View More ESW Episodes

Rethinking risk based vulnerability management, Black Hat expo insights, and the news – Snehal Antani – ESW #420

Interview with Snehal Antani – Rethinking Risk-Based Vulnerability Management Vulnerability management is broken. Organizations basically use math to turn a crappy list into a slightly less crappy list, and the hardest part of the job as a CIO is deciding what NOT to fix. There has to be a better way, and there is… Segment Resources: https://horizon3.ai/intelligence/blogs/vulnerability-management-is-broken-there-is-a-better-way/ This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3 to learn more about them! Topic – Andy Ellis’s Black Hat Expo Experience Andy Ellis visited every booth at Black Hat. Every. Single. One. He wrote up what he learned and we discuss ...

This episode is sponsored by
Full Show Notes
Segment One

Rethinking risk based vulnerability management, Black Hat expo insights, and the news – Snehal Antani – ESW #420

Interview with Snehal Antani - Rethinking Risk-Based Vulnerability Management

Vulnerability management is broken. Organizations basically use math to turn a crappy list into a slightly less crappy list, and the hardest part of the job as a CIO is deciding what NOT to fix. There has to be a better way, and there is...

Segment Resources:

This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3 to learn more about them!

Topic - Andy Ellis's Black Hat Expo Experience

Andy Ellis visited every booth at Black Hat. Every. Single. One. He wrote up what he learned and we discuss his findings!

https://www.duha.co/state-of-security-vendors-blackhat-2025/

News

Finally, in the enterprise security news,

  1. Tons of handy new and free tools!
  2. is cybersecurity really at the latter stages of consolidation?
  3. new books
  4. is our obsession with risk quantification hurting our credibility?
  5. AI trends
  6. is there an impending AI layoff-pocalypse?
  7. we explain the kids’ favorite new term: Clanker

All that and more, on this episode of Enterprise Security Weekly.

Guest
CEO and Co-Founder at Horizon3.ai

Snehal Antani is co-founder and CEO of Horizon3.ai. Prior to Horizon3.ai, he was a CTO in the US Joint Special Operations Command (JSOC), the CTO of Splunk, and a CIO within GE Capital. Snehal holds 18 patents granted by the USPTO in data processing, cloud computing, and virtualization. He regularly participates in keynote speeches and often writes articles on leadership, innovation, digital transformation, data security, and cloud security.

Announcements

  • Join us at InfoSec World 2025, October 27 to 29 at Disney’s Coronado Springs Resort, Lake Buena Vista! With pre-event workshops October 25–26, and post-event workshops October 29–30. Connect, learn, and level up your cyber game! Save 25% now with code ISW25-SW at https://www.securityweekly.com/ISW2025!

  • Join us August 26 at 11 AM Eastern for Securing the Backbone: Strategies to Counter Cyber Threats to Critical Infrastructure in the Public Sector! Hear from top experts in energy, transportation, healthcare, and more as they share real-world attacks and proven defenses. Register now for complimentary access with code CSS25-SW at securityweekly.com/cssinfra2025!

List of Articles

Adrian Sanabria

  1. MARKET ANALYSIS: Every industry goes through 4 stages of consolidation, and cybersecurity is now at stage 3 (less than 10 years away from full consolidation).

    An interesting theory, but I'm not sure if it applies to cybersecurity. As an industry, we're inexorably tied to other industries. Are we going to follow the same trends if we're not really an 'industry' in the functional sense of the term?

  2. NEW BOOKS: Mastering Third-Party Risk

    Mastering Third-Party Risk: A Practical Handbook for Managing Vendor, Third-Party, and Supply Chain Threats in Every Organization

    My good friends Gary Hayslip and Matt Stamper are two of the five authors!

  3. NEW TOOLS: Release the Hounds – free, open source BloodHound extensions from SpecterOps!

    SnowHound - The BloodHound extension for Snowflake provides a powerful way to visualize access control and potential attack paths within a Snowflake environment.

    1PassHound - The 1Password for Business OpenGraph extension lets you bring your 1Password ACL data into BloodHound’s graph‑analysis framework.

    GitHound - GitHound is a BloodHound OpenGraph collector for GitHub, designed to map your organization’s structure and permissions into a navigable attack‑path graph.

  4. FREE TOOLS: Reality Defender Launches Public API and Free Tier to Bring Enterprise-Grade Deepfake Detection to Every Developer

    Very cool that Reality Defender is providing a free tier for their tools. Good, positive PR.

  5. NEW TOOLS: 4 MCP security tools, from Clint Gibler
  6. NEW TOOLS: CISA Unveils Eviction Strategies Tool to Aid Incident Response

    LOVE this. It's basically a tool to focus on scenario or threat actor-specific attacks and effective responses to them.

    Here's the direct link: https://www.cisa.gov/resources-tools/resources/eviction-strategies-tool

  7. RISKY THOUGHTS: Cybersecurity loves to quantify risk, but what if our obsession with putting a number on everything is actually doing more harm than good?
  8. AI TRENDS: Google says it’s working on a fix for Gemini’s self-loathing ‘I am a failure’ comments
  9. AI TRENDS: What you really need to know about ChatGPT-5
  10. ESSAYS: I’m Worried It Might Get Bad

    Will AI lead to massive layoffs and unemployment? I doubt it.

  11. SQUIRREL: How ‘Clanker’ Became the Internet’s New Favorite Slur

Ayman Elsawah

  1. CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds