View More ESW Episodes

Fix your dumb misconfigurations, AI isn’t people, and the weekly news – Wendy Nather, Danny Jenkins – ESW #436

Interview with Danny Jenkins: How badly configured are your endpoints? Misconfigurations are one of the most overlooked areas in terms of security program quick wins. Everyone freaks out about vulnerabilities, patching, and exploits. Meanwhile, security tools are misconfigured. Thousands of unused software packages increase remediation effort and attack surface. The most basic misconfigurations lead to breaches. Threatlocker spotted this opportunity and have extended their agent-based product to increase attention on these common issues. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more! Interview with Wendy Nather: Recalibrating how we t...

This episode is sponsored by
Full Show Notes
Segment One

Fix your dumb misconfigurations, AI isn’t people, and the weekly news – Danny Jenkins, Wendy Nather – ESW #436

Interview with Danny Jenkins: How badly configured are your endpoints?

Misconfigurations are one of the most overlooked areas in terms of security program quick wins. Everyone freaks out about vulnerabilities, patching, and exploits.

Meanwhile, security tools are misconfigured. Thousands of unused software packages increase remediation effort and attack surface. The most basic misconfigurations lead to breaches. Threatlocker spotted this opportunity and have extended their agent-based product to increase attention on these common issues.

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more!

Interview with Wendy Nather: Recalibrating how we think about AI

AI and the case for toxic anthropomorphism. When Wendy coined this phrase on Mastodon a few weeks ago, I knew that she had hit on something important and that we needed to discuss it on this podcast.

We were lucky to find some time for Wendy to come on the show!

Quick note: while this was not a sponsored segment, 1Password IS currently a sponsor of this podcast. That doesn’t really change the conversation any, except that I have to be nice to Wendy. But why would anyone ever be mean to Wendy???

Weekly Enterprise News

Finally, in the enterprise security news,

  1. Dozens of funding rounds over the past two weeks
  2. Windows is becoming an Agentic OS? We talk about what that actually means.
  3. Some great free tools
  4. the latest cyber insurance trends
  5. we analyze some recent breaches
  6. the stop hacklore campaign
  7. some essays worth reading
  8. and a how a whole country dropped off the internet, because someone forgot to pay a GoDaddy invoice

All that and more, on this episode of Enterprise Security Weekly.

Guests
CEO & Co-Founder at ThreatLocker

Danny Jenkins is the CEO and Co-Founder of ThreatLocker, a cybersecurity company specializing in Zero Trust endpoint protection solutions. With over two decades of experience in building and securing corporate networks, including red and blue team operations, Jenkins is a recognized authority in the cybersecurity industry. He is dedicated to advancing cybersecurity awareness and frequently speaks on topics such as ransomware and the Zero Trust approach. Jenkins began his cybersecurity career in 1997 as an ethical hacker. His early career experiences reinforced the importance of proactive, robust cybersecurity measures.

Senior Research Initiatives Director at 1Password
http://cisco.com/

Wendy Nather is the Senior Research Initiatives Director at 1Password. She previously led strategic engagements at Cisco and served as Research Director at both the Retail ISAC and 451 Research, where she covered application security, threat intelligence, security services, and emerging technologies.

A former CISO in both the public and private sectors, Wendy headed IT security for the EMEA region of Swiss Bank Corporation’s investment banking division (now UBS) and for the Texas Education Agency. She is co-author of The Cloud Security Rules and has been recognized as an SC Magazine “Woman in IT Security Power Player,” a Reboot Leadership Awards “Influencer,” and a 2021 inductee into the Infosecurity Europe Hall of Fame.

Wendy serves on the board of Sightline Security, is a Senior Fellow with the Atlantic Council’s Cyber Statecraft Initiative, and sits on the IST Ransomware Task Force steering committee. She is based in Fort Collins, Colorado.

List of Articles

Adrian Sanabria

  1. FUNDING: Courtesy of the Security, Funded newsletter, #222 – Post-Turkey Funding (PTF)

    The post-turkey funding was pretty light, but the week OF Thanksgiving was a bit crazy with fundings! I'm going to list them here, but we probably won't have time to discuss many (if any) of them.

    Good news - neither week had additional layoffs listed! Bad news - I noticed Aqua Security did some layoffs earlier this week.

