Business Security Weekly (Audio)
About bridging the gap between security initiatives and business objectives. Hosted by Matt Alderman, co-hosted by Jason Albuquerque, Ben Carr.
info_outline
Zero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security - John Bruggeman, Christy Wyatt, John Anthony Smith - BSW #442
04/08/2026
Zero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security - John Bruggeman, Christy Wyatt, John Anthony Smith - BSW #442
Autonomous AI agents are creating a new attack surface for enterprise security teams, particularly as organizations deploy agents for operational tasks such as customer support automation, data analysis, and incident response. How can we align our Zero Trust initiatives to also address the emerging Agentic AI risks? John Bruggeman, Consulting CISO at CBTS, joins Business Security Weekly to discuss how your Zero Trust readiness can also prepare you for Agentic AI deployments. Organizations are granting agents access to sensitive systems without the security controls typically required for other Zero Trust initiatives. John will help educate CISOs on what they should be doing now to get ahead of the risk, including: Agent inventory Data security controls, including data model poisoning Agent identity controls, including authorization and access levels Infrastructure security controls, including MCP servers Why More Technology Hasn’t Made Us More Secure Despite massive investment in cybersecurity tools, organizations remain vulnerable because their existing technologies are often misconfigured, poorly integrated, and disconnected from real operational risk. This keynote argues that complexity, human decision‑making, and gaps in execution—not a lack of products—are what truly empower attackers, especially as modern environments like cloud and SaaS expand the attack surface. Real security comes from simplifying, aligning, and expertly orchestrating what organizations already own, shifting the focus from buying tools to achieving disciplined, resilient outcomes grounded in breach reality. This segment is sponsored by Fenix24. Visit to learn more about them! Downtime: The New Economic Threat Downtime is costing global enterprises hundreds of billions of dollars in losses annually. Caused by cyber incidents and software failures, enterprise CISOs are searching for strategies and solutions that will accelerate recovery and restoration of business operations after cyber disruptions render systems inoperable. This segment is sponsored by Absolute Security. Visit to join The Resilient CISO Inner Circle! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40760950
info_outline
Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta - Amit Sinha, Ann Marie van den Hurk, Matt Immler - BSW #441
04/01/2026
Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta - Amit Sinha, Ann Marie van den Hurk, Matt Immler - BSW #441
Most organizations don’t fail because of technology. They fail because decision authority is unclear in the first critical minutes. “Being careful” is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure? Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss: Where Paralysis Actually Comes From What “Being Careful” Looks Like in Practice Why the First 20 Minutes Matter How Paralysis Becomes Business Damage Why Existing Plans Don’t Hold What Actually Fixes It Then, we rebroadcast two interviews from RSAC 2026. Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We’ll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself. This segment is sponsored by DigiCert. Visit to learn more about them! Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance. This segment is sponsored by Okta. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40692270
info_outline
Say Easy, Do Hard - Crypto-Agility - BSW #440
03/25/2026
Say Easy, Do Hard - Crypto-Agility - BSW #440
With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Say Easy, Do Hard segment, we discuss the quantum-safe journey using a framework for crypto-agility. In part 1, we define cryptographic agility, or crypto-agility for short, and why it's important. Crypto-agility is not just about transitioning to quantum-safe cryptography in the nimblest way possible, and it’s not something that can be achieved merely by updating encryption algorithms and protocols. Instead, you need to adapt your organization’s cryptographic architecture, automation, and governance to allow for greater control and flexibility. In part 2, we discuss a framework for discovery, prioritization, and remediation while keeping crypto-agility in mind. A quantum-safe journey requires: Inventory of Systems With Non-Quantum-Safe Algorithms And Protocols System Prioritization, Leading To A Migration Roadmap Remediation, Including Vendors And Partners Once a distant possibility, Q-Day is quickly approaching. Are you ready for 2030? Segment Resources: Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40502530
info_outline
Language of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk - Ben Wilcox - BSW #439
03/18/2026
Language of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk - Ben Wilcox - BSW #439
Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable? Ben Wilcox, CTO & CISO at ProArch, joins Business Security Weekly to help us speak the language of the board. Ben will cover how to develop measurable, strategic, and AI-ready security metrics. In the leadership and communications segment, Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short, When the Team Gets the Recognition, Your Leadership Is Working, The communication lesson that changed my career, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40513780
info_outline
Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - Myke Lyons - BSW #438
03/11/2026
Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - Myke Lyons - BSW #438
AI has created a dilemma for security teams. Attackers are using AI to develop exploits to newly disclosed vulnerabilities faster than security teams can patch them. Security teams have not fully leveraged the capabilities of AI to autonomously prevent these attacks. Without a radical change in approach, organizations will be exposed to an exponentially increasing attack surface. How long can your organization tolerate being exploitable? Myke Lyons, CISO at Cribl, joins Business Security Weekly to discuss why organizations need to embrace AI to understand the behavior of attacks to effectively prevent them. For decades, we've focused on the Indicators of Compromise (IoCs) and have played whack-a-mole to try and patch them. Instead, we should focus on the Tactics, Techniques, and Procedures (TTPs) and leverage LLMs to understand the behavior of the attack. Once we understand the behaviors, we can implement preventative controls to minimize exposure. And yes, AI can also help us automate patching, when we're ready to trust it. In the leadership and communications segment, Your Risk Tolerance Has Changed. Does Your Leadership Team Know That? , The New Leadership Structures that Unblock Innovation, How CISOs can build a resilient workforce, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40387805
info_outline
Building Trusted Automation as Leaders Struggle with AI Adoption and CISOs Hire - Tim Morris - BSW #437
03/04/2026
Building Trusted Automation as Leaders Struggle with AI Adoption and CISOs Hire - Tim Morris - BSW #437
With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of “machine mistakes.” This segment is sponsored by Tanium. Visit to learn more about them! In the leadership and communications segment, Boards don’t need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40300150
info_outline
Security as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - Elyse Gunn - BSW #436
02/25/2026
Security as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - Elyse Gunn - BSW #436
Most organizations view security as a cost center, a "check-the-box" expense rather than a strategic investment. This mindset leads to chronic underfunding, reactive, panic-driven decision-making, and high staff turnover. It also hampers innovation, strategic initiatives, and customer trust. What if security was viewed as a business enabler, not a cost center? Elyse Gunn, CISO at Nasuni, joins Business Security Weekly to discuss how to make security a business enabler, turning security from a cost center into a profit center. Elyse discusses why aligning security initiatives to business drivers is the key to addressing trust, both internally and externally, and how it solves the biggest security priorities for organizations, including: Data Privacy AI Security, and Nth Party Risk In the leadership and communications segment, With CISOs stretched thin, re-envisioning enterprise risk may be the only fix, To Lead Through Uncertainty, Unlearn Your Assumptions, Leaders, Consider Pausing Before Acting on Employee Feedback, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40221560
info_outline
Security Money: The Index and NASDAQ Diverge - BSW #435
02/18/2026
Security Money: The Index and NASDAQ Diverge - BSW #435
The Security Weekly 25 index and the NASDAQ diverge. Funding and acquisitions continue shift to AI. Are security stocks out of favor? Netskope enters the index, but does not replace CyberArk, as Thoma Bravo buys Verint. We’ll dig into all of this and more! The index is now made up of the following 25 stocks: SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies Inc FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc NTSK Netskope Inc CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40126280
info_outline
Preparing For Q-Day as CISOs Face Quantum Disruption and Cyber Resilience Pressures - Sandy Carielli - BSW #434
02/11/2026
Preparing For Q-Day as CISOs Face Quantum Disruption and Cyber Resilience Pressures - Sandy Carielli - BSW #434
Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, “Are we quantum safe?” With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/40065830
info_outline
Unexamined Leadership Behaviors as CEOs and CISOs Balance Cybersecurity Investments - Hacia Atherton - BSW #433
02/04/2026
Unexamined Leadership Behaviors as CEOs and CISOs Balance Cybersecurity Investments - Hacia Atherton - BSW #433
