New book from Dr. Anand Singh, why CISOs buy, and the latest news – Anand Singh – ESW #428
Segment 1 - Interview with Dr. Anand Singh
We're always thrilled to have authors join us to discuss their new book releases, and this week, it is Dr. Anand Singh. He seriously hustled to get his new book, Data Security in the Age of AI, out as soon as possible so that it could help folks dealing with securing AI rollouts right now! We'll discuss why he wrote it, how he got it done so quickly, and who needs to read it.
Segment Resources:
- Get the book on Amazon: Data Security in the Age of AI (available in Kindle and print)
Segment 2 - Topic: The reasons why CISOs buy (and the things that don't matter to them)
Val Tsanev, founder of ExecWeb, part of the CyberRisk Alliance family, posted shared some VERY spicy insights about how CISOs buy products. This elicited some passionate responses.
There are many interesting insights, but the biggest and most interesting is that 76% of CISOs choose products that presents the least risk to them, personally. Career safety trumps product performance, it would seem.
Segment 3 - News
In the enterprise security news,
- Shifting Zero
- Cyber insurance, unlike cyber crime, doesn’t pay
- New AI security categories are popping up to serve Agentic and MCP servers
- how tech companies measure AI impact
- first malicious MCP server in the wild
- is your computer mouse listening to you?
- The Korean government did not follow the backup rule of three
- Think you’ve seen the absolute worst idea for a mobile app? Wait until you hear about Neon.
- We have no less than three squirrel stories involving bullets, lasers, and greasy snacks
All that and more, on this episode of Enterprise Security Weekly.
Dr. Anand Singh is a cybersecurity and technology executive with over 25 years of leadership experience across security, privacy, risk management, engineering, and IT operations. His career spans financial services, healthcare, retail, manufacturing, cloud, and SaaS, giving him a broad perspective on securing digital transformation at scale.
He currently serves as Chief Security and Strategy Officer at Symmetry Systems, a data security posture management company helping enterprises protect sensitive data in cloud-native environments.
Previously, Anand was the Global CISO at Alkami Technology, where he led the cybersecurity program through its IPO in 2021 and scaled security, privacy, and risk practices to support over 500 financial institutions and 22 million users. Before Alkami, he held leadership roles at UnitedHealth Group, Target Corporation, Caliber Home Loans, and PTC.
Don't miss InfoSec World 2025 — October 27 to 29 at Disney’s Coronado Springs Resort! Cybersecurity pros, workshops before and after, and endless networking. Save 25% with code ISW25-SW at securityweekly.com/ISW2025!
Adrian Sanabria
- FUNDING/M&A: Courtesy of the Security, Funded newsletter, issue #214 – Lock In Season
Note that the fundings here are from issue 213, while the acquisitions are from 214 and 213.
The speed of the market is a bit wild right now. We've got funding for security vendors addressing problems that haven't existed for a year yet! (MCP is almost there, but not quite a year old)
FUNDING
- Obot AI, a United States-based open-source control plane to manage and secure MCP servers, raised a $35.0M Seed from Mayfield Fund and Nexus Venture Partners.
- Prelude, a United States-based automated security testing platform, raised a $16.0M Venture Round from Brightmind Partners.
- InCountry, a United States-based data loss prevention platform for agentic AI workflows, raised a $10.0M Venture Round from Arbor Ventures.
ACQUISITIONS
- MarkMonitor, a United States-based brand fraud and abuse monitoring platform, was acquired by Com Laude for $450.0M. MarkMonitor had previously raised $45.4M in funding.
- Netography, a United States-based network detection and response (NDR) platform, was acquired by Vectra for an undisclosed amount. Netography had previously raised $45.0M in funding.
- NEW TECH: The rise of neoclouds
- CYBER INSURANCE: Sometimes, it doesn’t pay…
"The cost of failing to implement MFA properly can be significant, as the City of Hamilton in Ontario discovered earlier this summer when the city government realized that what they believed to be $5 million in covered costs from their 2024 ransomware attack would not be covered by their cybersecurity insurance policy."
- INSIGHTS: Alex Hurtado breaks down SOC architecture to help you figure out where AI best fits
This kind of work is necessary to figure out where AI will be useful and practical. The other piece of work that needs to be done in addition to Alex's excellent work here, is diagramming out the response playbooks as well.
- INSIGHTS: How tech companies measure the impact of AI on software development
A fascinating collection of the AI productivity metrics that several large tech companies use.
- SUPPLY CHAIN: First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails
- SIDE CHANNELS: New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
- RESILIENCE: G-Drive Fire Destroys 125,000 Officials’ Data
Business continuity? How about government continuity, but remove the continuity.
- LEARNING: Your Top Questions On Generative AI, AI Agents, And Agentic Systems For Security Tools Answered
A great primer on AI SOC basics from Allie Mellen over at Forrester
- AI NEWS: Google DORA: Software delivery caught up to AI coding tools
- DUMPSTER FIRE: Neon takes down app after exposing users’ phone numbers, call recordings, and transcripts
A nightmare of business idea: pay users for access to their phone calls, so you can sell them to AI companies. Believe it or not, it became the second most popular app in the App Store.
How it got worse: everything leaked.
- SQUIRREL: Only in Texas
- SQUIRREL: Hospital fined after patient files used as snack bags
- SQUIRREL: Japanese tech giant deploys laser drones to protect chickens — drones are hoped to prevent the spread of avian flu
