CyberRisk TV Live from RSAC Conference 2025 Day 2 Daily Intro – RSAC25 #2
Adrian Sanabria, host of Enterprise Security Weekly podcast, and Doug White, host of Security Weekly News podcast, kick-off our Day 2 CyberRisk TV livestream from RSAC Conference 2025! Tune in for the hosts top picks of what to do and see on Tuesday at RSAC!
Semperis Launches Ready1 to Transform Cyber Crisis Response – Marty Momdjian – RSAC25 #2
Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis’ new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities.
This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them!
As General Manager for Ready1 and EVP of Services, Marty Momdjian brings more than 15 years’ strategic and tactical leadership in cyber resilience and incident response (IR) to Semperis. His expertise in identity security, particularly in applied controls and ease of use, was forged while leading IR and recovery teams during some of the most well-known cyber breaches in the healthcare industry.
At Semperis, Marty’s focus is on breach preparedness and mitigating the impact to clinical and business operations during cyber events.
Exploring the latest 2025 FortiGuard Labs Global Threat Landscape Report – Derek Manky – RSAC25 #2
Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet’s FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders.
Read the full report at https://securityweekly.com/fortinetrsac
Derek Manky leads FortiGuard Labs’ Global Threat Intelligence Team at Fortinet, bringing over 20 years of cyber security experience. He has established frameworks in the security industry including responsible vulnerability disclosure, which has exercised the responsible reporting of over 1000 zero-day vulnerabilities. Manky has been with the Cyber Threat Alliance since it was founded in May 2014. For more than 15 years he has been highly engaged building public/private partnerships and supporting efforts including the CTA, FIRST.org, MITRE CTID, INTERPOL Expert Group/Gateway, and the World Economic Forum Partnership Against Cybercrime (PAC). He sits on the executive committee of the Cybercrime Atlas Initiative. His vision is applied to help shape the future of proactive cyber security, with the ultimate goal to make a positive impact towards the global war on cybercrime and threat actors.
Key Findings from Cobalt’s 2025 State of Pentesting Report – Gunter Ollmann – RSAC25 #2
In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI).
While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems.
Key Takeaways: - genAI creates unique security challenges: SaaS-based models limit patching control, while self-hosted LLMs require full replacement rather than traditional patching. - The pace of genAI innovation is outstripping security readiness, with data science teams often lacking secure development practices. - Familiar vulnerabilities like SQL injection and data leakage are resurfacing in genAI implementations due to rushed deployment. - Industry-wide, median time to resolve vulnerabilities has improved thanks to earlier security testing, executive buy-in, and a shift to programmatic pentesting. - Cobalt advises organizations to plan, validate, and test genAI systems thoroughly, adopt consultative pentesting, and partner with experts who understand AI-specific risks.
Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz
This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them!
As Cobalt’s Chief Technology Officer, Gunter brings decades of experience and innovation to the forefront of information security. A seasoned veteran in the field, he has defined, delivered, and trailblazed cutting-edge security innovations to protect organizations worldwide.
With decades of global experience in information security, Gunter has trailblazed innovations that safeguard organizations across industries. He has built and led high-performing SecOps, engineering, and research teams while guiding the invention of groundbreaking technologies, including multiple patents in cyber threat detection and mitigation.
Gunter’s international expertise spans over 80 countries and three continents, giving him unique insights into diverse business cultures. He has been instrumental in bringing advanced security solutions to market through startups, market leaders, and household-name brands.
A recognized thought leader, Gunter’s insights have been featured in SC Magazine, SecurityWeek, Dark Reading, and more, and he has been quoted by global media outlets such as USA Today, CNN, the BBC, and NPR.
Securing AI at the Core: Mend.io’s Holistic Approach to Application Security – Rami Saas – RSAC25 #2
At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io’s solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization’s entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control.
This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo!
Rami Sass is co-founder and CEO of Mend.io, a company that enables organizations to accelerate the development of secure software at scale with automated tools that help bridge the security knowledge gap. Since the company’s founding in 2011, Rami has grown Mend.io from a small Israeli startup to a global business with over 300 employees across several countries and hundreds of enterprise customers including Microsoft and IBM.
