loader from loading.io

Enterprise Security Weekly (Video)

Ransomware, Agentic AI, and Supply Chain Risks: Insights from Black Hat 2025 - Theresa Lanowitz, Yuval Wollman, Mickey Bresman, J.J. Guy, Jason Passwaters, HD Moore, Jawahar “Jawa” Sivasankaran - ESW #423 show art Ransomware, Agentic AI, and Supply Chain Risks: Insights from Black Hat 2025 - Theresa Lanowitz, Yuval Wollman, Mickey Bresman, J.J. Guy, Jason Passwaters, HD Moore, Jawahar “Jawa” Sivasankaran - ESW #423

Enterprise Security Weekly (Video)

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity’s most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue’s global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit to...

info_outline Dave Lewis talks M&A due diligence, TBD topic, the weekly news - Dave Lewis - ESW #422 show art Dave Lewis talks M&A due diligence, TBD topic, the weekly news - Dave Lewis - ESW #422

Enterprise Security Weekly (Video)

Interview with Dave Lewis on Security's Role in M&A Due Diligence In this episode, Dave Lewis from 1Password discusses the critical importance of security in mergers and acquisitions, from due diligence through integration. He explores common pitfalls, essential security assessments, and practical strategies for security leaders to protect organizational value throughout the M&A process. Topic: The Challenge of Breach Transparency Every industry concerned with safety has a process for publishing the details of accidents, incidents, and failures. Cybersecurity has yet to reach this...

info_outline Oktane Preview with Harish Peri, Invisible Prompt Attacks, and the weekly news! - Harish Peri - ESW #421 show art Oktane Preview with Harish Peri, Invisible Prompt Attacks, and the weekly news! - Harish Peri - ESW #421

Enterprise Security Weekly (Video)

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack...

info_outline Rethinking risk based vulnerability management, Black Hat expo insights, and the news - Snehal Antani - ESW #420 show art Rethinking risk based vulnerability management, Black Hat expo insights, and the news - Snehal Antani - ESW #420

Enterprise Security Weekly (Video)

Interview with Snehal Antani - Rethinking Risk-Based Vulnerability Management Vulnerability management is broken. Organizations basically use math to turn a crappy list into a slightly less crappy list, and the hardest part of the job as a CIO is deciding what NOT to fix. There has to be a better way, and there is... Segment Resources: This segment is sponsored by Horizon3.ai. Visit to learn more about them! Topic - Andy Ellis's Black Hat Expo Experience Andy Ellis visited every booth at Black Hat. Every. Single. One. He wrote up what he learned and we discuss his findings! News Finally,...

info_outline ESW at BlackHat and the weekly enterprise security news - ESW #419 show art ESW at BlackHat and the weekly enterprise security news - ESW #419

Enterprise Security Weekly (Video)

Topic Segment - What's new at Black Hat? We're coming live from hacker summer camp 2025, so it seemed appropriate to share what we've seen and heard so far at this year's event. Adrian's on vacation, so this episode is featuring Jackie McGuire and Ayman Elsawah! News Segment Then, in the enterprise security news, Tons of funding! SentinelOne picks up an AI security company weeks after Palo Alto closes the Protect AI deal Vendors shove AI agents into everything they’ve got Why SOC analysts ignore your playbooks NVIDA pinkie swears to China: no back doors! ChatGPT was allowing shared chat...

info_outline Weekly Enterprise Security News and Tips on Building Security From Day 1 - Guillaume Ross - ESW #418 show art Weekly Enterprise Security News and Tips on Building Security From Day 1 - Guillaume Ross - ESW #418

Enterprise Security Weekly (Video)

The Weekly Enterprise News (segments 1 and 2) This week, we’ve had to make some last minute adjustments, so we’re going to do the news first, split into two segments. This week, we’re discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they’re REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer...

info_outline tj-actions Lessons Learned, US Cyber Offense, this week's enterprise security news - Dimitri Stiliadis - ESW #417 show art tj-actions Lessons Learned, US Cyber Offense, this week's enterprise security news - Dimitri Stiliadis - ESW #417

Enterprise Security Weekly (Video)

Interview Segment - Lessons Learned from the tj-actions GitHub Action Supply Chain Attack with Dimitri Stiliadis Breach analysis is one of my favorite topics to dive into and I’m thrilled Dimitri is joining us today to reveal some of the insights . It isn’t an overstatement to say that some of the lessons to be learned from this incident represent fundamental changes to how we architect development environments. Why are we talking about it now, 4 months after it occurred? In the case of the Equifax breach, the most useful details about the breach didn’t get released to the public until...

info_outline The Cyber Canon, ditching the SOC 2, and the weekly enterprise news - Helen Patton - ESW #416 show art The Cyber Canon, ditching the SOC 2, and the weekly enterprise news - Helen Patton - ESW #416

Enterprise Security Weekly (Video)

Segment 1 - Interview with Helen Patton: Introducing the Cybersecurity Canon Did you know that there’s a hall-of-fame for cybersecurity books? Over the past decade, the Cybersecurity Canon has published reviews on dozens of cybersecurity books and established a hall of fame. Hall of fame books are defined as titles that all cybersecurity professionals should read - a great short list for those new to the field and overwhelmed by choices. Helen Patton, co-founder and Chief of Staff for the Cybersecurity Canon joins us to tell us all about the Canon, how it came to be, and its transformation...

info_outline Monzy Merza, How Much AI is Too Much, and the Weekly News - Monzy Merza - ESW #415 show art Monzy Merza, How Much AI is Too Much, and the Weekly News - Monzy Merza - ESW #415

Enterprise Security Weekly (Video)

Segment 1: Interview with Monzy Merza - There is a Right and Wrong Way to use AI in the SOC In the rush to score AI funding dollars, a lot of startups build a basic wrapper around existing generative AI services like those offered by OpenAI and Anthropic. As a result, these services are expensive, and don't satisfy many security operations teams' privacy requirements. This is just the tip of the iceberg when discussing the challenges of using AI to aid the SOC. In this interview, we'll dive into the challenge of finding security vendors that care about security, the need for transparency in...

info_outline Identity, AI & Access: Highlights from Identiverse 2025 - Treb Ryan, Sagi Rodin, Amir Ofek, Artyom Poghosyan, Ajay Amlani, Ajay Gupta - ESW #414 show art Identity, AI & Access: Highlights from Identiverse 2025 - Treb Ryan, Sagi Rodin, Amir Ofek, Artyom Poghosyan, Ajay Amlani, Ajay Gupta - ESW #414

Enterprise Security Weekly (Video)

Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical tools are overpriced, overcomplicated, and reserved for companies that can afford to overpay and have full-time security teams. That’s broken. Cubeless is tearing down the barriers. With Cubeless Verify, we’re delivering SSO and MFA that anyone...

info_outline
 
More Episodes

Interview with Dave Lewis

Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security.

This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them!

Topic Segment: Is AI taking our jerbs or not?

I listened to most of a debate between Marcus Hutchins and Daniel Miessler over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared.

Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole.

Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage?

Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question.

The Enterprise News

In this week's enterprise security news,

  1. Not much interesting funding to discuss
  2. Securonix acquires ThreatQuotient
  3. Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something)
  4. Yet another free vulnerability database
  5. ChatGPT can now clandestinely record meetings
  6. Threat detection resources
  7. a VERY expensive Zoom call (for the victim)
  8. Should we stop using SOC2s?
  9. Should we give up on least privilege?
  10. How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max?

Show Notes: https://securityweekly.com/esw-413