Full Show Notes
Segment One

Ransomware in 2025: How Cybercriminals Operate & How to Stop Them – WC #1

Key Moments
  • 0:00 - What ransomware looks like today
  • 03:00 - Ransomware-as-a-service explained
  • 10:00 - How attackers set ransom prices
  • 16:00 - How attacks actually happen
  • 25:00 - Real-world tactics & marketplaces
  • 38:00 - How to prevent ransomware
  • 49:00 - Incident response best practices
Segment Two

Data Privacy for CISOs: How to Build a Privacy-First Security Strategy (2025 Guide) – WC #1

Key Moments
  • 0:00 - Introduction & Webinar Overview
  • 02:30 - About Cyber Risk Collaborative & CISO Toolkits
  • 05:50 - Meet the Expert Panel
  • 09:20 - Why Data Privacy Matters Today
  • 12:10 - Core Principles of Privacy-First Strategy
  • 13:30 - Data Inventory & Asset Mapping Challenges
  • 15:30 - Privacy by Design & Real-World Risks
  • 18:15 - Role of CISOs & Executive Leadership
  • 21:10 - Global Privacy Regulations Explained
  • 25:50 - Why You Should NOT Default to Strictest Compliance
  • 27:20 - AI, Vendor Risk & Privacy Concerns
  • 30:20 - AI Data Risks & Security Pitfalls
  • 31:30 - Tools & Technologies for Privacy Programs
  • 35:15 - Frameworks, Training & Practical Implementation
  • 37:25 - Data Retention vs Data Destruction
  • 40:25 - Archiving Strategies & Industry Challenges
  • 44:50 - Budget Constraints & Building a Program
  • 46:50 - Basic Security Controls That Prevent Breaches
  • 49:00 - Working with Legal & Compliance Teams
  • 50:30 - AI-Generated Data & Classification
  • 52:20 - Privacy Policies & Documentation Best Practices
  • 53:30 - Building Privacy Programs on a Budget
  • 55:40 - Key Takeaways & Final Thoughts
Segment Three

AI in Security Operations: How to Automate Your SOC & Stop Threats Faster – WC #1

Key Moments
  • 0:00 - Introduction & Webinar Overview
  • 01:55 - What AI Really Means in Cybersecurity
  • 03:35 - Machine Learning vs Generative AI in Security
  • 04:58 - Why Humans Still Matter in SOCs
  • 06:00 - AI in Security Workflows Explained
  • 09:30 - The Problem with Traditional SIEM & SOC Tools
  • 11:00 - Rethinking Detection Engineering
  • 13:20 - Platform vs “A La Carte” Security Tools
  • 14:10 - What is Cortex XSIAM? (Full Breakdown)
  • 17:20 - AI vs Automation: What Actually Matters
  • 20:45 - Why Automation is Now a MUST-Have
  • 23:40 - Challenges Managing Security Tools & Data
  • 25:40 - How AI Helps SOC Efficiency & Parsing Data
  • 28:00 - Practical AI Use Cases in Security Teams
  • 30:15 - How to Start Implementing AI in SOCs
  • 33:00 - Why Security Teams Need Practice & Simulation
  • 35:00 - Hackathons & Improving SOC Efficiency
  • 37:55 - Why Most Breaches Are Process Failures
  • 43:00 - Alert Fatigue: Red Flags vs Yellow Flags
  • 46:40 - Best SOC Use Cases for AI
  • 49:15 - Visibility Gaps & Using AI to Solve Them
  • 50:40 - Ensuring AI Helps (Not Replaces) Humans
  • 53:40 - Avoiding “Busy Work” in Security
  • 58:00 - Final Q&A & Key Takeaways
Segment Four

Generative AI & Cybersecurity: Risks, Ethics, and Governance Every CISO Must Know – WC #1