Role of Cyber Threat Intelligence in Maturing Security Operations – Jawahar “Jawa” Sivasankaran – RSAC25 #2
The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges.
- CERT Water Management Case Study: https://assets.ctfassets.net/zcd9ovevodsf/5Jwwt9aPexcyJQA6Yv11pb/4a8b736a9c3bbc776009325996ab372b/CywareCERT-WMCase_Study.pdf
- Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog: https://www.cyware.com/blog/cybersecurity-alert-fatigue-how-threat-intelligence-can-turn-data-overload
- Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report: https://go.cyware.com/frost-sullivan-2024-threat-intelligence-platforms-report?gl=1*dclage*gcl_au*NzkyNTM2NDg2LjE3NDQwNDcyNzk.
- 2025 TIP Buyer’s Guide: https://cyware.drift.click/2025-TIP-Buyers-Guide
This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo!
Jawahar is a seasoned leader with over 25 years of experience driving innovation, growth, and customer success in the security product space. He currently serves as President of Cyware, a pivotal role in empowering organizations with advanced, AI-driven threat intelligence and security solutions. Before Cyware, Jawahar was President and COO of Appgate, where he was responsible for all go-to-market functions including sales, marketing, and customer success, and held the position of a Section 16 public company officer. Before that, he was instrumental in transforming specialization sales for Splunk’s advanced security offerings, significantly contributing to growth and customer intimacy. He also held various leadership roles in go-to-market and product functions during his tenure at Cisco.
How AI Is Evolving Security Operations And What Humans Still Do Best – Chas Clawson – RSAC25 #2
Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps.
Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations https://www.sumologic.com/press-release/sumo-logic-unifies-security-to-deliver-intelligent-security-operations/
Blog: RSAC 2025 Intelligent Security Operations https://www.sumologic.com/blog/rsac-intelligent-security-operations/
Brief: Sumo Logic Threat Intelligence https://www.sumologic.com/brief/threat-intelligence/
Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world https://www.sumologic.com/blog/threat-hunting-hybrid-cloud-environment/
LinkedIn Live: Implications of AI in a modern defense strategy https://www.linkedin.com/events/7192254270237278208/comments/
This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!
Chas Clawson is the VP of Security Strategy at Sumo Logic, where he helps organizations rethink how they secure modern workloads in an increasingly AI-driven world. A technologist with over 20 years of experience, Chas has consulted Fortune 500 companies and federal agencies alike — from architecting the Department of Commerce’s ESOC SIEM solution to conducting offensive security exercises as part of the NSA Red Team.
Before joining Sumo, he spent years helping both public and private sector teams modernize their SOCs, and today he channels that experience into shaping the future of cloud-native security and AI-driven defense. When he’s not talking about security strategy, you’ll likely find him teaching cyber courses at the University of Maryland Global Campus — or trying to keep up with his five energetic kids at home (a different kind of threat landscape).
Securing non-human identities at scale in the era of AI agents – Charlotte Wylie – Charlotte Wylie – RSAC25 #2
With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale.
This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them!
Charlotte Wylie, SVP and Deputy Chief Security Officer at Okta, leads Okta’s technical cybersecurity services. This includes overseeing Okta’s global engineering teams to enhance the company’s security postures and programs that support its nearly 20,000 customers. She’s a seasoned security executive with extensive global experience across financial and technology industries in Australia and the United States. Charlotte has an extensive background in delivering security transformation programs and leading global engineering teams to create value through enhancing security posture and aligning with business goals for large corporations.
Legacy to Leading Edge: Why Automated Microsegmentation is the New Security Standard – Albert Estevez Polo – RSAC25 #2
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats.
This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them!
Albert has 25 years of experience and a track record of being at the forefront of technological innovation, including expertise in quantum computing, zero trust, and microsegmentation strategies. Before joining Palo Alto Networks in 2011, he developed the first migration tool, which would later evolve into what is now known as Expedition, a key resource in the industry for firewall migration and optimization.
Cobalt Strike Abuse Decreases by 80% with Fortra, Microsoft, Health-ISAC Initiative – Rohit Dhamankar – RSAC25 #2
Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra’s collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide.
Segment Resources: https://www.cobaltstrike.com/blog/update-stopping-cybercriminals-from-abusing-cobalt-strike
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!