    FUNDING FROM LAST WEEK

    1. Guardio, an Israel-based remote browser isolation platform, raised a $80.0M Series B from ION Crossover Partners.
    2. Doppel, a United States-based brand identity and risk protection platform, raised a $70.0M Series C from Bessemer Venture Partners.
    3. WAIT, WHAT? -> Twenty Technologies, a United States-based offensive cyber warfare operations platform, raised a $38.0M Series A from Caffeinated Capital.
    4. Apono, a United States-based Permission Management Solution for DevOps, raised a $34.0M Series B from U.S. Venture Partners.
    5. Bedrock Data, a United States-based data security platform using AI for data risk assessments and data posture management, raised a $25.0M Series A from Greylock.
    6. Nudge Security, a United States-based SaaS security and AI governance platform, raised a $22.5M Series A from Cerberus Ventures.
    7. Method Security, a United States-based threat detection and response (TDR) platform focused on critical national infrastructure, raised a $21.5M Series A from Andreessen Horowitz and General Catalyst.
    8. Mate Security, an Israel-based agentic AI security operations platform, raised a $15.5M Seed from Team8 and Insight Partners.
    9. Feroot Security, a Canada-based platform for securing JavaScript web applications through synthetic user testing and server-side configurations, raised a $14.0M Series A from True Ventures.
    10. Runlayer, a United States-based Model Context Protocol (MCP) application security platform, raised a $11.0M Seed from Khosla Ventures and Felicis.
    11. Secure.com, a Switzerland-based AI-assisted security operations platform, raised a $4.5M Seed from Disrupt Ventures.
    12. authID, a United States-based identity and authentication as a service platform, raised a $3.7M in post-IPO Equity from Kyle Wool and Steve Garchik.
    13. Aeris, a United States-based IoT networking and security platform, raised an undisclosed Private Equity Round from TA Associates.

    FUNDING FROM THIS WEEK

    1. Clover Security, an Israel-based AI-assisted security design review platform, raised a $30.0M Series A from Notable Capital and Team8.
    2. SpecterOps, a United States-based breach and attack path management platform, raised a $30.0M Venture Round.
    3. Opti, a United States-based AI agent-driven identity and access management platform, raised a $20.0M Seed from YL Ventures, Mayfield Fund, and Hetz Ventures.
    4. Clavister, a Sweden-based network and identity security platform, raised a $17.6 in post-IPO Equity.
    5. vijil, a United States-based governance and safety platform for AI agents, raised a $17.0M Venture Round from Brightmind Partners.
    6. CodeNotary, a United States-based software supply chain security platform, raised a $16.5M Funding Round.
    7. NetFoundry, a United States-based secure networking platform, raised a $15.0M Series A from Cisco Investments.
    8. Blast Security, a United States-based cloud security platform focused on preventative guardrails, raised a $10.0M Seed from 10D and MizMaa Ventures.
    9. Social Links, a United States-based open-source intelligence data processing platform, raised a $3.0M Seed from Yellow Rocks!.
  2. NEW FEATURES: Microsoft just revealed how Windows 11 is evolving into an agentic OS — finally the explanation we’ve all been waiting for
  3. FREE TOOLS: GreyNoise IP Check
  4. FREE TOOLS: ‘Slop Evader’ Lets You Surf the Web Like It’s 2022
  5. CYBER INSURANCE: Insurer Beazley Steps Back From Cyber Market as Attacks Surge

    Beazley is losing money on cyber insurance. Others say premiums are going down. Another story we have this week is claiming premiums are doubling. Who is right and wrong? I'm so confused.

  6. CYBER INSURANCE: Are premiums increasing? Are there really crazy cutouts like ransomware?

    The other story we have on cyber insurance says that more than 50% of payouts have been for ransomware. Here, he says policies aren't covering ransomware. Who is correct? I'm so confused.

  7. BREACHES: Virginia Twins Arrested for Conspiring to Destroy Government Databases – DataBreaches.Net

    Yet another case of handling "the angry admin" poorly. Identity governance is a delicate matter when you reach the 'leaver' stage with an employee you don't trust (or worse, has a felony record).

  8. BREACHES: A customer literally hacked our AI agent through a feedback form and we had no idea

    Learning how to secure AI from Reddit in real time.

    Not ideal.

  9. CAMPAIGNS: Stop Hacklore!

    Championed by Bob Lord, the stop hacklore campaign aims to bring attention to common cybersecurity myths that impact consumers.

  10. REGULATION: US Supreme Court wrestles with copyright dispute between Cox and record labels

    This is a pretty crazy one. Record labels want ISPs to kick off users who pirate content. Of course, ISPs don't have "users", they have households and businesses. Someone in the waiting room of a hospital downloads "Fade to Black" off Limewire and the whole hospital loses Internet access?

    Of course not - an outcome like that is unthinkable. As is even a single home losing Internet access when, according to the Benton Group, one third of Americans have access to only one ISP or none at all. Steal a song and lose Internet access for good? For being accused of copyright infringement, not even found guilty of a crime by a court - just an accusation would be enough, as they're proposing this agreement.

    Something like this couldn't possibly pass, could it?

  11. ESSAYS: The interdependence collapse: Why Fortune 100 CISOs are losing control of their security outcomes

    TL;DR - CISO's aren't in control of outcomes, because so much of the business is outsourced to 3rd parties.

  12. ESSAYS: How to get fired
  13. ESSAYS: We need more security generalists
  14. PAPERS: Securing the Model Context Protocol (MCP): Risks, Controls, and Governance
  15. SQUIRREL: Our Country is Down

    Pay your bills, folks

Sean Metcalf

  1. IBM CEO says math around AI spending makes no sense
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds