysis. The discussion also covers insights from a recent Gartner report on security controls and various cybersecurity incidents, concluding with reflections on the industry's future.TakeawaysRSA was interesting but had minimal value overall.The atmosphere at RSA included unusual elements like robot dogs and puppies.Some vendors are willing to threaten analysts for their opinions.Data-driven analysis is crucial in evaluating vendor performance.The 10 Ring app received positive feedback for vendor reviews.Gartner's report highlights misconfiguration as a major security issue.Organizations need to focus on continuous optimization of security controls.Recent cybersecurity incidents show the ongoing vulnerabilities in the industry.CrowdStrike is cutting jobs to scale its business amid market pressures.Basic cybersecurity hygiene is still not being followed by many organizations.