Security Matters

In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk’s VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them. From his journey co-founding Jetstack and creating Cert Manager to leading CyberArk’s efforts in workload identity, Matt shares insights on why secrets-based security is no longer sustainable—and how open standards like SPIFFE are reshaping the future of cloud-native and AI-driven environments.Discover how machine identities now outnumber humans 80 to 1, why leaked secrets are a "hacker’s buffet," and how workload identity is becoming a cornerstone of Zero Trust architecture. Whether you're a CISO, platform engineer, or just curious about the next frontier in cybersecurity, this episode offers actionable advice and a compelling vision for securing the age of AI agents.

Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.From zero-day vulnerabilities and machine identity risks to AI-powered attacks and insider threats, Ian shares practical strategies drawn from his experience in military intelligence, offensive cyber operations, and corporate security leadership. Learn how to build resilience, translate cyber risk into business outcomes, and lead with mission-driven clarity in a threat landscape that never slows down.

What does "secure by default" really mean—and is it enough? In this episode of CyberArk’s Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.Drawing on over 25 years in cybersecurity, Scott shares how he balances product and corporate security, leads a global team, and chairs his company’s AI steering committee. He discusses the importance of machine identity management, certificate automation, and building security programs that support both innovation and accountability.Plus, Scott reflects on how his passion for travel—including a group trip to Antarctica—informs his leadership style and security mindset.

What does it take to stay calm in the face of constant cyber pressure—and why does that mindset matter more than ever? In this episode of Security Matters, host David Puner speaks with Den Jones, founder and CEO of 909Cyber, about his transition from enterprise chief security officer (CSO) to cybersecurity consultant. They explore what it means to lead with clarity and composure in a high-stakes environment, the realities of launching a firm in a crowded market, and how pragmatic security strategies—especially around identity, AI, and Zero Trust—can help organizations navigate AI-driven threats, talent shortages, and operational complexity. It’s a candid conversation about what works and what doesn’t when it comes to modern security leadership.

In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation.Listeners will learn:Why legacy identity governance models are breaking under cloud scaleHow AI agents are reshaping entitlement management and threat detectionWhat organizations must do to secure non-human identities and interlinked dependenciesWhy time-to-value and outcome-driven metrics are essential for modern IGA successWhether you're a CISO, identity architect, or security strategist, this episode delivers actionable guidance for navigating the evolving identity security landscape.

In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.They explore what it means to be a mission-driven CISO, how to build trust from the boardroom to the front lines, and why identity has always been the true perimeter. Marene also reflects on her post-CISO chapter and the evolving role of cybersecurity leaders in a rapidly evolving threat landscape.

In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.According to the CyberArk 2025 Identity Security Landscape, machine identities now outnumber human identities by more than 80 to 1. As organizations scale cloud workloads and automation, these identities are becoming a critical part of the cybersecurity frontline. From TLS certificate outages to API key exposures, failures in machine identity management can lead to outages, breaches, and cascading system failures. In this episode of Security Matters, Kevin Bocek explains why this moment is pivotal for getting machine identity right—and how Zero Trust principles, automation, and visibility are essential to building cyber resilience.We also explore the future of identity security—from AI kill switches and agentic AI to quantum threats—and how identity can serve as both a safeguard and a kill switch in the age of autonomous systems.Whether you're a cybersecurity professional or simply interested in the latest security trends, this episode offers valuable insights into the importance of machine identity in safeguarding our digital world. Don’t forget to subscribe, leave a review, and follow Security Matters for more expert discussions on the latest in cybersecurity.

In this episode of Security Matters, host David Puner sits down with Eric Olden, co-founder and CEO of Strata Identity, and a pioneer in modern identity management. Eric shares his career journey, from founding Simplified to leading Oracle's global identity division, and discusses the critical importance of resilience in identity systems.Discover how organizations can eliminate single points of failure, test their backup plans and ensure their digital operations remain robust even in the face of unexpected outages. Eric also delves into the concept of identity orchestration, explaining how it can unify multiple identity systems and enhance security.Tune in to learn about the latest trends in identity management, including the intersection of AI and identity, and gain insights into how businesses can proactively assess and mitigate risks associated with identity outages.Don't miss this engaging conversation filled with practical advice and forward-thinking strategies to help safeguard your organization's identity infrastructure.

