Digital Supply Chains, AI Blind Spots & Cyber Executive Protection – Black Hat Day 2 – BH25 #2
Welcome to Day 2 of Black Hat 2025, live from the Cyber Risk TV studio at Mandalay Bay, Las Vegas! In this engaging and unpredictable daily intro, Doug White sits down with cybersecurity expert Jackie McGuire for a candid, hilarious, and deeply insightful conversation covering today’s most pressing cyber risks.
Key Highlights:
The hidden dangers in digital supply chains & the growing risk of vibe coding
How AI blind spots can compromise software security and import practices
The shift in executive protection from physical guards to digital defense
Real-world stories of data broker noncompliance, doxxing, and location exposure
Witty breakdowns of LLM failures, sarcasm training data, and AI inconsistencies
Whether you're a cybersecurity professional, developer, or tech enthusiast, this segment is a must-watch for understanding how today’s AI and digital ecosystems are reshaping risk management and personal security.
Don’t miss the part where Jackie discusses using deodorant as a hotel water outage workaround — or how sarcasm on motorcycle forums may be misleading your AI.
New interviews daily from Black Hat 2025. Subscribe and turn on notifications to stay ahead of the cyber curve!
Visit https://securityweekly.com/blackhat for all the coverage of this year's event!
- - Welcome to Black Hat 2025: Day 2 Kickoff
- - Jackie’s Hilarious Hotel Water Crisis
- - The Hidden Risks in Digital Supply Chains
- - Vibe Coding & Software Dependency Chaos
- - Importing Everything: A Cybersecurity Concern
- - Can LLMs Distinguish Sarcasm from Fact?
- - The Dangers of Trusting AI Without Validation
- - Executive Protection in the Digital Age
- - Account Compromise & Market Manipulation
- - Party Highlights & What’s Next at Black Hat
Unified Cryptographic Management: The Foundation of Digital Trust in the Quantum Era – Ted Shorter – BH25 #2
At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time.
Ted breaks down what "full crypto visibility" really means, why it’s crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor’s acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow.
Don’t wait for the breach. Watch this and start your quantum strategy now.
If digital trust is the goal, cryptography is the foundation.
Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/
For more information about Keyfactor’s latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh
- - Surviving Day One at Black Hat 2025
- - Quantum Computing: Cool, Weird, and Terrifying
- - How Quantum Threatens RSA & ECC Encryption
- - NIST’s Post-Quantum Algorithm Progress
- - Why 2030 Is the Critical Deadline
- - Keyfactor’s Acquisitions & Quantum Strategy
- - Legacy Tech and the Quantum Security Gap
- - Full Crypto Visibility: What It Really Means
- - Building Your Quantum Transition Plan
- - Final Thoughts & Why the Time to Act Is Now
Ted Shorter is the Chief Technology Officer and co-founder at Keyfactor. Responsible for Keyfactor’s Intellectual Property development efforts, Ted helps align Keyfactor’s focus with the changing security landscape, ensuring our clients understand the importance of crypto-agility.
Ted has worked in the security arena for over 25 years, in the fields of cryptography, Public Key Infrastructure, authentication and authorization, and software vulnerability analysis. His past experience includes 10 years at the National Security Agency, a master’s degree in computer science from The Johns Hopkins University, and an active CISSP certification.
The End of an Era: Modernizing Vulnerability Management – J.J. Guy – BH25 #2
Live from Mandalay Bay, Las Vegas — CyberRisk TV dives deep into the evolving landscape of cyber asset visibility, vulnerability management, and exposure prioritization. Host Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding.
From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Learn how consolidating asset data, business context, and agent deployment metrics leads to more accurate risk models, powerful executive-level dashboards, and scalable security operations.
Highlights:
Why CMDBs and traditional scanners are no longer enough
The real reason 20% of machines are invisible to your security stack
How multi-source asset fusion is revolutionizing threat exposure
Bridging the gap between operational patching and board-level risk quantification
What Gartner's new Exposure Management Magic Quadrant means for the future
Whether you're a CISO, vulnerability analyst, or cloud security architect, this conversation is packed with insights you can't afford to miss.
Segment Resources: How Exposure Management Addresses Five Challenges of Vulnerability Management: https://www.sevcosecurity.com/exposure-management-addresses-5-challenges-of-vulnerability-management/
What should you look for in an Exposure Assessment Platform (EAP)? Read this buyer’s guide to find out: https://www.sevcosecurity.com/resource-articles/the-exposure-assessment-platform-buyers-guide/
Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh
- - Welcome to Black Hat 2025: Live from Mandalay Bay
- - J.J. Guy on Sevco’s Origin and the CASM Framework
- - Why Asset Inventory is the Foundation of Security
- - Bridging CASM and Vulnerability Management
- - Business Context and the Evolving Risk Landscape
- - Challenges with Legacy Vulnerability Scanning Tools
- - From On-Prem to Cloud: The Inventory Visibility Problem
- - Agent Deployment Gaps and Security Blind Spots
- - Building a Risk Model for Executives, Not Just Ops
- - The Future: Risk Prioritization, Gartner MQ & What’s Next
J.J. is the CEO and co-founder of Sevco Security. After spending a decade as an intelligence officer, J.J. joined the founding team of Carbon Black, blazing the trail to create the EDR market. Most recently, J.J. was the Chief Operating Officer of JASK.
