Zero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security - John Bruggeman, Christy Wyatt, John Anthony Smith - BSW #442

Apr 8, 2026

Guest

Christy Wyatt

Guest

John Anthony Smith

Guest

John Bruggeman

John Bruggeman, a veteran Consulting CISO, warns about agentic AI expanding the attack surface and gaps in zero trust. John Anthony Smith, founder of Phoenix 24, explains rapid post-breach recovery when backups fail. Christy Wyatt, CEO at Absolute Security, focuses on endpoint resilience and minimizing downtime. They discuss agent identity, data-first protections, rapid recovery orchestration, and realistic recovery rehearsals.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Inventory And Classify Data Before AI Ingestion

Know where your sensitive data resides before deploying agents or AI projects.
Bruggeman recounts an accounting firm that spent six months isolating data after signing an AI ingestion project without classifying customer data.

ADVICE

Use AI To Find And Classify Your Data

Use AI tools for large-scale data discovery and classification to prepare for agentic AI.
Bruggeman recommends ML/AI-based vendors (similar to Varonis or Microsoft) to classify unstructured files and OneDrive/SharePoint stores.

ADVICE

Operationalize Least Privilege And Just In Time Access

Apply least privilege and just-in-time provisioning to agents and identities.
Bruggeman describes sandboxes that prevent agents touching production and tools that grant rights for a limited time window.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Autonomous AI agents are creating a new attack surface for enterprise security teams, particularly as organizations deploy agents for operational tasks such as customer support automation, data analysis, and incident response. How can we align our Zero Trust initiatives to also address the emerging Agentic AI risks?

John Bruggeman, Consulting CISO at CBTS, joins Business Security Weekly to discuss how your Zero Trust readiness can also prepare you for Agentic AI deployments. Organizations are granting agents access to sensitive systems without the security controls typically required for other Zero Trust initiatives. John will help educate CISOs on what they should be doing now to get ahead of the risk, including:

Agent inventory
Data security controls, including data model poisoning
Agent identity controls, including authorization and access levels
Infrastructure security controls, including MCP servers

Why More Technology Hasn’t Made Us More Secure Despite massive investment in cybersecurity tools, organizations remain vulnerable because their existing technologies are often misconfigured, poorly integrated, and disconnected from real operational risk. This keynote argues that complexity, human decision‑making, and gaps in execution—not a lack of products—are what truly empower attackers, especially as modern environments like cloud and SaaS expand the attack surface. Real security comes from simplifying, aligning, and expertly orchestrating what organizations already own, shifting the focus from buying tools to achieving disciplined, resilient outcomes grounded in breach reality.

This segment is sponsored by Fenix24. Visit https://securityweekly.com/fenix24rsac to learn more about them!

Downtime: The New Economic Threat Downtime is costing global enterprises hundreds of billions of dollars in losses annually. Caused by cyber incidents and software failures, enterprise CISOs are searching for strategies and solutions that will accelerate recovery and restoration of business operations after cyber disruptions render systems inoperable.

This segment is sponsored by Absolute Security. Visit https://securityweekly.com/absolutersac to join The Resilient CISO Inner Circle!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-442