Business Security Weekly (Audio)

Josh Marpet, a security professional with hands-on quantum and cryptography experience, joins the conversation. He breaks down crypto-agility and why it demands architecture, automation, and governance changes. Discussion covers discovery challenges, inventory tools and C-BOMs, timelines to 2030, vendor coordination, OT and embedded device risks, and practical first steps like scanners and toolkits.

Ben Wilcox, CTO and CISO at ProArch, who builds enterprise security strategy and AI governance. He explains why board cyber time is shrinking and how to translate technical metrics into business resilience. He outlines three board messages — risk, impact, ask — and covers AI to speed BIAs, measuring cyber risk reduction, and aligning CTO speed with CISO risk.

Myke Lyons, CISO at Cribl and 20+ year security leader, explains why AI is changing exploitability and how defenders must respond. He covers attackers using AI to craft exploits, shifting from IoCs to TTPs for prevention, trusting AI for smarter patching workflows, and leadership changes needed to unblock innovation and manage evolving risk tolerance.

Tim Morris, financial services strategist at Tanium and former Wells Fargo cybersecurity leader, discusses building trusted automation in a crawl-walk-run way. Short takes cover why legacy processes hinder AI, the need for asset truth and real-time data, human-in-the-loop guardrails, and avoiding shadow AI and political risk as teams scale automation.

Elyse Gunn, CISO at Nasuni known for building security and AI governance in regulated industries. She argues for reframing security as growth infrastructure. Topics include building internal trust, shifting security left, tying security to revenue, governing AI with core controls, and translating technical risk into business impact.

A market divergence between the Security Weekly 25 and the NASDAQ sparks a deep look at rebalancing and recent index changes. Discussion highlights shifts toward profitability and EBITDA over growth, plus heavy AI-focused funding and strategic acquisitions. The conversation also covers platform winners versus pure-play pressure, buyouts affecting index composition, and consolidation trends across security sectors.

Sandy Carielli, VP and Principal Analyst at Forrester Research advising on product and post-quantum security. She discusses tightening Q-Day timelines and why 2030 matters. She covers regulatory and vendor pressures, building cross-functional migration plans, crypto agility, and prioritizing long-lived sensitive data.

Hacia Atherton, a high-performance culture strategist and author of The Billion Dollar Blindspot, shares how culture, psychological safety, and emotional intelligence quietly shape decisions like cybersecurity investments. She discusses self-leadership, measuring cultural signals that predict profit, soliciting real feedback, handling high performers who harm culture, and aligning cyber risk with business goals.

Rob Allen, Chief Product Officer at ThreatLocker, drives product strategy and engineering. He explains ThreatLocker Cloud Control using device IPs to gate Microsoft 365 access and why phishing and MFA failures still work. He compares IP-based controls to identity, details dynamic IP updates and caching, and argues for single-agent consolidation and deny-by-default layered controls.

Tim Lietz, National Practice Leader for Internal Audit Risk & Compliance at Jefferson Wells, provides insights into critical shifts in internal audit priorities for 2026. He highlights that cybersecurity and AI will dominate the landscape, as organizations grapple with rising economic uncertainties. Lietz discusses the need for trust between audit and IT leaders, the implications of third-party risks, and how conventional cybersecurity won't suffice for AI systems. He also emphasizes the importance of proactive collaboration to identify vulnerabilities and prepare for future challenges.