Business Security Weekly (Audio)
About bridging the gap between security initiatives and business objectives. Hosted by Matt Alderman, co-hosted by Jason Albuquerque, Ben Carr.
info_outline
CISO Lessons from a Children’s Novel as Cybersecurity Outgrows IT and Building Talent - Tom Arnold - BSW #429
01/07/2026
CISO Lessons from a Children’s Novel as Cybersecurity Outgrows IT and Building Talent - Tom Arnold - BSW #429
Cyber threats and cyber criminals indiscriminately target the old as well as young regardless of race, creed or origin. Teens and young adults must realize that on the Internet nobody knows you’re a rat. How do we keep kids and young adults safe in an era of AI-driven attacks? Tom Arnold, Adjunct Professor, Digital Evidence & Forensics, Cybersecurity Graduate Program at the University of Nevada Las Vegas, joins Business Security Weekly to discuss his new book: The Digital Detective: First Intervention. We examine how technologies like deepfakes, voice cloning, and hyper-personalized scams are being used to target younger audiences, and what parents, educators, communities, and CISOs can do to build awareness, resilience, and smart digital habits. Learn how today’s highly organized operations, powered by automation and advanced AI, power the bad actors’ tools, techniques, and procedures—making them more effective than ever. Understanding the past helps us prepare for the future—and protect the next generation online, including our employees. Segment Resources: In the leadership and communications segment, Executives say cybersecurity has outgrown the IT department, The Most Dangerous Leadership Mistake Isn’t a Wrong Answer. It’s a Wrong Question, Building cyber talent through competition, residency, and real-world immersion, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39634945
info_outline
Say Easy, Do Hard - Preventing Burnout, Focusing on CISO Health and Wellness - BSW #428
12/31/2025
Say Easy, Do Hard - Preventing Burnout, Focusing on CISO Health and Wellness - BSW #428
CISO pressures are on the rise - board expectations, executive alignment, AI, and personal liability - and that's all on top of your normal security pressures. With all these pressures, CISO burnout is on the rise. How do we detect it and help prevent it? Easier said than done. In this Say Easy, Do Hard segment, we tackle the health and wellness of the CISO. In part 1, we discuss the increased pressures CISOs face. We all know them, but how are they impacting our daily lives, both at work and at home. In part 2, we discuss detection and prevention techniques to help avoid burnout, including: Detecting the signs of stress Acknowledging there is a problem Asking for help Techniques to deal with stress Industry and community support This is a serious problem in our industry and one we want to continue to focus on as we head into another stressful 2026. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39521920
info_outline
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427
12/24/2025
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427
Join Business Security Weekly for a roundtable-style year-in-review. The BSW hosts share the most surprising, inspiring, and humbling moments of 2025 in business security, culture, and personal growth. And a few of us might be dressed for the upcoming holiday season... Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39517290
info_outline
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
12/17/2025
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
Business Security Weekly is well aware of the cybersecurity hiring challenges. From hiring CISOs to finding the right skills to developing your employees, we cover it weekly in the leadership and communications segment. But this week, our guest interview digs into the global cybersecurity hiring trends. Jim McCoy, CEO at Atlas, joins Business Security Weekly to share his expertise on the global workforce needs in the 160 countries where Atlas provides direct Employer of Record services. From CISO hiring to where to build security teams, Jim will help us navigate the cybersecurity hiring challenges most organizations face. In the leadership and communications segment, CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap, Rethinking the CIO-CISO Dynamic in the Age of AI, Transparent Leadership Beats Servant Leadership, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39427790
info_outline
Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks - Justin Hazard - BSW #425
12/10/2025
Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks - Justin Hazard - BSW #425
Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO’s greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39343410
info_outline
Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424
12/03/2025
Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424
While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, Mike will explore how bad actors are focusing their attacks on SaaS applications, hijacking tokens and how misconfigured integrations are used to bypass traditional defenses. Mike will also discuss how IT leaders can rethink protecting their essential SaaS business applications with tools that go beyond endpoint and MFA strategies to secure the modern user. This segment is sponsored by Kaseya 365 User. Visit to learn more about them! In the leadership and communications segment, The rise of the chief trust officer: Where does the CISO fit?, When Another Company’s Crisis Hurts Your Reputation, Effective Workplace Communication Tips, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39238550
