Business Security Weekly (Audio)
About bridging the gap between security initiatives and business objectives. Hosted by Matt Alderman, co-hosted by Jason Albuquerque, Ben Carr.
info_outline
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
09/17/2025
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at ! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What’s happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38243410
info_outline
Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412
09/10/2025
Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412
With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker’s new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you’re a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: This segment is sponsored by ThreatLocker. Visit to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can’t afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38147005
info_outline
Security Money: The Index Dips and 20 Years of Cybersecurity Consolidation - Ross Haleliuk - BSW #411
09/03/2025
Security Money: The Index Dips and 20 Years of Cybersecurity Consolidation - Ross Haleliuk - BSW #411
The cybersecurity industry is undergoing a consolidation wave that is moving far faster than many realize. This isn’t at all about CISOs wanting fewer tools as much as some would like to think - the changes are happening at the macro level. Ross Haleliuk joins BSW to present the most comprehensive illustration ever made of how our industry has consolidated over the past 20 years, showing how 200 companies turned into just 11. Then we cover our quarterly Security Money segment. The markets are on a high, but the Security Weekly 25 index dips. What's up? We'll dig into the latest earnings and news for both the public and private security markets. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/38021935
info_outline
vCISO Benefits as the CISO Becomes Strategic and the Board's Responsible for Security - Brian Haugli - BSW #410
08/27/2025
vCISO Benefits as the CISO Becomes Strategic and the Board's Responsible for Security - Brian Haugli - BSW #410
Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider? Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share: Current vCISO trends What to look for in vCISO services Who fits/doesn't fit as a vCISO vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview. In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37967825
info_outline
Misconfiguration, The Forgotten Vulnerability and the Power and Failure of "Yes" - Danny Jenkins - BSW #409
08/20/2025
Misconfiguration, The Forgotten Vulnerability and the Power and Failure of "Yes" - Danny Jenkins - BSW #409
The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers’ inboxes Segment Resources: This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37878475
info_outline
Defending Trust & Reputation as CISOs and Leaders Prepare Their AI Strategy - Santosh Nair - BSW #408
08/13/2025
Defending Trust & Reputation as CISOs and Leaders Prepare Their AI Strategy - Santosh Nair - BSW #408
As brands grow more digital, the threats grow more personal. Attackers impersonate executives, spin up fake websites, and leak sensitive data — hurting business reputations and breaking customer trust. How do you defend your organization's reputation and customers' trust? Santosh Nair, Co-Founder and CTO at Styx Intelligence, joins Business Security Weekly to discuss how to defend trust and reputation in the age of AI. Santosh will cover both the company and executive challenges of defending against the latest AI attacks, including: Impersonations and Deepfakes Employee Scams Financial Fraud Segment Resources: - - - In the leadership and communications section, Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture, Your AI Strategy Needs More Than a Single Leader, Avoid These Communication Breakdowns When Launching Strategic Initiatives, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37779635
info_outline
Say Easy, Do Hard - AI Governance in the Supply Chain - Richard Bird, Nick Mistry - BSW #407
08/06/2025
Say Easy, Do Hard - AI Governance in the Supply Chain - Richard Bird, Nick Mistry - BSW #407
Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, and other AI resources are used. And with this expansion of third-party AI component and services use comes an expanded security threat often not included in traditional supply chain management processes. It's time to update our supply chain management process to include AI governance. Easier said than done. In this Say Easy, Do Hard segment, we invite three CISOs to discuss the challenges of AI and the supply chain, including: Data privacy concerns Flaws and malicious code in AI dependencies Lack of security tools to test for AI Vibe coding risks and more. But we also do the hard part, by discussing the changes needed to your supply chain management process to address these concerns. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37694235
info_outline
Aligning Security Objectives, Ditch the Ego, Lead for Real and Succeed - BSW #406
07/30/2025
Aligning Security Objectives, Ditch the Ego, Lead for Real and Succeed - BSW #406
In the leadership and communications section, The CISO code of conduct: Ditch the ego, lead for real, The books shaping today’s cybersecurity leaders, How to Succeed in Your Career When Change Is a Constant, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37600345
info_outline
Getting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team - Khaja Ahmed - BSW #405
07/23/2025
Getting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team - Khaja Ahmed - BSW #405
How do we get security right? The answer varies by many factors, including industry, what you're trying to protect, and what the C Suite and Board care about. Khaja Ahmed, Advisor at CISO Forum, joins Business Security Weekly to discuss how to get consensus on your security program. CISOs, executives, and the Board need to be aligned on the risks and how best to address them. And it's not technical risks, it's business risks measured by legal or financial impact. Khaja will help guide new and existing CISOs on how to: Work across the business to build consensus Identify and quantify risks in financial and legal terms Design security from the start Be effective as a security leader In the leadership and communications section, Is the C-Suite Right for You?, What Fortune 100s are getting wrong about cybersecurity hiring, Why Communication Is Exhausting in Chaotic Workplaces, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37505875
info_outline
Minimize SAP Migration Challenges, Cybersecurity Maturity, and Radical Transparency - Christopher Carter - BSW #404
07/16/2025
Minimize SAP Migration Challenges, Cybersecurity Maturity, and Radical Transparency - Christopher Carter - BSW #404
Are you running SAP? The clock is ticking... Standard maintenance end-of-life is set for the end of 2027. Migration to S/4HANA must be completed by then (or 2030 if you buy into SAP’s special three-year reprieve). While that may appear to be enough time, companies currently working toward an S/4HANA transition are finding the journey challenging, and that's not including the security challenges. Chris Carter, CEO at Approyo, joins Business Security Weekly to discuss your SAP options, including: ERP Strategy: Stay with SAP or migrate to other solutions? S/4HANA Architecture: All cloud or cloud/on-premise? Security Challenges: Cloud vs. on-premise SAP Migration: Recommendations for success In the leadership and communications section, Where cybersecurity maturity meets confidence in C-suite and board leadership, Has CISO become the least desirable role in business?, How Radical Transparency Is Revolutionizing Leadership, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37419685
info_outline
SolarWinds Settlement, Upgrade Your Leadership Instincts to Build Your Legacy - BSW #403
07/09/2025
SolarWinds Settlement, Upgrade Your Leadership Instincts to Build Your Legacy - BSW #403
SEC settles with SolarWinds. We react! In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37336345
info_outline
The Value of Zero Trust - Rob Allen - BSW #402
07/02/2025
The Value of Zero Trust - Rob Allen - BSW #402
New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected reduction of up to $465 billion in global annual total economic losses. But Zero Trust projects have struggled due to complexity. Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss the simplicity of Zero Trust Endpoint Protection and how it can drive value. Rob will discuss how the ThreatLocker® Zero Trust Endpoint Protection Platform offers a unified approach to protecting users, devices, and networks with ease of deployment and management. Zero Trust doesn't have to be complex. This segment is sponsored by ThreatLocker. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37241625
info_outline
Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
06/25/2025
Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
In this episode, Mandy Logan, Summer Craze Fowler, Jason Albuquerque, and Jeff Pollard of Forrester discuss the challenges and strategies for CISOs in navigating volatility in the security landscape. They emphasize the importance of building relationships within the organization, particularly with the CFO, to manage budgets effectively. The conversation also covers the significance of communicating security needs in terms of compliance and customer requirements, maximizing budget through flex spending, and the role of automation and AI in enhancing security operations. Additionally, they highlight the need for effective data management to reduce costs and improve efficiency. In pre-recorded interviews from RSAC, learn the following! With the power of zero trust and AI, Zscaler help organizations strengthen and automate IT and security, reduce costs, and minimize complexity. Zscaler helps reduce the attack surface, block threats via