Misconfiguration, The Forgotten Vulnerability and the Power and Failure of “Yes” – Danny Jenkins – BSW #409
The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it?
Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including:
- Immediate visibility into system misconfigurations before they become vulnerabilities
- Compliance transparency, showing exactly where systems fall short of industry standards
- One unified view, with filters by criticality, system, and framework
- Actionable insights, updated weekly and delivered straight to customers’ inboxes
Segment Resources:
- https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps
- https://www.threatlocker.com/platform/defense-against-configurations
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more!
Danny Jenkins is the CEO and Co-Founder of ThreatLocker, a cybersecurity company specializing in Zero Trust endpoint protection solutions. With over two decades of experience in building and securing corporate networks, including red and blue team operations, Jenkins is a recognized authority in the cybersecurity industry. He is dedicated to advancing cybersecurity awareness and frequently speaks on topics such as ransomware and the Zero Trust approach. Jenkins began his cybersecurity career in 1997 as an ethical hacker. His early career experiences reinforced the importance of proactive, robust cybersecurity measures.
Join us at InfoSec World 2025, October 27 to 29 at Disney’s Coronado Springs Resort, Lake Buena Vista! With pre-event workshops October 25–26, and post-event workshops October 29–30. Connect, learn, and level up your cyber game! Save 25% now with code ISW25-SW at https://www.securityweekly.com/ISW2025!
Join us August 26 at 11 AM Eastern for Securing the Backbone: Strategies to Counter Cyber Threats to Critical Infrastructure in the Public Sector! Hear from top experts in energy, transportation, healthcare, and more as they share real-world attacks and proven defenses. Register now for complimentary access with code CSS25-SW at securityweekly.com/cssinfra2025!
Adrian Sanabria
- The Board’s role in the aftermath: Lessons from the Coldplay concert scandal
While workplace relationships are not against the law, they do pose reputational and legal risks for employers. This article will provide an overview of these risks and best practices for employers developing a crisis response strategy.
- CEO Blind Spots That Put Your Company at Risk
Cybersecurity is often discussed at the technical level — passwords, patches, monitoring. But the most dangerous vulnerabilities? They often start in the boardroom. Because at the CEO level, the way you think about security shapes whether your business survives a digital incident. Here are the most common blind spots leaders face — and how to avoid them.
- Enhancing cybersecurity metrics: CISO strategies
Cybersecurity is a board-level concern, yet many chief information security officers (CISOs) struggle to translate technical risks into actionable insights for directors.
- The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI
In 2025, AI is not just transforming cyber threats — it’s transforming the role of cybersecurity leadership itself. Gone are the days when the CISO’s job was just to say “no” to risk. Today, the modern CISO must help the business say “yes” to secure innovation.
- Human error in cybersecurity: how leaders can prevent avoidable attacks
Human-caused breaches often happen due to a lack of secure foundations, in the form of poor organizational security controls or little training. Therefore accountability lies with the business itself, rather than with the employee making the mistake, experts say.
- When “Yes, and…” Backfires
The improv theater technique “Yes, and…” has long been a powerful tool for running better meetings. The technique creates space for contribution and drives progress when alignment and innovation are most needed. But it's also been misunderstood, misapplied, or reduced to a buzzword. When that happens, “yes, and…” loses its power and can even derail the collaboration it’s meant to foster.