info_outline
Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423
11/26/2025
Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423
The Security Weekly 25 index is back near all time highs as the NASDAQ hits another record high. Funding and acquisitions have shifted to AI as the security industry continues to evolve. We also had a new IPO, Netskope. They will replace CyberArk once the Palo Alto Networks acquisition closes, allowing the index to survive another public company acquisition. In the leadership and communications segment, Boards Seeking AI Specialists, A CISO’s Guide to Navigating the Urgent AI Security Storm, How to Write AI Prompts That Get Results (& Don’t Suck), and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39166775
info_outline
Health and Wellness of the CISO as They Crack Under Pressure and Need a BISO to Scale - Dr. Yonesy Núñez - BSW #422
11/19/2025
Health and Wellness of the CISO as They Crack Under Pressure and Need a BISO to Scale - Dr. Yonesy Núñez - BSW #422
It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39079025
info_outline
Securing Model Context Protocol as Companies Plan to Replace Entry Roles with AI - Rahul Parwani - BSW #421
11/12/2025
Securing Model Context Protocol as Companies Plan to Replace Entry Roles with AI - Rahul Parwani - BSW #421
As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP? Rahul Parwani, Head of Product, Security Solutions at Airia, joins Business Security Weekly to discuss the challenges of MCP and how to secure this new protocol. Rahul will cover how Aria's solutions help you secure your AI development by: Centralizing Access Control Enforcing Security Policies Maintaining Compliance Enabling Rapid Response This segment is sponsored by Airia. Visit to learn more about them! In the leadership and communications segment, CISO Burnout – Epidemic, Endemic, or Simply Inevitable?, If Trust Is So Important, Why Aren’t We Measuring It?, Over one-third of companies plan to replace entry roles with AI, survey says, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39000355
info_outline
Defense Against Configurations as CIOs and CISOs Show Value Through Risks and Metrics - Rob Allen - BSW #420
11/05/2025
Defense Against Configurations as CIOs and CISOs Show Value Through Risks and Metrics - Rob Allen - BSW #420
What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment’s compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can: Identify misconfigurations before they become exploited vulnerabilities Monitor configuration compliance with major frameworks Receive clear, actionable remediation guidance and more! This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can’t Succeed Without a Talent Strategy, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38912260
info_outline
Emergence of the Chief Trust Officer as CISOs Earn Business Respect and Agenda Shifts - Jeff Pollard - BSW #419
10/29/2025
Emergence of the Chief Trust Officer as CISOs Earn Business Respect and Agenda Shifts - Jeff Pollard - BSW #419
Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust? Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the emergence of the Chief Trust Officer. For organizations that refuse to leave trust to chance, chief trust officers have emerged as the role responsible for shaping their firm’s destiny. Jeff will explain why the role has emerged and details its responsibilities, organizational structures, and measures for success. In the leadership and communications segment, Why must CISOs slay a cyber dragon to earn business respect?, Simon Sinek says the most successful people in the world ‘hit zero’ or came close to it: Failure is ‘the gift’, The Remote Leadership Paradox: Why Your Team Feels Micromanaged AND Abandoned (And How to Fix It), and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38808960
info_outline
Security That Sticks: Shaping Human Behavior - Rinki Sethi, Nicole Jiang - BSW #418
10/22/2025
Security That Sticks: Shaping Human Behavior - Rinki Sethi, Nicole Jiang - BSW #418
As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they’re most relevant) are delivering faster, more effective behavior change that lasts. Segment Resources: Five must-haves of modern human risk management: Starter RFP for modern human risk management: This segment is sponsored by Fable Security. Visit to learn more about them! In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38726845
info_outline
Automating Compliance and Risk with Agentic AI as CISOs (R)Evolve - Trevor Horwitz - BSW #417
10/15/2025
Automating Compliance and Risk with Agentic AI as CISOs (R)Evolve - Trevor Horwitz - BSW #417
Still managing compliance in a spreadsheet? Don't have enough time or resources to verify your control or risk posture? And you wonder why you can't get the budget to move your compliance and risk programs forward. Maybe it's time for a different approach. Trevor Horwitz, Founder and CISO at TrustNet joins Business Security Weekly to discuss how the evolution of Agentic AI can automate compliance and risk programs. Move beyond spreadsheets and let the power of AI streamline your compliance and risk program. In the leadership and communications segment,Is the CISO chair becoming a revolving door?, When Integrity Collides with Bureaucracy: The Price of Leadership in Cybersecurity — and Why Walking Away Can Be the Bravest Act!, Improve Communication With Others By Talking Less — Not More, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38585245
info_outline
Forrester's Global Cybersecurity Market Forecast Before AI Fully Kicks In - Merritt Maxim - BSW #416