full TLS inspection, and eliminate lateral threat movement. This segment is sponsored by Zscaler. Visit to learn more about them! The modern workspace, increasingly reliant on cloud-based applications, browser-first access, and AI integration, faces significant security challenges that outpace the capabilities of traditional tools. Legacy solutions, including VPNs and even early ZTNA implementations, are proving vulnerable to sophisticated attacks leading to data breaches and operational disruptions. The fundamental shift in how we work demands a new approach, one that closes the gaps left by the platform approach. We need the ability to 'trust nothing and click on anything with zero risk.' We need to take zero trust beyond the network that we operate and control. Future of Browser Security Webinar with Google: Browser security report: Global Cyber Gangs report: Everywhere Access White Paper: This segment is sponsored by Menlo Security. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37137515
info_outline
CISO Cyber Insurance Empowerment - Morey Haber, Peter Hedberg, Stephan Jou - BSW #400
06/18/2025
CISO Cyber Insurance Empowerment - Morey Haber, Peter Hedberg, Stephan Jou - BSW #400
In this episode of Business Security Weekly, Mandy Logan, along with guests Peter Hedberg, Summer Craze Fowler, and Ben Carr, delve into the complexities of cyber insurance and the empowerment of Chief Information Security Officers (CISOs). The discussion covers the evolving landscape of cyber insurance, the critical role of underwriting, and the importance of collaboration between CISOs and insurers. The guests share insights on risk assessment, the significance of incident response planning, and the need for CISOs to be recognized as key players in the boardroom. The conversation emphasizes the necessity of building strong relationships with insurers and leveraging data to enhance security measures. This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: For a copy of the Microsoft Vulnerabilities Threat Report: Blog re: Report: Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization’s attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. This segment is sponsored by OpenText. Visit to learn more about them! This segment is sponsored by BeyondTrust. Visit to for a copy of the Microsoft Vulnerabilities Threat Report! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/37042500
info_outline
Security Money: The Index is Up, CISOs Need to Get Out, and Are You Burning Out? - BSW #399
06/11/2025
Security Money: The Index is Up, CISOs Need to Get Out, and Are You Burning Out? - BSW #399
This week, it’s time for security money. The index is up, but the previous quarterly results were brutal. In the leadership and communications segment, Get out of the audit committee: Why CISOs need dedicated board time, Quietly Burning Out? What To Do When Your Leadership Starts Lacking, How to rethink leadership to energize disengaged employees, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36937855
info_outline
Regain Control of Business Risks, Your Leadership Habits, and Being Present - Alla Valente - BSW #398
06/04/2025
Regain Control of Business Risks, Your Leadership Habits, and Being Present - Alla Valente - BSW #398
During times of volatility, business leaders often don’t know what they are able to change or even what they should change. At precisely these times, business leaders become risk leaders and need to quickly learn how to identify what is within their control and what isn’t — to not only survive but thrive. Alla Valente, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss how to Regain Control Over Business Risk With The Three E’s Framework, a report that provides a framework for identifying what is controllable and how to be smart when dealing with volatility. In the leadership and communications section, Cybersecurity for Mergers and Acquisitions – A CISO’s Guide, Your Employees Aren’t the Problem. Your Leadership Habits Are, When the Best Leadership Skill Is Just Being Present, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36838450
info_outline
Quantum Readiness & Zero Trust: Strategies to Strengthen Digital Resilience - Jordan Avnaim, Chris Hickman, Amit Sinha, Albert Estevez Polo - BSW #397
05/28/2025
Quantum Readiness & Zero Trust: Strategies to Strengthen Digital Resilience - Jordan Avnaim, Chris Hickman, Amit Sinha, Albert Estevez Polo - BSW #397
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company’s data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: • Recent blog post on the transition to PQC: To learn more about the road to being quantum ready, stop by Keyfactor’s booth at the conference, number #748, or visit: As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust’s Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it’s too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: This segment is sponsored by DigiCert. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36732750
