Enterprise Security Weekly (Audio)

Kara Sprague, CEO of HackerOne, expert in vulnerability disclosure and AI-driven triage. Mike Prevett, founder of Return on Security, market intelligence analyst tracking cybersecurity funding and trends. They discuss how AI can triage and validate vulnerabilities in legacy critical infrastructure. They also cover the current cybersecurity market, funding shifts, AI’s role in tools and teams, and industry-wide changes.

Allie Mellen, author of Code War, a researcher of nation-state cyber operations. Jeremy Snyder, CEO of FireTail, expert in AI governance and observability. They discuss nation-state hacking, attribution challenges, wipers and geopolitical context. They also cover AI shadow IT, API observability, discovery-first visibility, and model risk categories.

Jacob Horne, a defense-contracting cybersecurity evangelist familiar with CMMC and NIST, explains CMMC phase 1 enforcement and verification risks. David Zendzian, VMware Tanzu security lead, breaks down SBOMs and continuous compliance for supply chain security. Anna Pham, Huntress threat hunter and malware reverser, dissects the CrashFix/ClickFix browser-extension attack and its clipboard‑paste trickery.

Ben Worthy, an OT security specialist at Airbus Protect with 25+ years across aerospace, nuclear, water and oil & gas, shares views on business resilience in safety-critical sectors. He discusses IT/OT convergence, when redundancy and fail-safes matter, and how supply-chain and third-party failures ripple through operations. He also tackles incentives for secure-by-design products and testing resilience plans.

Tim Morris, financial services strategist at Tanium and ex-Wells Fargo IT lead, advocates real-time asset intelligence for reliable automation. He explains why stale CMDBs fail and how continuous device visibility, agent coverage, and automation playbooks close the gap. The conversation also surveys the new White House cybersecurity strategy and several hot industry news items.

J Wolfgang Goerlich, a CISO‑level researcher who ran a large human/AI experiment, and Matias Katz, CEO building hardware‑enforced zero‑trust devices. They explore hardware M.2/USB network enforcement and how it isolates compromised machines. They also dig into AI shaping human decisions, behavioral risks, mitigation experiments, and a roundup of urgent enterprise security news.

Rob Allen, Chief Product Officer at ThreatLocker, explains clickfix attacks, why they fool employees, and practical defenses. He previews ThreatLocker’s Zero Trust World conference with hands-on labs and speakers. The panel also digs into OpenClaw’s agent risks, prompt‑injection concerns, and the need for transparency in AI security tools.

Warwick Webb, VP of Managed Detection and Response at SentinelOne, leads global MDR operations and threat response. He explains how modern breaches move as coordinated attack flows, why living-off-the-land techniques evade simple detections, and how unified platforms plus machine-speed detection help build resilience. The show also covers prioritizing detections, post-incident learning, and this week’s security headlines.

Thyaga Vasudevan, executive product leader at Sky High Security focused on data security and DSPM. He discusses data-centric zero trust for hybrid and AI-driven environments. Conversations cover DSPM discovery and classification, integrating DSPM with SASE, protecting data motion without heavy inspection, and why AI and regulations make real-time data visibility essential.

Beck Norris, Manager of Vulnerability Management at JetBlue and a pilot, shares insights on how effective vulnerability management requires governance and risk context rather than mere tool reliance. He emphasizes the need for accountability and operational maturity. Ryan Fried and José Toledo from Mandiant dive into why incident responses often fail despite good resources, highlighting the importance of muscle memory through tabletop exercises and solid incident response plans. They discuss the need for clear communication strategies during breaches to maintain trust.