From Misconfigurations to Mission Control: Lessons from InfoSec World 2025 – Rob Allen, Perry Schumacher, Marene Allison, Ryan Heritage, Patricia Titus, Dr. Ron Ross – ESW #435
Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year’s conference.
In this episode: * You Don’t Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. * Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. * The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. * Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at “the speed of relevance.” * The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. * Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape.
Segment Resources
- ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations
Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more!
This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them!
Rob Allen, Chief Product Officer of ThreatLocker, is an IT Professional with three decades of experience assisting small and medium enterprises embrace and utilize technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by businesses today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customers’ needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries. Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks.
Perry Schumacher is the Chief Strategy Officer and Partner at Ridge IT Cyber, bringing more than two decades of hands-on experience in IT and cybersecurity to the table. His career has taken him across multiple continents, where he’s tackled complex security challenges in industries ranging from aerospace and defense to utilities and rail systems—giving him a unique, real-world perspective on how different sectors approach cyber threats.
At Ridge IT Cyber, Perry leads the charge on strategic initiatives that strengthen organizations’ cyber resilience. He’s passionate about developing innovative security solutions and helping companies navigate the ever-evolving threat landscape through cutting-edge managed IT services. His extensive background in business process improvement means he doesn’t just understand the technical side of cybersecurity—he knows how to make it work for businesses on a practical level.
Marene N. Allison is a seasoned cybersecurity and risk management leader currently serving as an Advisor at Sicura, Inc. She formerly served as Chief Information Security Officer at Johnson & Johnson, where she led global IT risk mitigation and compliance efforts. Her prior roles include Chief Security Officer and Vice President at Medco, and security leadership positions at Avaya and A&P. Earlier in her career, she served as an FBI Special Agent and U.S. Army Military Police officer. A graduate of West Point’s first co-ed class, she has contributed to federal advisory committees on security and women in the military, and is a founding member of West Point Women.
Major General Ryan Heritage (retired) graduated from the George Washington University in Washington, D.C. in 1990. He was commissioned through the Naval Reserve Officer Training Corps Program. He began his career as an infantry officer having served multiple tours with the II and III Marine Expeditionary Force and supporting establishment. As a General Officer he served as the Deputy Director, Future Operations at US Cyber Command; Commanding General of the Marine Corps Recruit Depot and Western Recruiting Region in San Diego, CA followed by command of Marine Corps Forces Cyber Command, Marine Corps Forces Space Command and the Marine Corps Information Command. He retired after serving as the Director of Operations, US Cyber Command.
Patricia Titus, a Field Chief Information Security Officer at Abnormal AI, brings over 25 years of CISO experience to her role. Her extensive background includes CISO positions at prominent organizations such as Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the U.S. Transportation Security Administration. Throughout her career, she has been responsible for developing and implementing security strategies that align with business objectives and ensure adherence to global regulations. Recognized for her expertise in areas like risk management, artificial intelligence, cybersecurity operations, and crisis management, Patricia has a proven track record of optimizing security frameworks, improving business resilience, and incorporating innovative solutions, including AI, into security practices. She currently contributes her expertise by serving on the boards of Black Kite, The Girl Scouts of the Commonwealth of Virginia, and Glasswing Ventures.
Ron Ross is the Chief Executive Officer at RONROSSECURE, LLC, a cybersecurity advisory company, and a Fellow at Dartmouth College. His focus areas include computer and information security, systems security engineering, trustworthy computing, high assurance systems, and security risk management. Dr. Ross currently supports the Dartmouth Institute for Security,Technology, and Society conducting applied research in secure systems engineering. A former Fellow at the National Institute of Standards and Technology, Dr. Ross led the NIST Systems Security Engineering and FISMA Implementation Projects which included the development of cybersecurity standards and guidance for the federal government, contractors, and United States critical infrastructure.
