Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM - Alexandre Sieira, Lenny Zeltser, Helen Patton - ESW #452
Enterprise Security Weekly (Audio)
Release Date: 03/30/2026
Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM - Alexandre Sieira, Lenny Zeltser, Helen Patton - ESW #452
Enterprise Security Weekly (Audio)
Interview with Helen Patton about her new book, Switching to Cyber Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career. Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career: and on the publisher's Interview with Lenny Zeltzer: Reflections on Being a CISO After a cybersecurity career in various roles, doing everything from product management to...
info_outline
Can AI help critical infrastructure, the state of the cyber market, and weekly news - Mike Privette, Kara Sprague - ESW #451
Enterprise Security Weekly (Audio)
Interview with Kara Sprague - The AI Fix for Infrastructure’s Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette - The State of the Cybersecurity Market Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His covers the latest fundings, acquisitions, public...
info_outline
AI Governance, new book (Code War) from Allie Mellen, and the weekly news! - Jeremy Snyder, Allie Mellen - ESW #450
Enterprise Security Weekly (Audio)
Interview with Jeremy Snyder from FireTail about AI Governance Death by a thousand cuts: the AI shadow IT problem I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going. Segment 1 Resources: Interview with Allie Mellen about her new book, Code...
info_outline
Breaking in with CrashFix, supply chain security, and CMMC phase 1 - David Zendzian, Anna Pham, Jacob Horne - ESW #449
Enterprise Security Weekly (Audio)
Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke’s malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate...
info_outline
OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448
Enterprise Security Weekly (Audio)
Interview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We...
info_outline
Bringing intelligence to assets, new White House cybersecurity strategy, and the news - Tim Morris - ESW #447
Enterprise Security Weekly (Audio)
Segment 1 - Interview with Tim Morris Bringing intelligence to assets You’ve been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources This segment is...
info_outline
Hardware-level zero trust, don't trust AI with your employees, and the news - J Wolfgang Goerlich, Matias Katz - ESW #446
Enterprise Security Weekly (Audio)
Segment 1: Interview with Mathias Katz What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised? Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him. Segment 2: Interview with Wolfgang Goerlich Addressing the nuanced, nefarious threats of AI Sure, we need to worry about AI prompt injection and AI data leakage, but what about the threats to our BRAINS? Seriously, as we start to have daily...
info_outline
Clickfixed, Zero Trust World, and OpenClaw is out of control - but that's the point - Rob Allen - ESW #445
Enterprise Security Weekly (Audio)
Interview Segment - Rob Allen - Clickfix "Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it! This segment is sponsored by ThreatLocker. Visit to learn more about them! Interview Segment - Rob Allen - Zero Trust World Threatlocker's 6th annual Zero Trust World event is happening next month! This...
info_outline
Initial entry to resilience: understanding modern attack flows and this week's news - Warwick Webb - ESW #444
Enterprise Security Weekly (Audio)
Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don’t unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today’s breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He’ll discuss how unified platforms, machine-speed detection powered by global...
info_outline
The future of data control, why detection fails, and the weekly news - Thyaga Vasudevan - ESW #443
Enterprise Security Weekly (Audio)
Segment 1: Interview with Thyaga Vasudevan Hybrid by Design: Zero Trust, AI, and the Future of Data Control AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world. In this episode, we’ll unpack why real-time visibility and control over data usage are now essential...
info_outlineInterview with Helen Patton about her new book, Switching to Cyber
Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career.
Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career:
- on Amazon
- on Barnes & Noble
- and on the publisher's website
Interview with Lenny Zeltzer: Reflections on Being a CISO
After a cybersecurity career in various roles, doing everything from product management to malware analysis training, Lenny spent 6 years in the CISO seat at Axonius, from near the inception of the company through its growth from its modest Series A stage in 2019 to the present, with nearly a billion in funding today.
Lenny's CISO Essays:
- What Being a CISO Taught Me About Security Leadership
- As a CISO, Are You a Builder, Fixer, or Scale Operator?
- The Chief Insecurity Officer
Interview with Alexandre Sieira: The state of TPCRM is shifting
The gold standard for third party cyber risk management has long been the humble questionnaire. While we've seen security rating services companies generate scores by scanning a company's external resources. Both approaches are widely considered inaccurate for either creating trust relationships or determining the true risk of doing business with a third party.
Every analysis of this problem comes to the same conclusion: without internal data about the state of systems and the security program, TPCRM can't improve substantially. Most this believe this to be an impossible problem: third parties would never share data this sensitive with a customer and first parties assume the same.
What if they did?
That's exactly the premise behind Tenchi Security, and Alexandre joins us to talk about how they've accomplished the 'impossible' in Brazil and aim to expand their success to the US.
Resources:
- Thoughts from a panel discussion at a recent FS-ISAC event, shared on LinkedIn
- Predicts 2026: Third-Party Cybersecurity Risk Management Evolves for the AI Era (Gartner Subscribers only, sorry)
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-452