10/08/2025
Forrester's Global Cybersecurity Market Forecast Before AI Fully Kicks In - Merritt Maxim - BSW #416
Global spending on cybersecurity products and services will see a strong 14.4% CAGR from 2024 through 2029 and will hit $302.5 billion in 2029, driven by continued concerns around cyberattacks across all verticals and geographies. But where is the spending occuring and how do you prepare? Merritt Maxim, VP & Research Director at Forrester, joins Business Security Weekly to discuss the Global Cybersecurity Market Forecast, 2024 To 2029 report. Merritt will discuss the findings, including: In 2029, 69% of cybersecurity spending will be on software across seven prime functional disciplines of cybersecurity (applications, cloud, data, endpoint, network, identity, and security operations); the remaining spending will be allocated to security services, excluding security outsourcing, implementation, and deployment services; and AI software spending will grow at a CAGR of 21.2%, from $74.3 billion in 2024 to $194.3 billion by 2029. See Merritt's blog of the results at . In the leadership and communications segment, The problem with cybersecurity is not just hackers – it’s how we measure risk, What California’s new AI law means for CIOs (and CISOs), The Language of Leadership: How to Set Firm Boundaries Without Sounding Like a Jerk, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38499400
info_outline
Future Forward: CIO 2025 Outlook - Cybersecurity, AI, and Economic Uncertainty? - Amanda Jack - BSW #415
10/01/2025
Future Forward: CIO 2025 Outlook - Cybersecurity, AI, and Economic Uncertainty? - Amanda Jack - BSW #415
More than four out of ten (41%) Chief Information Officers (CIOs) report cybersecurity as their top concern, yet these same leaders are simultaneously increasing security budgets (77%), expanding cloud infrastructure (68%), and accelerating artificial intelligence (AI) capabilities (67%). According to the new Future Forward: CIO 2025 Outlook report released by Experis, a global leader in IT workforce solutions and part of the ManpowerGroup (NYSE: MAN) family of brands, modern technology leaders are walking a tightrope between protecting their organizations and driving innovation in an era of relentless cyber threats and rapid digital transformation. Amanda Jack, CTO at Manpower Group, joins Business Security Weekly to share the finding, including: 77% of organizations plan to increase cybersecurity budgets in 2025, followed by cloud infrastructure (68%) and AI (67%) 76% of IT employers worldwide report difficulty finding skilled tech talent 52% of tech leaders are embedding AI skills into existing roles rather than creating new positions Relationship with the Chief Operating Officer (COO) is identified as the most important C-suite partnership outside IT 56% of IT leaders say senior leadership lacks sufficient knowledge about the CIO role and its responsibilities Segment Resources: In the leadership and communications segment, Is Your Board Too Collegial?, Cybersecurity, AI, and Economic Uncertainty: How Internal Audit Teams Are Managing 2025's Top Risks, Burnout in the corporate middle: when leadership becomes an issue, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38410325
info_outline
Rearchitecting Systems for Privacy as AI Agents Force You to Rethink Security - Guillaume Jaulerry - BSW #414
09/24/2025
Rearchitecting Systems for Privacy as AI Agents Force You to Rethink Security - Guillaume Jaulerry - BSW #414
As AI and cloud-based services power our connected world, individuals are facing an unprecedented privacy crisis. With more than 2.3 billion people entrusting their data to the cloud and centralized servers, cyberattacks, data breaches, surveillance, identity theft, and privacy threats are now everyday risks. How do we protect against these threats? O Company founder and CEO, Guillaume Jaulerry, believes we’ve crossed a critical threshold -- cloud dependence has quietly become a strategic liability, and individuals, professionals, and enterprises alike are facing a looming privacy crisis. Guillaume joins Business Security Weekly to share his perspective on how technology should shift, putting in the center of it human privacy. In the leadership and communications segment, Fewer CISOs feel aligned with their boards on cybersecurity this year, AI agents are here, now comes the hard part for CISOs, How to Network Better, Build Leadership Skills, and Negotiate Raises Effectively, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38329005
info_outline
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
09/17/2025
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at ! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What’s happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38243410
info_outline
Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412
09/10/2025
Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412
With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker’s new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you’re a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: This segment is sponsored by ThreatLocker. Visit to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can’t afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38147005
info_outline
Security Money: The Index Dips and 20 Years of Cybersecurity Consolidation - Ross Haleliuk - BSW #411
09/03/2025
Security Money: The Index Dips and 20 Years of Cybersecurity Consolidation - Ross Haleliuk - BSW #411