Key Moments
  • 0:00 - Introduction & Webinar Overview
  • 02:00 - What is Generative AI in Cybersecurity?
  • 05:30 - Meet the Expert Panel
  • 09:15 - Why AI Adoption is Accelerating So Fast
  • 13:40 - The “Nuclear Power Plant” Analogy for AI Risk
  • 18:00 - Why AI Governance is So Difficult
  • 20:20 - AI Frameworks & Compliance Explained
  • 22:20 - How CISOs Can Keep Up with AI
  • 26:20 - AI-Powered Cyber Threats Explained
  • 30:20 - Deepfakes & Real-World Attack Examples
  • 33:00 - Using Business Impact Analysis for AI Risk
  • 35:40 - Governance Strategies for AI Security
  • 37:20 - Enabling AI Innovation Safely
  • 39:50 - Key Metrics CISOs Should Track
  • 44:45 - Will AI Take Your Job?
  • 45:40 - AI: Benefit or Threat to Society?
  • 47:15 - Will AI Surpass Human Intelligence?
  • 51:10 - How AI is Improving Security Operations
  • 53:30 - Final Takeaways & Expert Advice
Segment Five

Microsoft Copilot Security Risks: How to Fix Data Oversharing with AI Governance – WC #1

Key Moments
  • 0:00 - Introduction & Webinar Overview
  • 01:30 - Why Enterprise Data is the New Battleground
  • 03:00 - Copilot & the “Flattening” of Knowledge
  • 05:00 - The Challenge of Data Access vs Security
  • 08:00 - Data Privacy, Compliance & Real Risks
  • 12:20 - “Data Chemistry” & Hidden AI Insights
  • 16:00 - Why Data is Like Uranium (High Risk, High Value)
  • 18:30 - The Copilot Oversharing Problem Explained
  • 20:00 - How AI Exposes Hidden Enterprise Risks
  • 22:15 - Limitations of Traditional Data Controls
  • 24:50 - Need-to-Know Access in the AI Era
  • 28:00 - Why Data Classification is Broken
  • 31:30 - Dynamic Access & Changing Business Context
  • 34:00 - Real-World Enterprise Use Cases
  • 38:30 - AI as a Business Enabler (Not a Blocker)
  • 42:00 - “Department of NO” vs “Department of KNOW”
  • 45:00 - AI, Automation & Security Value
  • 48:30 - Final Takeaways & Key Insights
Segment Six

Incident Response Tabletop Exercises: How CISOs Build Cyber Resilience Before Breach – WC #1

Key Moments
  • 0:00 - Introduction & Webinar Overview
  • 02:00 - What is a Tabletop Exercise?
  • 04:50 - Meet the Expert Panel
  • 06:30 - Why Tabletop Exercises Matter for CISOs
  • 09:30 - Prevention vs Resilience in Cybersecurity
  • 11:45 - Real Incident Failures & Lessons Learned
  • 13:00 - Why Simulation is Critical for Crisis Response
  • 17:00 - Minimizing Business Impact During Incidents
  • 20:00 - Communication Risks & Public Response
  • 23:15 - Who Should Be Involved in Tabletop Exercises?
  • 26:20 - Building an Effective Incident Response Team
  • 30:00 - Leadership vs Technical Roles in a Crisis
  • 33:00 - Common Mistakes in Incident Response
  • 36:40 - Metrics That Actually Matter in Tabletops
  • 40:20 - The Role of the Incident Commander
  • 43:20 - Post-Tabletop Review & Lessons Learned
  • 47:40 - Improving Processes & Decision-Making
  • 51:30 - How to Get Started with Tabletop Exercises
  • 55:00 - Final Takeaways & Expert Advice
Segment Seven

Cyber Insurance Explained: What CISOs MUST Know Before a Breach – WC #1

Key Moments
  • 0:00 - Introduction & Webinar Overview
  • 02:00 - What is Cyber Insurance?
  • 06:00 - Meet the Expert Panel
  • 09:00 - Cyber Insurance Market Growth Explained
  • 11:20 - Why Cyber Insurance Matters for Businesses
  • 13:30 - Common Misconceptions About Coverage
  • 16:40 - What Cyber Insurance Does (and Doesn’t) Cover
  • 20:20 - Why Policies Often Fail During Claims
  • 22:30 - Key Security Requirements (MFA, Controls, etc.)
  • 25:50 - How to Align Security with Insurance Policies
  • 28:20 - Working Across Teams (Legal, Risk, Finance)
  • 31:30 - Understanding Policy Gaps & Exclusions
  • 34:00 - How Insurers Evaluate Your Security Posture
  • 37:00 - Metrics for Measuring Cyber Risk
  • 40:00 - How Much Cyber Insurance Do You Need?
  • 43:50 - AI, Emerging Threats & Insurance Impact
  • 47:30 - Common Reasons Claims Get Denied
  • 50:00 - Third-Party Risk & Vendor Requirements
  • 53:30 - Real-World Lessons & Case Scenarios
  • 56:00 - Final Takeaways & Expert Advice
Segment Eight

Attack Surface Management Explained: Why You Don’t Know What You Own – WC #1

Key Moments
  • 0:00 - Introduction: The Attack Surface Problem
  • 03:00 - Why Attack Surface Exploded Post-Pandemic
  • 06:00 - Everything is an Attack Surface (Not Just Devices)
  • 09:00 - The Visibility Problem (You Can’t Secure What You Can’t See)
  • 12:00 - Unknown Assets: The Biggest Risk
  • 15:00 - How to Justify Budget for “Unknown” Risk
  • 18:00 - Asset Inventory is the Foundation
  • 21:00 - Prioritization: What Actually Matters
  • 24:00 - Crown Jewels vs Everything Else
  • 27:00 - Winning Buy-In Across Teams
  • 30:00 - Rogue Systems & Shadow IT
  • 33:00 - Detecting Unauthorized Assets
  • 36:00 - Identity as Attack Surface (Critical Insight)
  • 39:00 - Data-Centric Security Approach
  • 42:00 - Vulnerabilities vs Exposures (Key Shift)
  • 45:00 - How to Reduce 100K Vulns to What Matters
  • 48:00 - Third-Party & SaaS Risk Challenges
  • 51:00 - Where Attack Surface Management is Going
  • 54:00 - First Steps to Get Started
  • 57:00 - Final Takeaways
Segment Nine

AI Governance Explained: How to Secure Data, Control Risk & Stay Compliant – WC #1

Key Moments
  • 0:00 - Introduction & AI Governance Overview
  • 02:20 - What is AI Governance?
  • 04:30 - Why AI Adoption is Outpacing Security
  • 06:00 - “Data is the New Uranium” Explained
  • 07:00 - Why Data Governance is Critical for AI
  • 08:20 - Discovery & Classification of Sensitive Data
  • 10:00 - Risks of Feeding AI the Wrong Data
  • 11:30 - Shadow AI & Enterprise Visibility Challenges
  • 13:00 - AI Tools vs Internal AI Systems
  • 14:30 - Real-World Data Exposure Examples
  • 16:30 - AI Regulations (GDPR, EU AI Act, NIST)
  • 19:00 - AI Compliance & Risk Frameworks
  • 21:00 - Building an AI Usage Policy
  • 24:00 - Employee Risk & Data Leakage via AI
  • 27:00 - Internal AI vs Public AI Tools
  • 29:00 - Data Governance at Scale (Enterprise Example)
  • 32:00 - Data Catalogs & Data Visibility Explained
  • 35:00 - AI + Data = Hidden Risk Multipliers
  • 38:00 - Who Owns AI Governance? (Security vs Data vs Legal)
  • 41:00 - AI Governance Challenges Across Organizations
  • 44:00 - Future of AI Governance & Regulation
  • 47:00 - Final Takeaways & Key Lessons
Segment Ten

Mainframe Security Gaps: Why Your IAM Strategy is Failing (And How to Fix It) – WC #1