For decades, leadership was judged by outputs such as profit, speed, and results. But the real competitive advantage now lies beneath the surface of your P&L: Your culture, trust, and psychology driving every decision, including cybersecurity. Hacia Atherton, the author of The Billion Dollar Blind$pot, joins Business Security Weekly to discuss the invisible human costs — fear, burnout, disengagement — quietly draining performance. She will discuss the silent costs of outdated leadership and gives you a playbook to fix them for good, including: Self Leadership Psychological Success with Emotional Mastery Co-designing a Culture to Thrive Leaders need to turn emotional intelligence into a measurable business strategy. Because emotional intelligence isn’t optional anymore, it’s operational. Segment Resources: In the leadership and communications segment, CEOs and CISOs differ on AI’s security value and risks, How to strategically balance cybersecurity investments, Succeeding as an Outsider in a Legacy Culture, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39984070
info_outline
Cloud Control As Leaders At Odds Over Cyber Priorities, But Require Strong Leadership - Rob Allen - BSW #432
01/28/2026
Cloud Control As Leaders At Odds Over Cyber Priorities, But Require Strong Leadership - Rob Allen - BSW #432
The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on? Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users’ accounts. Is there anyway to stop this? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By only allowing users from IP addresses and networks deemed trusted by ThreatLocker to get in—phishing and token theft attacks are rendered useless. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now. This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications segment, Finance and security leaders are at odds over cyber priorities, and it’s harming enterprises, The Importance of Strong Leadership in IT and Cybersecurity Teams, How CIOs [and CISOs] can retain talent as pay growth slows, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39901075
info_outline
Internal Audit Focal Points for 2026 as AI Impacts Conventional Cybersecurity - Tim Lietz - BSW #431
01/21/2026
Internal Audit Focal Points for 2026 as AI Impacts Conventional Cybersecurity - Tim Lietz - BSW #431
Key emerging risks include cybersecurity (41%) and Generative AI (Gen AI) (35%), both of which present challenges in skill development and retention. The growing reliance on external providers reflects these gaps. In two years, strategic risk has fallen 10% as technological advancements have shifted auditors’ attention away from strategy. So what are the top concerns? Tim Lietz, National Practice Leader Internal Audit Risk & Compliance at Jefferson Wells, joins Business Security Weekly to discuss the shifting priorities for internal audit leaders, with technology, business transformation and digitization remaining central amid rising economic uncertainty. This reflects the broader economic challenges and uncertainties that organizations are facing in the current environment. Tim will discuss the need for enhanced skills inAI, cybersecurity and digital transformation and why Internal Audit is increasingly seen as a strategic partner in navigating transformation within their organizations. Segment Resources: - In the leadership and communications segment, Conventional Cybersecurity Won’t Protect Your AI, Will Cybersecurity Budgets Increase in 2026?, To Execute a Unified Strategy, Leaders Need to Shadow Each Other, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39799935
info_outline
The Future Of Proactive Security Before Building an AI Enabled Enterprise - Erik Nost - BSW #430
01/14/2026
The Future Of Proactive Security Before Building an AI Enabled Enterprise - Erik Nost - BSW #430
The three proactive security principles of visibility, prioritization, and remediation have always been the foundation of vulnerability management teams. But these teams face continuous challenges. How do you address these challenges? Erik Nost, Senior Analyst at Forrester, joins Business Security Weekly to break down the six questions that need to be answered for each proactive security principle: who, what, when, where, why, and how. The introduction of generative AI (genAI) into proactive security promises to provide a broader and speedier ability to answer these questions, providing further opportunities for the proactive security market to grow. In the leadership and communications segment, What the CEO and C-Suite Must Ask Before Building an AI Enabled Enterprise, Don’t Underestimate the Value of Professional Friendships, What Kevin Bacon Can Teach You About Cybersecurity Career, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39721395
info_outline
CISO Lessons from a Children’s Novel as Cybersecurity Outgrows IT and Building Talent - Tom Arnold - BSW #429
01/07/2026
CISO Lessons from a Children’s Novel as Cybersecurity Outgrows IT and Building Talent - Tom Arnold - BSW #429