Rohit is the Vice President of Product Strategy at Fortra. Rohit has more than 20 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Dhamankar holds a Master of Science in Electrical Engineering from the University of Texas Austin and a Master of Science in Physics from IIT in Kanpur, India.
He has worked in leading and advisory roles for many successful start-ups and Texas based VCs. Rohit has spoken at RSA, Black Hat and other cybersecurity industry conferences. In addition, he worked with the SANS Institute for many years authoring industry-driving reports and newsletters.
Quantum Readiness Starts With Visibility – Chris Hickman – RSAC25 #2
In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company’s data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe.
Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/
To learn more about the road to being quantum ready, stop by Keyfactor’s booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac
Chris Hickman is the chief security officer at Keyfactor, a leading provider of secure digital identity management solutions. As a member of the senior management team, Chris is responsible for establishing and maintaining Keyfactor’s leadership position as a world-class technical organization with deep security industry expertise. He leads client success initiatives and helps integrate the voice of the customer directly into Keyfactor’s platform and capability set.
Cyber Resilience and Business Impact – 2025 LevelBlue Futures Report – Theresa Lanowitz – RSAC25 #2
Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluersac to learn more about them!
Theresa Lanowitz is a globally recognized cybersecurity leader, former Gartner analyst, and former Chief Cybersecurity Evangelist with AT&T Cybersecurity and LevelBlue.
She is the creator of Executive-led Growth, a strategy that emphasizes the importance of business understanding in the cybersecurity market.
With a distinguished career in the technology industry, Theresa has held influential roles at companies including Gartner, Borland, Taligent, and Sun Microsystems, significantly impacting application security and emerging technologies.
Theresa is a globally respected leader known for her deep and diverse experience in cybersecurity. She frequently speaks at major industry conferences, including RSA and Black Hat sharing her insights on market trends, AI integration, and the evolving threat landscape. She’s been published in Forbes, Dark Reading, SC Media, ISMG, InformationWeek, and more, with her contributions reflecting a deep commitment to advancing cybersecurity practices and fostering innovation within the industry.
Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.
ArmorCode Unveils Anya: The First Agentic AI Security Champion for ASPM – Mark Lambert – RSAC25 #2
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap.
Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.com/armorcodersac to request a demo!
Mark Lambert is the Chief Product Officer for ArmorCode, a leader in unified exposure management. Mark has built products for more than 20 years, and helped organizations streamline the delivery of secure, reliable and compliant software applications across the enterprise, embedded and IoT markets.
Prior to ArmorCode, he held product leadership positions with Parasoft, Advanced Visual Systems (AVS) and more. Mark holds a bachelor’s and master’s degree in computer science from Manchester University, UK.
AI vs. AI: the Next Battleground for Email Security – Chris Peluso – RSAC25 #2
Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Deepfake videos, voice phishing calls and insidious generative phishing emails are giving bad actors a dangerous suite of tools to exploit individuals, businesses, and governments at a new speed and scale. Fighting back against criminal enterprises leveraging generative AI requires an equally forceful response. After initially being used purely for email filtering, discriminative AI can now learn to recognize what constitutes normal communication patterns — internally between staff and externally between employees and other stakeholders — so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. And in latest advances, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message - no matter what words are used, how many misspellings are introduced, or what language is used. To stay secure in in today’s fast-changing AI battleground, organizations must leverage AI in multiple ways as part of a layered security system.
This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them!
Chris Peluso has been a leader in email security and networking for over 20 years, leading sales and sales engineering teams around the globe. He has been instrumental in launching Libraesva in the United States, overseeing all aspects of operations, sales and marketing. Prior to Libraesva, Peluso held Director roles at Kerio Technologies in the United States and the UK, as well as GFI and Flowmon while living in Germany. Since returning to the US in 2022, he’s built a loyal partner channel and customer base of mid-sized enterprises across the manufacturing, finance, retail, biotech, government and education sectors.
CyberRisk TV Live from RSAC Conference 2025 Day 2 Daily Recap – RSAC25 #2
Mandy Logan, host of Paul's Security Weekly, and Mike Shema, host of Application Security Weekly, recap the fun happenings of RSAC Conference 2025 Day 2!