Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424

23 snips

Sep 15, 2025

Guest

Michael Leland

This installment features Jeff Pollard, VP at Forrester Research and co-author of the AEGIS Framework, which addresses the challenges AI poses for security leaders. Rohit Dhamankar from Fortra highlights the importance of offensive security in regulatory compliance. Michael Leland of Island sheds light on compromised credentials and browser security. The discussion dives into the urgent need for proactive measures against AI-driven risks, recent funding news, and the balance between technological advancements and privacy concerns, making for a thought-provoking conversation.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Don't Trust Breached Domain Links

Verify domains before using password-recovery links; old breached domains often get repurposed by attackers.
Manually confirm remediation sites and avoid blindly following automated password-repair links.

ANECDOTE

Researchers Reported Burger King Flaws

Two white-hat researchers disclosed severe RBI/Burger King security flaws and were met with a DMCA takedown.
RBI fixed issues quickly but used legal takedown instead of thanking researchers, sparking community backlash.

ADVICE

Publish A Clear Disclosure Policy

Publish a clear vulnerability disclosure policy and use third-party mediators like HackerOne or disclose.io.
Enable anonymous reporting routes to protect researchers and encourage responsible disclosure.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Segment 1 - Interview with Jeff Pollard

Introducing Forrester's AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security

For this episode's interview, we're talking to Forrester analyst Jeff Pollard. I'm pulling this segment's description directly from the report's executive summary, which I think says it best:

As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won't be as simple or as straightforward as mobile and cloud — and that's bad news for security leaders who in some cases still find themselves challenged by cloud security.

Segment 2 - Weekly News

Then, in the enterprise security news,

there's funding and acquisitions, but we're not going to talk about them
AI's gonna call the cops on you
and everyone's losing money on it
and Anthropic agreed to pay for all the copyright infringement they did when training models
and Otter.ai got sued for recording millions of conversations without consent
Burger King got embarrassed and their lawyers didn't like it
NPM package mayhem
certificate authority hijinks
AI darwin awards

All that and more, on this episode of Enterprise Security Weekly.

Segment 3 - Executive Interviews from Black Hat 2025

Interview with Rohit Dhamankar from Fortra

Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape.

Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures.

Whether you're building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence.

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more!

Interview with Michael Leland from Island

At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity's most urgent realities: compromised credentials aren't a possibility — they're a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren't "breaking in" anymore… they're logging in.

Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island's enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins.

Key takeaways:

Why credential compromise is inevitable — and how to stop credential use
How presentation layer DLP prevents data leaks inside and outside apps
Real-time blocking of phishing logins and unsanctioned SaaS access
Plug-in risk scoring, version pinning, and selective extension control
Enabling BYOD securely — even after a catastrophic laptop loss
Why many users never go back to Chrome, Edge, or Safari after switching

Segment Resources:

https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials

This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-424