Cyber threats and cyber criminals indiscriminately target the old as well as young regardless of race, creed or origin. Teens and young adults must realize that on the Internet nobody knows you’re a rat. How do we keep kids and young adults safe in an era of AI-driven attacks? Tom Arnold, Adjunct Professor, Digital Evidence & Forensics, Cybersecurity Graduate Program at the University of Nevada Las Vegas, joins Business Security Weekly to discuss his new book: The Digital Detective: First Intervention. We examine how technologies like deepfakes, voice cloning, and hyper-personalized scams are being used to target younger audiences, and what parents, educators, communities, and CISOs can do to build awareness, resilience, and smart digital habits. Learn how today’s highly organized operations, powered by automation and advanced AI, power the bad actors’ tools, techniques, and procedures—making them more effective than ever. Understanding the past helps us prepare for the future—and protect the next generation online, including our employees. Segment Resources: In the leadership and communications segment, Executives say cybersecurity has outgrown the IT department, The Most Dangerous Leadership Mistake Isn’t a Wrong Answer. It’s a Wrong Question, Building cyber talent through competition, residency, and real-world immersion, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39634945
info_outline
Say Easy, Do Hard - Preventing Burnout, Focusing on CISO Health and Wellness - BSW #428
12/31/2025
Say Easy, Do Hard - Preventing Burnout, Focusing on CISO Health and Wellness - BSW #428
CISO pressures are on the rise - board expectations, executive alignment, AI, and personal liability - and that's all on top of your normal security pressures. With all these pressures, CISO burnout is on the rise. How do we detect it and help prevent it? Easier said than done. In this Say Easy, Do Hard segment, we tackle the health and wellness of the CISO. In part 1, we discuss the increased pressures CISOs face. We all know them, but how are they impacting our daily lives, both at work and at home. In part 2, we discuss detection and prevention techniques to help avoid burnout, including: Detecting the signs of stress Acknowledging there is a problem Asking for help Techniques to deal with stress Industry and community support This is a serious problem in our industry and one we want to continue to focus on as we head into another stressful 2026. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39521920
info_outline
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427
12/24/2025
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427
Join Business Security Weekly for a roundtable-style year-in-review. The BSW hosts share the most surprising, inspiring, and humbling moments of 2025 in business security, culture, and personal growth. And a few of us might be dressed for the upcoming holiday season... Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39517290
info_outline
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
12/17/2025
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
Business Security Weekly is well aware of the cybersecurity hiring challenges. From hiring CISOs to finding the right skills to developing your employees, we cover it weekly in the leadership and communications segment. But this week, our guest interview digs into the global cybersecurity hiring trends. Jim McCoy, CEO at Atlas, joins Business Security Weekly to share his expertise on the global workforce needs in the 160 countries where Atlas provides direct Employer of Record services. From CISO hiring to where to build security teams, Jim will help us navigate the cybersecurity hiring challenges most organizations face. In the leadership and communications segment, CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap, Rethinking the CIO-CISO Dynamic in the Age of AI, Transparent Leadership Beats Servant Leadership, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39427790
info_outline
Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks - Justin Hazard - BSW #425
12/10/2025
Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks - Justin Hazard - BSW #425
Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO’s greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39343410
info_outline
Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424
12/03/2025
Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424
While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, Mike will explore how bad actors are focusing their attacks on SaaS applications, hijacking tokens and how misconfigured integrations are used to bypass traditional defenses. Mike will also discuss how IT leaders can rethink protecting their essential SaaS business applications with tools that go beyond endpoint and MFA strategies to secure the modern user. This segment is sponsored by Kaseya 365 User. Visit to learn more about them! In the leadership and communications segment, The rise of the chief trust officer: Where does the CISO fit?, When Another Company’s Crisis Hurts Your Reputation, Effective Workplace Communication Tips, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39238550
info_outline
Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423
11/26/2025
Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423