Key Moments
  • 0:00 - Introduction & Topic Overview
  • 03:15 - Mainframe Security Today Explained
  • 05:00 - IAM Blind Spots in Mainframes
  • 07:00 - Why Mainframes Are Still Critical (90% of Transactions)
  • 09:00 - Siloed IAM: Enterprise vs Mainframe
  • 12:00 - Real-World Access Control Failures
  • 15:00 - Regulatory Pressure (PCI DSS, MFA, DORA)
  • 18:30 - Why MFA is Now Mandatory
  • 21:00 - Why Mainframes Are Falling Behind Security
  • 23:00 - Security by Obscurity is Dead
  • 25:00 - Bridging Enterprise IAM with Mainframes
  • 28:00 - Zero Trust & Mainframe Access
  • 31:00 - Credential Theft & Insider Risk
  • 34:00 - Limiting Access & User Capabilities
  • 36:30 - Observability & Detecting Threats
  • 39:00 - Modernizing Mainframe Security (Without Disruption)
  • 42:00 - How MFA & SSO Work with Mainframes
  • 45:00 - Real Enterprise Use Cases
  • 48:00 - Challenges of Legacy Systems
  • 51:00 - Final Takeaways & Key Insights
Segment Eleven

Wireless Attacks on AI Data Centers: The Hidden Threat No One Is Watching – WC #1

Key Moments
  • 0:00 - Introduction & Topic Overview
  • 02:30 - What is an AI Data Center?
  • 05:00 - Why AI Infrastructure is a Target
  • 07:30 - The Value of AI Data (Crown Jewels)
  • 09:30 - Why Wireless Attacks Are Rising
  • 12:00 - Drone-Based Wireless Attacks Explained
  • 14:30 - Hidden Wireless Devices in Data Centers
  • 17:00 - IoT, Bluetooth & Rogue Access Points
  • 20:00 - Multi-Protocol Devices (WiFi, Zigbee, Cellular)
  • 23:00 - Real-World Attack Scenarios
  • 26:00 - Why Security Teams Miss Wireless Threats
  • 29:00 - The “You Have Wireless You Don’t Know About” Reality
  • 32:00 - Data Exfiltration via Hotspots & Cellular
  • 35:00 - AI-Powered Attacks & Automation
  • 38:00 - Human Risk & Insider Threats
  • 41:00 - Why Traditional Security Fails Here
  • 44:00 - Zero Trust & Segmentation Strategies
  • 47:00 - Monitoring & Detection Gaps
  • 50:00 - Best Practices for Wireless Security
  • 53:00 - Final Takeaways & Future Threats
Segment Twelve

Why One-Size-Fits-All Security Fails (And How to Reduce Your Attack Surface) – WC #1

Key Moments
  • 0:00 - Introduction & Topic Overview
  • 02:30 - Why One-Size-Fits-All Security Fails
  • 05:00 - Bitdefender’s Approach to Security Evolution
  • 07:30 - Detection vs Prevention: The Shift Back
  • 10:00 - How Attackers Exploit Legitimate Tools
  • 12:30 - Alert Fatigue & Resource Constraints
  • 15:00 - The Problem with Static Security Policies
  • 18:00 - What is Attack Surface Reduction?
  • 20:30 - Introducing Proactive Hardening (Phaser)
  • 23:00 - Individualized Security Policies Explained
  • 26:30 - Real-World Example: Blocking Lateral Movement
  • 29:00 - Living-off-the-Land Attacks (PowerShell, BitsAdmin)
  • 32:00 - Reducing Risk Without Adding Complexity
  • 35:00 - ROI: Making Existing Security Tools Better
  • 38:00 - Security Team Burnout & Operational Challenges
  • 41:00 - Why Prevention Improves Security Outcomes
  • 44:00 - AI, Automation & Future Security Risks
  • 47:00 - Final Takeaways & Key Insights
Segment Thirteen