info_outline
CISO Cheat Sheet, as Role Evolves and vCISO is Viable, Cobalt Strike and Resilience - Theresa Lanowitz, Rohit Dhamankar - BSW #396
05/21/2025
CISO Cheat Sheet, as Role Evolves and vCISO is Viable, Cobalt Strike and Resilience - Theresa Lanowitz, Rohit Dhamankar - BSW #396
In the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more! This segment is sponsored by Fortra. Visit to learn more about them! Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra’s collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide. Segment Resources: This segment is sponsored by LevelBlue. Visit to learn more about them! Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36644995
info_outline
CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - Gunter Ollmann, Derek Manky - BSW #395
05/14/2025
CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - Gunter Ollmann, Derek Manky - BSW #395
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet’s FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at . This segment is sponsored by Cobalt. Visit to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36554010
info_outline
C-Suite Gaps, Cybersecurity is not Working to Solve Exposures and Supply Chain Risks - Dr. Aleksandr Yampolskiy, Lenny Zeltser - BSW #394
05/07/2025
C-Suite Gaps, Cybersecurity is not Working to Solve Exposures and Supply Chain Risks - Dr. Aleksandr Yampolskiy, Lenny Zeltser - BSW #394
In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: Learn more about continuous supply chain cyber risk detection and response: Claim Your Free SCDR Assessment: This segment is sponsored by Security Scorecard. Visit for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company’s latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He’ll also explore what this launch means for Axonius’ mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit to learn more and schedule a personalized demo. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36460400
info_outline
Say Easy, Do Hard - Defining Objectives and Key Results Aligned to Business Goals - BSW #393
04/30/2025
Say Easy, Do Hard - Defining Objectives and Key Results Aligned to Business Goals - BSW #393
In today’s ever-evolving business landscape, organizations face diverse risks, including cyber risks, that can significantly affect their operations and overall prosperity. Aligning risk management strategies with organizational objectives is crucial for effectively mitigating these potential threats and fostering sustainable growth. Easier said than done. In this Say Easy, Do Hard segment, we discuss the challenges of aligning security and risk to the business, a topic we discuss often on the show. But this time, we do the hard part, by defining Objectives and Key Results aligned to Business Goals. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36298925
info_outline
ISO 42001 Certification, CIOs Struggle to Align Strategies, and CISOs Rethink Hiring - Martin Tschammer - BSW #392
04/23/2025
ISO 42001 Certification, CIOs Struggle to Align Strategies, and CISOs Rethink Hiring - Martin Tschammer - BSW #392
AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36266095
info_outline
Deny By Default as CISOs Battle Platform Fatigue and Show Value to the Board - Danny Jenkins - BSW #391
04/16/2025
Deny By Default as CISOs Battle Platform Fatigue and Show Value to the Board - Danny Jenkins - BSW #391
Zero Trust isn't a new concept, but not one easily implemented. How do organizations transform cybersecurity from a "default allow" model, where everything is permitted unless blocked, to a "default deny" model? Danny Jenkins, Co-founder and CEO at ThreatLocker, joins Business Security Weekly to discuss this approach. Deny by default means all actions are blocked by default, with only explicitly approved activities allowed. This shift enhances security, reduces vulnerabilities, and sets a new standard for protecting organizations from cyber threats. Danny will discuss how ThreatLocker not only protects your endpoints and data from zero-day malware, ransomware, and other malicious software, but provides solutions for easy onboarding, management, and eliminates the lengthy approval processes of traditional solutions. This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications section, Bridging the Gap Between the CISO & the Board of Directors, CISO MindMap 2025: What do InfoSec Professionals Really Do?, How to Prevent Strategy Fatigue, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36159325
info_outline
Balancing AI Opportunities vs. Risks to Drive Better Business Outcomes - Matt Muller, Summer Fowler - BSW #390
04/09/2025
Balancing AI Opportunities vs. Risks to Drive Better Business Outcomes - Matt Muller, Summer Fowler - BSW #390
This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - - In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/36057650
info_outline
Vulnerability Prioritization Can Produce Better Business Outcomes - Steve Lodin, Greg Fitzgerald - BSW #389