AppSec under AI pressure with Idan Plotnik of Apiiro – Idan Plotnik – BH25 #2
At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028.
From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk.
What you'll learn in this interview:
Why AI coding tools are increasing code complexity and risk
The massive cost of unnecessary APIs in cloud environments
How to automate secure code without slowing down delivery
Why most CISOs fail to connect security to revenue (and how to fix it)
How Apiiro’s Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale
This isn’t just another AI hype talk. It’s a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers.
Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue.
Segment Resources: Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Apiiro AutoFix Agent. Built for Enterprise Security (Deep Dive Demo): https://youtu.be/WnFmMiXiUuM
This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh.
- - Welcome to Black Hat 2025 at Cyber Risk TV
- - Meet Idan Plotnik: Ex-Microsoft & Apiiro CEO
- - The Pain Behind Starting Apiiro
- - 75% of Engineers Will Use AI Assistants by 2028
- - The Hidden Risks of AI-Powered Code Commits
- - Why More Code Means More Vulnerabilities
- - Unvetted Dependencies & API Sprawl Explained
- - Cloud Costs, Security, and the Data Disconnect
- - How Apiiro’s Deep Code Inventory Works
- - Autofix AI Agent: Fixing Code with Full Context
Idan is a serial entrepreneur and product strategist, bringing to Apiiro nearly 20 years of experience in cybersecurity. Previously, Idan was Director of Engineering at Microsoft following the acquisition of Aorato where he served as the founder and CEO.
Shaping the Future of Threat Intelligence-driven Cybersecurity – Jason Passwaters – BH25 #2
Live from CyberRisk TV at BlackHat 2025, cybersecurity veteran Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today’s most dangerous digital threats.
Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. Learn how modern cyber intelligence tools help businesses shift from passive defense to proactive operationalization, and why third-party vendor exposure might be your biggest unseen risk.
Whether you're a CISO, risk analyst, or just fascinated by the cyber underground, this discussion breaks down what every enterprise needs to know to stay ahead of tomorrow’s threats.
Segment Resources:
Verity471: https://www.intel471.com/verity471
Bridging the CTI Gap: https://www.intel471.com/blog/bridging-the-cti-gap-new-exposure-modules-on-verity471-deliver-market-disrupting-views-of-threats
Black Basta: https://www.intel471.com/resources/whitepapers/the-black-basta-blueprint
GIR Framework: https://www.intel471.com/resources/cyber-underground-handbook
This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them!
- - Intro from BlackHat 2025
- - Meet Jason Passwaters of Intel 471
- - Evolution of Cybersecurity Teams
- - Intelligence Beyond the Firewall
- - Lowering the Barrier for Attackers
- - The Rise of Cybercrime as a Business
- - Agentic AI and Risk Operationalization
- - Integrating Intel Across the Enterprise
- - Supply Chain Threats and Vendor Risks
- - Real-World Example: SolarWinds Breach
- - Final Thoughts & Where to Learn More
Jason Passwaters is the CEO of Intel 471, a cyber threat intelligence company headquartered in the United States and with over 250 employees located across the globe. He co-founded the business eleven years ago and successfully bootstrapped Intel 471 through 2021 at which point the company underwent a strategic investment by private equity firm Thoma Bravo. Presently, Jason is steering Intel 471 through a phase of substantial growth, with a primary focus on strategy as well as mergers and acquisitions to fortify the company’s long-term vision and objectives. Jason’s experience draws from nearly 12 years of service in the US Marine Corps. During this period, he served primarily as a Counterintelligence/Human Intelligence (HUMINT) specialist. Additionally, Jason spent four years supporting federal law enforcement, specializing in tracking Eastern European and Russian cybercriminals. He also has experience with other cybersecurity startups that went on to successful exits.
Jason has been at the forefront of the commercial cyber threat intelligence industry since its inception being one of the few practitioners early on with deep experience in both the intelligence community and cyber. With a wealth of international experience, Jason has led and built teams across diverse locations such as Ukraine, Taiwan, China, India, Romania, Brazil, Colombia, Netherlands, United Kingdom, and more. As an accomplished intelligence practitioner, he has spearheaded and executed cyber threat intelligence initiatives, contributing significantly to the identification and mitigation of some of the most prolific cybercriminals and nation-state actors of the past 19+ years. Jason earned his BS in Business Management from Liberty University.