The Security Weekly 25 index is back near all time highs as the NASDAQ hits another record high. Funding and acquisitions have shifted to AI as the security industry continues to evolve. We also had a new IPO, Netskope. They will replace CyberArk once the Palo Alto Networks acquisition closes, allowing the index to survive another public company acquisition. In the leadership and communications segment, Boards Seeking AI Specialists, A CISO’s Guide to Navigating the Urgent AI Security Storm, How to Write AI Prompts That Get Results (& Don’t Suck), and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39166775
info_outline
Health and Wellness of the CISO as They Crack Under Pressure and Need a BISO to Scale - Dr. Yonesy Núñez - BSW #422
11/19/2025
Health and Wellness of the CISO as They Crack Under Pressure and Need a BISO to Scale - Dr. Yonesy Núñez - BSW #422
It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39079025
info_outline
Securing Model Context Protocol as Companies Plan to Replace Entry Roles with AI - Rahul Parwani - BSW #421
11/12/2025
Securing Model Context Protocol as Companies Plan to Replace Entry Roles with AI - Rahul Parwani - BSW #421
As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP? Rahul Parwani, Head of Product, Security Solutions at Airia, joins Business Security Weekly to discuss the challenges of MCP and how to secure this new protocol. Rahul will cover how Aria's solutions help you secure your AI development by: Centralizing Access Control Enforcing Security Policies Maintaining Compliance Enabling Rapid Response This segment is sponsored by Airia. Visit to learn more about them! In the leadership and communications segment, CISO Burnout – Epidemic, Endemic, or Simply Inevitable?, If Trust Is So Important, Why Aren’t We Measuring It?, Over one-third of companies plan to replace entry roles with AI, survey says, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/39000355
info_outline
Defense Against Configurations as CIOs and CISOs Show Value Through Risks and Metrics - Rob Allen - BSW #420
11/05/2025
Defense Against Configurations as CIOs and CISOs Show Value Through Risks and Metrics - Rob Allen - BSW #420
What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment’s compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can: Identify misconfigurations before they become exploited vulnerabilities Monitor configuration compliance with major frameworks Receive clear, actionable remediation guidance and more! This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can’t Succeed Without a Talent Strategy, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38912260
info_outline
Emergence of the Chief Trust Officer as CISOs Earn Business Respect and Agenda Shifts - Jeff Pollard - BSW #419
10/29/2025
Emergence of the Chief Trust Officer as CISOs Earn Business Respect and Agenda Shifts - Jeff Pollard - BSW #419
Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust? Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the emergence of the Chief Trust Officer. For organizations that refuse to leave trust to chance, chief trust officers have emerged as the role responsible for shaping their firm’s destiny. Jeff will explain why the role has emerged and details its responsibilities, organizational structures, and measures for success. In the leadership and communications segment, Why must CISOs slay a cyber dragon to earn business respect?, Simon Sinek says the most successful people in the world ‘hit zero’ or came close to it: Failure is ‘the gift’, The Remote Leadership Paradox: Why Your Team Feels Micromanaged AND Abandoned (And How to Fix It), and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38808960
info_outline
Security That Sticks: Shaping Human Behavior - Rinki Sethi, Nicole Jiang - BSW #418
10/22/2025
Security That Sticks: Shaping Human Behavior - Rinki Sethi, Nicole Jiang - BSW #418
As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they’re most relevant) are delivering faster, more effective behavior change that lasts. Segment Resources: Five must-haves of modern human risk management: Starter RFP for modern human risk management: This segment is sponsored by Fable Security. Visit to learn more about them! In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38726845
info_outline
Automating Compliance and Risk with Agentic AI as CISOs (R)Evolve - Trevor Horwitz - BSW #417
10/15/2025
Automating Compliance and Risk with Agentic AI as CISOs (R)Evolve - Trevor Horwitz - BSW #417
Still managing compliance in a spreadsheet? Don't have enough time or resources to verify your control or risk posture? And you wonder why you can't get the budget to move your compliance and risk programs forward. Maybe it's time for a different approach. Trevor Horwitz, Founder and CISO at TrustNet joins Business Security Weekly to discuss how the evolution of Agentic AI can automate compliance and risk programs. Move beyond spreadsheets and let the power of AI streamline your compliance and risk program. In the leadership and communications segment,Is the CISO chair becoming a revolving door?, When Integrity Collides with Bureaucracy: The Price of Leadership in Cybersecurity — and Why Walking Away Can Be the Bravest Act!, Improve Communication With Others By Talking Less — Not More, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38585245