In this episode of Security Matters, host David Puner, dives into the world of evolving cyberthreats with Bryan Murphy, Senior Director of CyberArk's Incident Response Team. Imagine a scenario where an attacker uses AI-generated deepfakes to impersonate your company's VP of finance, gaining unauthorized access to your environment. Bryan Murphy shares insights on how these sophisticated attacks are turning identity into the attack surface and why your first line of defense might be as simple as a video call. Learn about the latest trends in social engineering, credential tiering and the importance of visual verification in incident response. Don't miss this eye-opening discussion on how to protect your organization from the ever-evolving threat landscape.

In this episode of the Security Matters podcast, host David Puner sits down with Lior Yaari, CEO and co-founder of Grip Security, for a discussion that covers the concept of identity debt and its implications for modern cybersecurity. Lior shares insights from his experience in Israel's elite Unit 8200 and explains why identity is now the new security perimeter. They delve into the challenges organizations face in managing SaaS applications, the impact of generative AI on cybersecurity and the importance of proactive identity governance. Tune in for tips on how to protect your organization from within and stay ahead of evolving threats.

Imagine receiving an urgent email from your bank that looks perfectly legitimate. It warns you of a suspicious transaction and prompts you to verify your identity. You hesitate but click, and suddenly, your credentials are compromised. This scenario, crafted by AI-powered fraud-as-a-service, is happening now.In this episode of the Security Matters podcast, host David Puner is joined by Blair Cohen, Founder and President of AuthenticID, to discuss the evolving identity threat landscape. They explore the rise of synthetic fraud, the role of biometric authentication and how AI-driven security is reshaping the fight against cybercrime. Blair shares insights on the challenges of detecting deepfakes, the advancements in biometric authentication and the impact of generative AI on security measures.Tune in to learn how security leaders can stay ahead in this rapidly changing environment and what organizations can do to prepare for the next generation of cyberthreats.

In this episode of the Security Matters podcast, host David Puner is joined by Lavi Lazarovitz, Vice President of Cyber Research at CyberArk Labs, to explore the transformative impact of AI agents on cybersecurity and automation. They discuss real-world scenarios where AI agents monitor security logs, flag anomalies, and automate responses, highlighting both the opportunities and risks associated with these advanced technologies.Lavi shares insights into the evolution of AI agents, from chatbots to agentic AI, and the challenges of building trust and resilience in AI-driven systems. The conversation delves into the latest research areas, including safety, privacy, and security, and examines how different industries are adopting AI agents to handle vast amounts of data.Tune in to learn about the critical security challenges posed by AI agents, the importance of trust in automation, and the strategies organizations can implement to protect their systems and data. Whether you're a cybersecurity professional or simply curious about the future of AI, this episode offers valuable insights into the rapidly evolving world of AI agents.More security resources via the CyberArk Blog

In this episode of Security Matters, we dive into the world of retail technology and cybersecurity. Imagine a bustling retail chain during its busiest shopping season, only to be disrupted by a cyberattack. Our guest, Jason James, Chief Information Officer (CIO) at Aptos Retail, shares his insights with host David Puner on how to stay ahead of these threats. Discover the strategies for building cyber resilience, the role of AI in retail, the importance of protecting consumer trust and the critical role of identity in safeguarding sensitive data. JJ's journey from tech enthusiast to CIO offers actionable insights and expert advice for cyber professionals, business leaders and anyone with a seat at or view of the cybersecurity table.More security resources via the CyberArk Blog

In the inaugural episode of the Security Matters podcast, host David Puner dives into the world of AI security with CyberArk Labs' Principal Cyber Researcher, Eran Shimony. Discover how FuzzyAI is revolutionizing the protection of large language models (LLMs) by identifying vulnerabilities before attackers can exploit them. Learn about the challenges of securing generative AI and the innovative techniques used to stay ahead of threats. Tune in for an insightful discussion on the future of AI security and the importance of safeguarding LLMs.What's Security Matters? Check out the show trailer to learn more. Make us your top cybersecurity podcast.More security resources via the CyberArk Blog Links referenced in this episode:FuzzyAI GitHub pageFuzzyAI Discord Community

Welcome to Security Matters, the next evolution of CyberArk’s podcast. Previously known as Trust Issues, this show has always brought expert insights into the world of identity security.Hosted by David Puner, Senior Editorial Manager at CyberArk, Security Matters refines its focus to emphasize a proactive approach to cybersecurity. The podcast will delve into the principle of "Think like an attacker," highlighting the importance of staying ahead of threats rather than merely reacting to them.Each episode will feature deep insights, expert perspectives, and actionable strategies to help empower listeners to defend and protect their organizations and the digital world. Topics will include securing the entire spectrum of identities—both human and machine—protecting hybrid and multi-cloud environments and analyzing the latest attack methods.Join Security Matters to explore why how you approach security truly matters.Coming mid-Feb. 2025 to this stream and most major podcast platforms. 

In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs' Senior Offensive Research Evangelist, and Joe Garcia, CyberArk’s Principal DevOps Solutions Engineer, they explore the timeline, details and implications of the attack. Discover proactive security recommendations, insights into zero-day vulnerabilities and the broader impact on federal cybersecurity. Tune in to learn how to help bolster your defenses against future cyber threats.To read CyberArk Labs' analysis of the U.S. Treasury attack, check out the teams' blog, "The US Treasury Attack: Key Events and Security Implications." 

In this episode of the Trust Issues podcast, host David Puner dives into the complexities of secrets management with Ritesh Desai, General Manager at AWS Secrets Manager. They discuss the evolving landscape of secrets management, emphasizing the importance of a multi-layered defense strategy as organizations increasingly adopt cloud services, digital transformation and agile development practices. Ritesh highlights the critical role of machine identities in managing secrets and the growing significance of AI and automation in enhancing security measures. He also underscores the necessity of a comprehensive approach that includes discovery, visibility and leak detection to safeguard sensitive information effectively. The conversation covers the challenges of managing secrets in multi-cloud environments and the importance of regular secret rotation and access control. This episode provides valuable insights into best practices and strategies for securing secrets. 

In this episode, Trust Issues host David Puner wraps up 2024 with a conversation with Red Hat’s Field CTO Ambassador E.G. Nadhan about the future of cybersecurity. They discuss the importance of cloud security principles, the impact of emerging technologies like AI and quantum computing, and the challenges of managing machine identities. Nadhan emphasizes the need for organizations to prepare for future security challenges by understanding the attacker mindset and taking proactive steps today to protect for tomorrow. The conversation also touches on collaboration within the open source community and the role of Red Hat's Field CTO organization in driving innovation and addressing market opportunities.

In this episode of the Trust Issues podcast, host David Puner sits down with Andrew Shikiar, the Executive Director and CEO of the FIDO Alliance, to discuss the critical issues surrounding password security and the innovative solutions being developed to address them. Andrew highlights the vulnerabilities of traditional passwords, their susceptibility to phishing and brute force attacks, and the significant advancements in passwordless authentication methods, particularly passkeys. He explains how passkeys, based on FIDO standards, utilize asymmetric public key cryptography to enhance security and reduce the risk of data breaches. The conversation also covers the broader implications of strong, user-friendly authentication methods for consumers and organizations, as well as the collaborative efforts of major industry players to make the internet a safer place. Additionally, Andrew highlights the importance of identity security in the context of these advancements, emphasizing how robust authentication methods can protect personal and organizational data. Tune in to learn about the future of authentication and the steps being taken to eliminate the reliance on passwords.

In this episode of Trust Issues, host David Puner interviews James Imanian, Senior Director of the U.S. Federal Technology Office at CyberArk. They discuss the critical topic of election security, focusing on the recent 2024 U.S. presidential election. Drawing from his extensive background in cybersecurity including a career in the Navy and a stint at the U.S. Department of Homeland Security, James brings a wealth of experience to the conversation, which explores AI's impact on election security—highlighting how AI has transformed the landscape by increasing the scale, speed and sophistication of misinformation and disinformation campaigns. James explains the differences between misinformation, disinformation and malinformation and their roles in the information environment surrounding elections.He also highlights the importance of public-private partnerships in securing election infrastructure and the role of international collaboration in countering nation-state threats. The episode examines the challenges of maintaining trust in the digital age and the potential of identity verification technologies to enhance information trustworthiness.Finally, the discussion touches on the parallels between election security and enterprise cybersecurity, emphasizing the need for critical thinking and proactive measures to uphold the integrity of both elections and organizational security.For more insights from James Imanian on election security, check out his blog, "Six Key Measures for Upholding Election Security and Integrity."