You Can’t Get There From Here: Why We Need A New Way to Manage Exposure – HD Moore – BH25 #2
At Black Hat 2025, CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a no-BS conversation on why vulnerability management is still failing enterprises — and what needs to change now. Hosted by Jackie McGuire, this interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility.
HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. From the evolution of pentesting to the pitfalls of modern tooling, this interview offers a powerful call to rethink how we manage risk.
Topics Covered:
Why vulnerability tools are worse today than 20 years ago
The myth of full visibility in enterprise security
How AI and Shadow IT are accelerating unauthenticated risk
The "garage keypad is 1234" problem in cyber hygiene
runZero’s unique approach: find everything, fast, without credentials
What every CISO needs to hear to justify better investments
If you're tired of dashboards full of false confidence and alerts that don’t matter, this is your wake-up call.
Segment Resources: https://www.runzero.com/resources/is-vuln-management-dead-psw-880/ https://www.runzero.com/blog/new-era-exposure-management/ https://www.runzero.com/resources/your-next-incident-wont-have-a-cve/ https://www.runzero.com/resources/pirates-guide-to-snake-oil-security/
Try runZero free! Get started at https://securityweekly.com/runzerobh
- - Intro from BlackHat 2025 with Jackie McGuire
- - Meet HD Moore, CEO & Co-Founder of runZero
- - Why Vulnerability Management Is Still Broken
- - The Problem with Unauthenticated Discovery
- - The Tool Overload & Data Volume Crisis
- - HD’s Offensive Testing Background & Approach
- - How runZero Finds Hidden & Exploitable Assets
- - Real-World Risks: Shadow IT & AI Expansion
- - Explaining Vulnerability Management to CEOs
- - Why Security Tools Are Often the Weak Link
- - Final Thoughts & Where to Learn More About runZero
HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.
HD serves as the CEO and founder of runZero, which provides a single source of truth for exposure management across your total attack surface. Delivering in-depth visibility into every asset and exposure, runZero helps you mitigate risks faster, meet compliance requirements, and ensure you continuously discover critical insights that others miss — including unknown and unmanageable devices and elusive exposures that evade traditional tools.
Prior to founding runZero, HD held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON. HD’s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks.
The Rising Need for Offensive Security Strategy and Skill – Rohit Dhamankar – BH25 #2
Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape.
Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures.
Whether you’re building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence.
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them!
- - Intro: Offensive Security at Black Hat 2025
- - Guest Intro: Rohit Dhamankar from Fortra
- - Why Offensive Security Is Gaining Regulatory Attention
- - Pen Testing vs. Red Teaming Explained
- - The Shift from Hope to Proof in Cybersecurity
- - The Need for Continuous Penetration Testing
- - How to Mature into a Continuous Testing Strategy
- - Red Teaming Challenges & Resource Strategies
- - Can AI Enhance Red Teaming at Scale?
- - Purple Teaming & Red/Blue Collaboration Platforms
- - Final Thoughts: Building an Offensive Security Strategy
Rohit is the Vice President of Product Strategy at Fortra. Rohit has more than 20 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Dhamankar holds a Master of Science in Electrical Engineering from the University of Texas Austin and a Master of Science in Physics from IIT in Kanpur, India.
He has worked in leading and advisory roles for many successful start-ups and Texas based VCs. Rohit has spoken at RSA, Black Hat and other cybersecurity industry conferences. In addition, he worked with the SANS Institute for many years authoring industry-driving reports and newsletters.
AI Arms Race, Supply Chain Nightmares & Booth Scams – Day 2 Recap – BH25 #2
Day 2 at BlackHat USA 2025 was a whirlwind of insights, chaos, and unforgettable moments. In this high-energy wrap-up, Dr. Doug White and Matt Alderman dive deep into today’s hottest cybersecurity themes — from agentic AI reshaping threat intel to the explosive growth of Continuous Threat Exposure Management (CTE).
From wandering a massive, Vegas-sized expo floor to dodging badge scanners and tracking down elusive booths (shoutout to the Yeti), it’s equal parts tech talk and con survival guide. They explore how AI is outpacing human defenders, what that means for vulnerability management, and how the industry's most forward-thinking vendors are positioning themselves in this new threat landscape.
This isn’t your typical recap — it’s part rant, part revelation, and 100% unfiltered BlackHat energy.
Missed BlackHat? This is your fast pass to the big conversations, booth gossip, and unmissable insights.
- - Day 2 Wrap-Up Begins at BlackHat 2025
- - Titles, Badges & Identity Confusion
- - Free Pepper Spray & Show Floor Chaos
- - Intel, Threat Surface & CTE Insights
- - AI-Powered Threat Intel: Friend or Foe?
- - The Lopsided Battle: Offense vs Defense
- - AI in the Software Supply Chain
- - Traffic Jams & Massive Exhibit Hall
- - Startup Alley & Creative Booth Tactics
- - Recon Missions, Media Zones & Wrap-Up
