Building Cyber Resilience: AI Threats, Mid-Market Risks & Ransomware Trends - Karl Van den Bergh, Tony Anscombe, Eyal Benishti, Nick Carroll, Chad Alessi, Chris Peluso - ESW #409
Enterprise Security Weekly (Audio)
Release Date: 06/02/2025
Aligning teams for effective remediation, Anthropic's latest report, and the news - Ravid Circus - ESW #434
Enterprise Security Weekly (Audio)
Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity’s 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations. Segment Resources: Topic Segment: Thoughts on Anthropic's latest security report Ex-SC Media journalist Derek Johnson did a great job writing this one up over at Cyberscoop: There are a number of interesting questions that have been raised here. Some...
info_outline
Year of the (Clandestine) Linux Desktop, topic, and the news - Rob Allen - ESW #433
Enterprise Security Weekly (Audio)
Segment 1: Interview with Rob Allen It’s the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy. In this segment, we’ll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker. Segment Resources: This segment is sponsored by ThreatLocker. Visit to...
info_outline
OT Security Doesn't Have to be a Struggle, Spotting Red Flags, Enterprise News - Joshua Hay, Todd Peterson - ESW #432
Enterprise Security Weekly (Audio)
Segment 1: OT Security Doesn’t Have to be a Struggle OT/ICS/SCADA systems are often off limits to cybersecurity folks, and exempt from many controls. Attackers don’t care how fragile these systems are, however. For attackers aiming to disrupt operations, fragile but critical systems fit criminals’ plans nicely. In this interview, we discuss the challenge of securing OT systems with Todd Peterson and Joshua Hay from Junto Security. This segment is sponsored by Junto Security. Visit to learn more! Segment 2: Topic - Spotting Red Flags in Online Posts This week's topic segment is all about...
info_outline
Transforming Frontline Workflows with Passwordless Access, AI costs, and the News - Joel Burleson-Davis - ESW #431
Enterprise Security Weekly (Audio)
Segment 1: Interview with Joel Burleson-Davis Frontline workers can’t afford to be slowed down by manual, repetitive logins, especially in mission-critical industries where both security and productivity are crucial. This segment will explore how inefficient login methods erode productivity, while workarounds like shared credentials increase risk, highlighting why passwordless authentication is emerging as a game-changer for frontline access to shared devices. Joel Burleson-Davis, Chief Technology Officer of Imprivata, will share how organizations can adopt frictionless and secure access...
info_outline
Securing AI Agents with Dave Lewis, Enterprise News, and interviews from Oktane 2025 - Mike Poole, Conor Mulherin, Dave Lewis - ESW #430
Enterprise Security Weekly (Audio)
Segment 1: Interview with Dave Lewis from 1Password In this week's sponsored interview, we dive into the evolving security landscape around AI agents, where we stand with AI agent adoption. We also touch on topics such as securing credentials in browser workflows and why identity is foundational to AI agent security. This segment is sponsored by 1Password. Visit to learn more! Segment 2: Enterprise News In this week's enterprise security news, one big acquisition, two small fundings not all AI is bad deepfakes are getting crazy good make sure you log what your AI agents do Copilot prompt...
info_outline
Mitigating attacks against AI-enabled Apps, Replacing the CIA triad, Enterprise News - David Brauchler - ESW #429
Enterprise Security Weekly (Audio)
Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group’s AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks....
info_outline
New book from Dr. Anand Singh, why CISOs buy, and the latest news - Anand Singh - ESW #428
Enterprise Security Weekly (Audio)
Segment 1 - Interview with Dr. Anand Singh We're always thrilled to have authors join us to discuss their new book releases, and this week, it is Dr. Anand Singh. He seriously hustled to get his new book, Data Security in the Age of AI, out as soon as possible so that it could help folks dealing with securing AI rollouts right now! We'll discuss why he wrote it, how he got it done so quickly, and who needs to read it. Segment Resources: Get the book on Amazon: (available in Kindle and print) Segment 2 - Topic: The reasons why CISOs buy (and the things that don't matter to them) Val Tsanev,...
info_outline
AI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) - Matt Immler, Heather Ceylan, Alexander Makarov, Nitin Raina, Dor Fledel, Aaron Parecki - ESW #427
Enterprise Security Weekly (Audio)
At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today’s AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks. In this special Enterprise Security Weekly episode, we bring together insights from top experts: Dor Fledel (Okta) explains how teams can gain visibility into AI agents, uncover risks, and enforce appropriate access...
info_outline
Live interviews from Oktane 2025: threats, AI in apps, and AI in cybersecurity tools - Brett Winterford, Shiv Ramji, Damon McDougald - ESW #426
Enterprise Security Weekly (Audio)
How identity security can keep pace with the evolving threat landscape, with Brett Winterford Today’s threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team’s most recent investigations, as well as recommendations for organizations looking to strengthen their defenses. Segment Resources How to navigate app development in the AI era with Shiv Ramji As AI...
info_outline
Disruption is Coming for the Vulnerability Management Market - Tod Beardsley - ESW #425
Enterprise Security Weekly (Audio)
Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out to learn more! Topic Segment: NPM Incidents In this week’s topic segment, we’re discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents . Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP...
info_outlineSegment 1
CTG Interview
Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what’s keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure.
Cyber Resilience in Action: A Guide for Mid-Market Firms
This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them!
Nightwing Interview
Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today’s threat landscape.
This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them!
Segment 2
Libraesva Interview
Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message.
This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them!
IRONSCALES Interview
Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception.
- Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking
- Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people
- Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images
IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes.
- Assessing Organizational Readiness in the Face of Emerging Cyber Threat
- Using AI to Enhance Defensive Cybersecurity white paper
- The Hidden Gaps of SEG Protection white paper
This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them!
Segment 3
Illumio Interview
In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph.
Segment Resources:
- Rethinking Threat Detection in a Decentralized World
- Illumio Insights Announcement
- More information about Illumio Insights
This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview!
ESET Interview
The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats.
Segment Resources:
- https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/
- https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/
This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-409