The cybersecurity industry is undergoing a consolidation wave that is moving far faster than many realize. This isn’t at all about CISOs wanting fewer tools as much as some would like to think - the changes are happening at the macro level. Ross Haleliuk joins BSW to present the most comprehensive illustration ever made of how our industry has consolidated over the past 20 years, showing how 200 companies turned into just 11. Then we cover our quarterly Security Money segment. The markets are on a high, but the Security Weekly 25 index dips. What's up? We'll dig into the latest earnings and news for both the public and private security markets. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38021935
info_outline
vCISO Benefits as the CISO Becomes Strategic and the Board's Responsible for Security - Brian Haugli - BSW #410
08/27/2025
vCISO Benefits as the CISO Becomes Strategic and the Board's Responsible for Security - Brian Haugli - BSW #410
Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider? Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share: Current vCISO trends What to look for in vCISO services Who fits/doesn't fit as a vCISO vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview. In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37967825
info_outline
Misconfiguration, The Forgotten Vulnerability and the Power and Failure of "Yes" - Danny Jenkins - BSW #409
08/20/2025
Misconfiguration, The Forgotten Vulnerability and the Power and Failure of "Yes" - Danny Jenkins - BSW #409
The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers’ inboxes Segment Resources: This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37878475
info_outline
Defending Trust & Reputation as CISOs and Leaders Prepare Their AI Strategy - Santosh Nair - BSW #408
08/13/2025
Defending Trust & Reputation as CISOs and Leaders Prepare Their AI Strategy - Santosh Nair - BSW #408
As brands grow more digital, the threats grow more personal. Attackers impersonate executives, spin up fake websites, and leak sensitive data — hurting business reputations and breaking customer trust. How do you defend your organization's reputation and customers' trust? Santosh Nair, Co-Founder and CTO at Styx Intelligence, joins Business Security Weekly to discuss how to defend trust and reputation in the age of AI. Santosh will cover both the company and executive challenges of defending against the latest AI attacks, including: Impersonations and Deepfakes Employee Scams Financial Fraud Segment Resources: - - - In the leadership and communications section, Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture, Your AI Strategy Needs More Than a Single Leader, Avoid These Communication Breakdowns When Launching Strategic Initiatives, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37779635
info_outline
Say Easy, Do Hard - AI Governance in the Supply Chain - Richard Bird, Nick Mistry - BSW #407
08/06/2025
Say Easy, Do Hard - AI Governance in the Supply Chain - Richard Bird, Nick Mistry - BSW #407
Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, and other AI resources are used. And with this expansion of third-party AI component and services use comes an expanded security threat often not included in traditional supply chain management processes. It's time to update our supply chain management process to include AI governance. Easier said than done. In this Say Easy, Do Hard segment, we invite three CISOs to discuss the challenges of AI and the supply chain, including: Data privacy concerns Flaws and malicious code in AI dependencies Lack of security tools to test for AI Vibe coding risks and more. But we also do the hard part, by discussing the changes needed to your supply chain management process to address these concerns. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37694235
info_outline
Aligning Security Objectives, Ditch the Ego, Lead for Real and Succeed - BSW #406
07/30/2025
Aligning Security Objectives, Ditch the Ego, Lead for Real and Succeed - BSW #406
In the leadership and communications section, The CISO code of conduct: Ditch the ego, lead for real, The books shaping today’s cybersecurity leaders, How to Succeed in Your Career When Change Is a Constant, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37600345
info_outline
Getting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team - Khaja Ahmed - BSW #405
07/23/2025
Getting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team - Khaja Ahmed - BSW #405
How do we get security right? The answer varies by many factors, including industry, what you're trying to protect, and what the C Suite and Board care about. Khaja Ahmed, Advisor at CISO Forum, joins Business Security Weekly to discuss how to get consensus on your security program. CISOs, executives, and the Board need to be aligned on the risks and how best to address them. And it's not technical risks, it's business risks measured by legal or financial impact. Khaja will help guide new and existing CISOs on how to: Work across the business to build consensus Identify and quantify risks in financial and legal terms Design security from the start Be effective as a security leader In the leadership and communications section, Is the C-Suite Right for You?, What Fortune 100s are getting wrong about cybersecurity hiring, Why Communication Is Exhausting in Chaotic Workplaces, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37505875
info_outline
Minimize SAP Migration Challenges, Cybersecurity Maturity, and Radical Transparency - Christopher Carter - BSW #404
07/16/2025
Minimize SAP Migration Challenges, Cybersecurity Maturity, and Radical Transparency - Christopher Carter - BSW #404