04/02/2025
Vulnerability Prioritization Can Produce Better Business Outcomes - Steve Lodin, Greg Fitzgerald - BSW #389
Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit to learn more about them! Segment Resources: Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/35967465
info_outline
The Pace of Investments Requires Better Risk Management, Boards Challenged, & More - BSW #388
03/26/2025
The Pace of Investments Requires Better Risk Management, Boards Challenged, & More - BSW #388
Cybersecurity teams were under increasing strain in 2024. To alleviate this burden, 2025 will see greater reliance on automation to streamline workflows, enhance threat detection, and accelerate incident response. But some of these investments may come with risks. Greg Sullivan, Founding Partner at CIOSO Global, joins Business Security Weekly to discuss how the pace of investment will require better risk management. Greg will cover topics, including: The seismic C-level shift in interest will require a top-down approach to cybersecurity. The focus will shift from external cybersecurity solutions to building in-house resilience. The critical criteria needed to drive more refined defenses, smarter resource allocation, and wiser cybersecurity investments. In the leadership and communications segment, Boards Challenged to Embrace Cybersecurity Oversight, Why Cybersecurity Needs More Business-Minded Leaders, How to Build a Cybersecurity Resume that Gets You Hired, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/35862490
info_outline
Breaking Down Human-Element Breaches To Improve Cybersecurity - Jinan Budge - BSW #387
03/19/2025
Breaking Down Human-Element Breaches To Improve Cybersecurity - Jinan Budge - BSW #387
Organizations continue to suffer from security breaches, too many of which contain a human element. But there’s no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: In the leadership and communications segment, Smart cybersecurity spending and how CISOs can invest where it matters, Grading CISOs: Effective Metrics and Personal Growth Strategies, The Pandemic Proved that Remote Leadership Works, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/35747950
info_outline
The Counterfeit Problem: How Blockchain Is Revolutionizing Brand Protection - Noam Krasniansky - BSW #386
03/12/2025
The Counterfeit Problem: How Blockchain Is Revolutionizing Brand Protection - Noam Krasniansky - BSW #386
Noam Krasniansky, the visionary founder of Komposite Blockchain, joins Business Security Weekly to explore Web3's transformative potential. Noam delves into the basics of blockchain technology, Bitcoin and the meteoric rise of Ethereum, and the critical role of decentralized systems in safeguarding brands against counterfeiting—a global issue costing companies $1.7 Trillions annually. The conversation will shed light on blockchain can be designed to enhance transactional efficiency and security. Noam highlights how verification technologies are key to combating counterfeiting, protecting intellectual property, and fostering trust in an increasingly digital economy. He also provides practical insights into how businesses and individuals can embrace blockchain innovations, redefining digital ownership, the making of new wealth, and empowering communities. In today’s dynamic markets, innovation is essential to maintaining a competitive edge. As Web3 technologies rapidly advance, businesses must adapt or risk falling behind. Understanding the foundational principles of blockchain is no longer optional—it’s a necessity. Segment Resources: 1) 2) 3) In the leadership and communications segment, CISO vs. CIO: Where security and IT leadership clash (and how to fix it), The CISO's bookshelf: 10 must-reads for security leaders, The CISO's bookshelf: 10 must-reads for security leaders, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/35640635
info_outline
Security Money: Sailpoint's IPO Saves the Index - BSW #385
03/05/2025
Security Money: Sailpoint's IPO Saves the Index - BSW #385
After Sophos acquires Secureworks, Sailpoint's IPO saves the index. The Security Weekly 25 index is now made up of the following pure play security vendors: SAIL SailPoint Ord Shs PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc In the leadership and communications segment, The CISO Transformation — A Path to Business Leadership, The CISO's dilemma of protecting the enterprise while driving innovation, When Hiring, Emphasize Skills over Degrees, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/35538115
info_outline
CISOs Struggling, Culture Hurting, But Cybersecurity Salaries Stay Competitive - BSW #384
02/26/2025
CISOs Struggling, Culture Hurting, But Cybersecurity Salaries Stay Competitive - BSW #384
This week: CISOs struggling to balance security, business objectives, Signs Your Organization’s Culture is Hurting Your Cybersecurity, Servant Leadership: Putting Trust at the Center, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/35422655