Forrester’s AEGIS Framework, the weekly news, and interviews with Fortra and Island – Jeff Pollard, Rohit Dhamankar, Michael Leland – ESW #424
Segment 1 - Interview with Jeff Pollard
Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security
For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best:
As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won’t be as simple or as straightforward as mobile and cloud — and that’s bad news for security leaders who in some cases still find themselves challenged by cloud security.
Segment 2 - Weekly News
Then, in the enterprise security news,
- there’s funding and acquisitions, but we’re not going to talk about them
- AI’s gonna call the cops on you
- and everyone’s losing money on it
- and Anthropic agreed to pay for all the copyright infringement they did when training models
- and Otter.ai got sued for recording millions of conversations without consent
- Burger King got embarrassed and their lawyers didn’t like it
- NPM package mayhem
- certificate authority hijinks
- AI darwin awards
All that and more, on this episode of Enterprise Security Weekly.
Segment 3 - Executive Interviews from Black Hat 2025
Interview with Rohit Dhamankar from Fortra
Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape.
Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures.
Whether you’re building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence.
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more!
Interview with Michael Leland from Island
At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity’s most urgent realities: compromised credentials aren’t a possibility — they’re a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren’t “breaking in” anymore… they’re logging in.
Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island’s enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins.
Key takeaways:
- Why credential compromise is inevitable — and how to stop credential use
- How presentation layer DLP prevents data leaks inside and outside apps
- Real-time blocking of phishing logins and unsanctioned SaaS access
- Plug-in risk scoring, version pinning, and selective extension control
- Enabling BYOD securely — even after a catastrophic laptop loss
- Why many users never go back to Chrome, Edge, or Safari after switching
Segment Resources:
This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more!
Jeff primarily contributes to Forrester’s offerings for security and risk professionals. He leads Forrester’s research on the role of the CISO, specializing in topics related to security strategy, budgets, metrics, business cases, and presenting to the board. His research also includes security services, featuring global coverage of managed security services, professional security services, and security-as-a-service. Jeff also takes an active role in Forrester’s forward-looking research on security innovation, the security market, and security predictions.
Rohit is the Vice President of Product Strategy at Fortra. Rohit has more than 20 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Dhamankar holds a Master of Science in Electrical Engineering from the University of Texas Austin and a Master of Science in Physics from IIT in Kanpur, India.
He has worked in leading and advisory roles for many successful start-ups and Texas based VCs. Rohit has spoken at RSA, Black Hat and other cybersecurity industry conferences. In addition, he worked with the SANS Institute for many years authoring industry-driving reports and newsletters.
Michael is Field CTO at Island, bringing over 30 years of data networking, operations, and cybersecurity domain expertise. He formerly served as Head of Technical Marketing and Chief Cybersecurity Evangelist at SentinelOne where he was responsible for messaging and strategic development of their XDR product roadmap as well as the identity security portfolio. Prior to SentinelOne, he held the title of Chief Technical Strategist for McAfee. Michael was the co-founder and CTO of NitroSecurity – later acquired by McAfee – where he was responsible for developing and implementing their overall SIEM technology vision and roadmap and has held senior technical management positions at Cabletron and Avaya.
Join us for InfoSec World 2025 — October 27 to 29 in sunny Lake Buena Vista, Florida at Disney’s Coronado Springs Resort! Workshops run October 25–26 and October 29–30. The premier cybersecurity conference is here — save 25% with code ISW25-SW at securityweekly.com/ISW2025!
Adrian Sanabria
- FUNDING and M&A: Courtesy of the Security, Funded newsletter, #210 – Chasing the Puck
Not a lot of time to cover funding and M&A this week, so I'll put this here so you can check it out if you have time, sorry!
FUNDING
Shift5, a United States-based intrusion detection, prevention, and incident response platform for operational technology (OT), raised a $75.0M Series C from Hedosophia.
ID.me, a United States-based identity verification platform, raised a $65.0M Series E from Ribbit Capital.
FireCompass, a United States-based breach and attack simulation (BAS) platform, raised a $20.0M Corporate Round from EC - Council.
Tidal Cyber, a United States-based threat-informed defense (TID) platform, raised a $10.0M Series A from Bright Pixel (formerly Sonae IM).
ACQUISITIONS
- AI LOL: welcome to the future, now your error-prone software can call the cops via Molly White (@molly.wiki)
- AI LOL: Why Everybody Is Losing Money On AI
- LEGAL: Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement
- LEGAL: Otter sued for recording millions without consent
- DUMPSTER FIRES: We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance
Security Researchers + Low-hanging fruit + Lawyers + DMCA = Streisand Effect
- SQUIRREL: AI Darwin Awards 2025 – Celebrating Spectacularly Bad AI Decisions
Katie Teitler-Santullo