info_outline
Forrester's Global Cybersecurity Market Forecast Before AI Fully Kicks In - Merritt Maxim - BSW #416
10/08/2025
Forrester's Global Cybersecurity Market Forecast Before AI Fully Kicks In - Merritt Maxim - BSW #416
Global spending on cybersecurity products and services will see a strong 14.4% CAGR from 2024 through 2029 and will hit $302.5 billion in 2029, driven by continued concerns around cyberattacks across all verticals and geographies. But where is the spending occuring and how do you prepare? Merritt Maxim, VP & Research Director at Forrester, joins Business Security Weekly to discuss the Global Cybersecurity Market Forecast, 2024 To 2029 report. Merritt will discuss the findings, including: In 2029, 69% of cybersecurity spending will be on software across seven prime functional disciplines of cybersecurity (applications, cloud, data, endpoint, network, identity, and security operations); the remaining spending will be allocated to security services, excluding security outsourcing, implementation, and deployment services; and AI software spending will grow at a CAGR of 21.2%, from $74.3 billion in 2024 to $194.3 billion by 2029. See Merritt's blog of the results at . In the leadership and communications segment, The problem with cybersecurity is not just hackers – it’s how we measure risk, What California’s new AI law means for CIOs (and CISOs), The Language of Leadership: How to Set Firm Boundaries Without Sounding Like a Jerk, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38499400
info_outline
Future Forward: CIO 2025 Outlook - Cybersecurity, AI, and Economic Uncertainty? - Amanda Jack - BSW #415
10/01/2025
Future Forward: CIO 2025 Outlook - Cybersecurity, AI, and Economic Uncertainty? - Amanda Jack - BSW #415
More than four out of ten (41%) Chief Information Officers (CIOs) report cybersecurity as their top concern, yet these same leaders are simultaneously increasing security budgets (77%), expanding cloud infrastructure (68%), and accelerating artificial intelligence (AI) capabilities (67%). According to the new Future Forward: CIO 2025 Outlook report released by Experis, a global leader in IT workforce solutions and part of the ManpowerGroup (NYSE: MAN) family of brands, modern technology leaders are walking a tightrope between protecting their organizations and driving innovation in an era of relentless cyber threats and rapid digital transformation. Amanda Jack, CTO at Manpower Group, joins Business Security Weekly to share the finding, including: 77% of organizations plan to increase cybersecurity budgets in 2025, followed by cloud infrastructure (68%) and AI (67%) 76% of IT employers worldwide report difficulty finding skilled tech talent 52% of tech leaders are embedding AI skills into existing roles rather than creating new positions Relationship with the Chief Operating Officer (COO) is identified as the most important C-suite partnership outside IT 56% of IT leaders say senior leadership lacks sufficient knowledge about the CIO role and its responsibilities Segment Resources: In the leadership and communications segment, Is Your Board Too Collegial?, Cybersecurity, AI, and Economic Uncertainty: How Internal Audit Teams Are Managing 2025's Top Risks, Burnout in the corporate middle: when leadership becomes an issue, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38410325
info_outline
Rearchitecting Systems for Privacy as AI Agents Force You to Rethink Security - Guillaume Jaulerry - BSW #414
09/24/2025
Rearchitecting Systems for Privacy as AI Agents Force You to Rethink Security - Guillaume Jaulerry - BSW #414
As AI and cloud-based services power our connected world, individuals are facing an unprecedented privacy crisis. With more than 2.3 billion people entrusting their data to the cloud and centralized servers, cyberattacks, data breaches, surveillance, identity theft, and privacy threats are now everyday risks. How do we protect against these threats? O Company founder and CEO, Guillaume Jaulerry, believes we’ve crossed a critical threshold -- cloud dependence has quietly become a strategic liability, and individuals, professionals, and enterprises alike are facing a looming privacy crisis. Guillaume joins Business Security Weekly to share his perspective on how technology should shift, putting in the center of it human privacy. In the leadership and communications segment, Fewer CISOs feel aligned with their boards on cybersecurity this year, AI agents are here, now comes the hard part for CISOs, How to Network Better, Build Leadership Skills, and Negotiate Raises Effectively, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38329005
info_outline
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
09/17/2025
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at ! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What’s happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38243410