C-Suite Gaps, Cybersecurity is not Working to Solve Exposures and Supply Chain Risks – Lenny Zeltser, Dr. Aleksandr Yampolskiy – BSW #394
In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more!
Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks.
In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company’s latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He’ll also explore what this launch means for Axonius’ mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo.
Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. He has built security products and programs from early stage to enterprise scale. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.
Dr. Aleksandr Yampolskiy, Co-Founder and Chief Executive Officer of SecurityScorecard, is a globally recognized cybersecurity innovator, leader, and expert. Since SecurityScorecard’s inception in 2014, he has led the company with a vision to create a new language for measuring and communicating risk. SecurityScorecard is now one of the world’s most trusted cybersecurity brands, with tens of thousands of customers—including two-thirds of the Fortune 100 and nine of the top 10 U.S. banks—and over 600 employees. Under Yampolskiy’s leadership, SecurityScorecard created the Supply Chain Detection and Response (SCDR) category, transforming how organizations defend against the fastest-growing threat vector—supply chain attacks. The company’s industry-leading security ratings now serve as the foundation and core strength, while SCDR continuously monitors third-party risks using our factor-based ratings, automated assessments and proprietary threat intelligence, to resolve threats before they become breaches.
Prior to founding the SecurityScorecard, Yampolskiy was a CTO at BlogTalkRadio, the largest online talk radio and podcast hosting platform, whose technology he scaled to over 30M+ visitors each month. He was also a CISO at Gilt Groupe, where he managed all aspects of IT infrastructure security, fraud, secure application development, and PCI compliance. Yampolskiy has led security teams at Goldman Sachs and Oracle, among other companies where he built authentication and entitlement infrastructure for trading.
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
Matt Alderman
- The C-suite gap that’s putting your company at risk – Help Net Security
New research from EY US shows that cyber attacks are creating serious financial risks. C-suite leaders don’t always agree on how exposed their companies are or where the biggest threats come from.
- A Guide on Becoming a Chief Information Security Officer
The CISO isn’t just a tech expert; they’re a strategist, risk manager, and communicator rolled into one. Whether it’s protecting sensitive data, managing security teams, or briefing the board after an incident, the CISO is at the front line of digital defence.
- CISOs band together to urge world governments to harmonize cyber rules
A letter from the CISOs of 45 powerful global companies could provide crucial backing for world governments looking to reduce cybersecurity regulations and their accompanying hassles for businesses.
The CISO letter, sent to members of the Group of Seven nations and the Organization for Economic Cooperation and Development, urges governments to use those high-level forums to “focus on greater alignment of cybersecurity regulations.”
- Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks
Verizon Business has released its 2025 Data Breach Investigations Report. The report assesses more than 22,000 security events (including 12,195 confirmed data breaches), finding that the leading initial attack vectors continue to be credential abuse (22%) and vulnerability exploitation (20%).
Key findings from the report include:
- Third-party involvement in breaches has doubled, reaching 30%.
- Vulnerability exploitation increased by 34%, with a focus on zero-day exploits against perimeter devices and VPNs.
- Ransomware attacks rose by 34% from the previous year and are seen in 44% of breaches. Yet, median ransom amounts paid decreased.
- There’s an overlap between social engineering and credential abuse, emphasizing the role of human error in breaches.
- Cybersecurity is Not Working: Time to Try Something Else
The bottom-up approaches most have been pushing for 20 years around cybersecurity have simply failed.
- Current SaaS delivery model a risk management nightmare, says CISO
JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience.
- The Art of Communication: Unlocking Your Power to Connect and Influence
Communication isn’t just about speaking—it’s the essence of who you are. It’s the force that shapes how the world perceives you, amplifies your ideas, and builds meaningful connections. Whether in personal relationships, professional settings, or public stages, mastering communication can transform challenges into opportunities. This guide dives into the skills that make communication a superpower, helping you inspire, negotiate, and lead with confidence.