Are you running SAP? The clock is ticking... Standard maintenance end-of-life is set for the end of 2027. Migration to S/4HANA must be completed by then (or 2030 if you buy into SAP’s special three-year reprieve). While that may appear to be enough time, companies currently working toward an S/4HANA transition are finding the journey challenging, and that's not including the security challenges. Chris Carter, CEO at Approyo, joins Business Security Weekly to discuss your SAP options, including: ERP Strategy: Stay with SAP or migrate to other solutions? S/4HANA Architecture: All cloud or cloud/on-premise? Security Challenges: Cloud vs. on-premise SAP Migration: Recommendations for success In the leadership and communications section, Where cybersecurity maturity meets confidence in C-suite and board leadership, Has CISO become the least desirable role in business?, How Radical Transparency Is Revolutionizing Leadership, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37419685
info_outline
SolarWinds Settlement, Upgrade Your Leadership Instincts to Build Your Legacy - BSW #403
07/09/2025
SolarWinds Settlement, Upgrade Your Leadership Instincts to Build Your Legacy - BSW #403
SEC settles with SolarWinds. We react! In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37336345
info_outline
The Value of Zero Trust - Rob Allen - BSW #402
07/02/2025
The Value of Zero Trust - Rob Allen - BSW #402
New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected reduction of up to $465 billion in global annual total economic losses. But Zero Trust projects have struggled due to complexity. Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss the simplicity of Zero Trust Endpoint Protection and how it can drive value. Rob will discuss how the ThreatLocker® Zero Trust Endpoint Protection Platform offers a unified approach to protecting users, devices, and networks with ease of deployment and management. Zero Trust doesn't have to be complex. This segment is sponsored by ThreatLocker. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37241625
info_outline
Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
06/25/2025
Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
In this episode, Mandy Logan, Summer Craze Fowler, Jason Albuquerque, and Jeff Pollard of Forrester discuss the challenges and strategies for CISOs in navigating volatility in the security landscape. They emphasize the importance of building relationships within the organization, particularly with the CFO, to manage budgets effectively. The conversation also covers the significance of communicating security needs in terms of compliance and customer requirements, maximizing budget through flex spending, and the role of automation and AI in enhancing security operations. Additionally, they highlight the need for effective data management to reduce costs and improve efficiency. In pre-recorded interviews from RSAC, learn the following! With the power of zero trust and AI, Zscaler help organizations strengthen and automate IT and security, reduce costs, and minimize complexity. Zscaler helps reduce the attack surface, block threats via full TLS inspection, and eliminate lateral threat movement. This segment is sponsored by Zscaler. Visit to learn more about them! The modern workspace, increasingly reliant on cloud-based applications, browser-first access, and AI integration, faces significant security challenges that outpace the capabilities of traditional tools. Legacy solutions, including VPNs and even early ZTNA implementations, are proving vulnerable to sophisticated attacks leading to data breaches and operational disruptions. The fundamental shift in how we work demands a new approach, one that closes the gaps left by the platform approach. We need the ability to 'trust nothing and click on anything with zero risk.' We need to take zero trust beyond the network that we operate and control. Future of Browser Security Webinar with Google: Browser security report: Global Cyber Gangs report: Everywhere Access White Paper: This segment is sponsored by Menlo Security. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37137515
info_outline
CISO Cyber Insurance Empowerment - Morey Haber, Peter Hedberg, Stephan Jou - BSW #400
06/18/2025
CISO Cyber Insurance Empowerment - Morey Haber, Peter Hedberg, Stephan Jou - BSW #400
In this episode of Business Security Weekly, Mandy Logan, along with guests Peter Hedberg, Summer Craze Fowler, and Ben Carr, delve into the complexities of cyber insurance and the empowerment of Chief Information Security Officers (CISOs). The discussion covers the evolving landscape of cyber insurance, the critical role of underwriting, and the importance of collaboration between CISOs and insurers. The guests share insights on risk assessment, the significance of incident response planning, and the need for CISOs to be recognized as key players in the boardroom. The conversation emphasizes the necessity of building strong relationships with insurers and leveraging data to enhance security measures. This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: For a copy of the Microsoft Vulnerabilities Threat Report: Blog re: Report: Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization’s attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. This segment is sponsored by OpenText. Visit to learn more about them! This segment is sponsored by BeyondTrust. Visit to for a copy of the Microsoft Vulnerabilities Threat Report! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37042500