Info Stealer Malware Explained: How Hackers Steal Your Data & Bypass MFA – WC #1

Key Moments
  • 0:00 - Introduction & Webinar Overview
  • 02:30 - What is Threat Intelligence Today?
  • 05:00 - How Cybercriminal Ecosystems Work
  • 08:00 - What Are Info Stealers? (Simple Explanation)
  • 12:00 - From Banking Trojans to Info Stealers
  • 15:00 - Why Attackers Shifted Away from Credit Cards
  • 18:00 - How Info Stealers Actually Work
  • 21:30 - Session Hijacking & MFA Bypass Explained
  • 25:00 - The Rise of Cybercrime-as-a-Service
  • 29:00 - Initial Access Brokers & Attack Chains
  • 32:00 - How Credentials Are Sold on Dark Markets
  • 36:00 - RedLine, Luma & Top Info Stealer Malware
  • 40:00 - Why Malware Gets Shut Down (and Comes Back)
  • 43:00 - Common Infection Methods (Phishing, Cracked Software)
  • 46:30 - Vulnerabilities vs Phishing: What’s Growing Faster?
  • 49:30 - Supply Chain & Third-Party Risk
  • 52:00 - Real-World Attack Examples
  • 55:00 - How to Defend Against Info Stealers
  • 58:00 - Final Takeaways & Key Insights
Segment Fourteen

AI-Generated Code Security Risks: Why “Vibe Coding” Can Break Your App – WC #1

Key Moments
  • 0:00 - Introduction & AI Code Security Overview
  • 01:50 - What is “Vibe Coding”?
  • 04:30 - AI vs Human Coding Errors
  • 07:00 - Real-World Vibe Coding Security Failure
  • 10:30 - API Key Leaks & Common Vulnerabilities
  • 13:00 - OWASP Top 10 vs AI-Specific Risks
  • 16:00 - New AI Attack Vectors (Prompt Injection, Slop Squatting)
  • 20:30 - Hallucinations & Misinformation Risks
  • 23:00 - Supply Chain Attacks in AI Code
  • 25:30 - AI “Gaslighting” Developers Explained
  • 28:00 - Context Windows & AI Limitations
  • 31:30 - Secure Coding Pipelines & Guardrails
  • 35:00 - Prompt Engineering for Security
  • 38:00 - AI Code Reviews vs Human Reviews
  • 41:00 - Developer Skill Gaps & AI Overreliance
  • 44:00 - Shadow AI & Enterprise Risk
  • 47:00 - Security Metrics for AI-Generated Code
  • 49:30 - Best Use Cases for AI in Development
  • 52:00 - Final Takeaways & Security Best Practices
Segment Fifteen

AI Identity Security: The Hidden Risks of Non-Human Identities & Agents – WC #1

Key Moments
  • 0:00 - Introduction & Identity Security Overview
  • 02:30 - Identity is the New Perimeter
  • 05:00 - SaaS Explosion & Identity Sprawl
  • 08:00 - Shadow IT & Unmanaged Applications
  • 11:00 - AI Agents & Non-Human Identities Explained
  • 14:00 - New Attack Vectors with AI Agents
  • 17:00 - How Attackers Use AI Inside Your Environment
  • 20:00 - Identity-Based Attacks & Credential Abuse
  • 23:00 - AI Agents Acting on Your Behalf (Risk Explained)
  • 26:00 - Authentication Challenges (Human vs AI)
  • 29:00 - Deepfakes, Biometrics & Identity Risks
  • 32:00 - Visibility: The #1 Security Gap
  • 35:00 - AI Governance: Purpose, Risk & Controls
  • 38:00 - Securing AI Agents (Access, Ownership, Audit Trails)
  • 41:00 - MCP Servers & AI Infrastructure Explained
  • 44:00 - AI Security Posture Management Demo
  • 47:00 - Managing AI Identities & Access Chains
  • 50:00 - Real-World Use Cases & Benefits of AI in Security
  • 53:00 - Final Takeaways & Future of Identity Security
Segment Sixteen

Browser Security Explained: How Attackers Steal Sessions, Bypass MFA & Phish Users – WC #1

Key Moments
  • 0:00 - Introduction & Why Browser Security Matters
  • 01:40 - What Push Security Does in the Browser
  • 03:10 - Why the Browser Is a Major Attack Target
  • 05:45 - Why Traditional Security Tools Miss Browser Threats
  • 09:00 - Research-Led Security & Attacker Tradecraft
  • 13:10 - Session Hijacking & Stolen Browser Sessions
  • 16:20 - OAuth Abuse & Post-Authentication Risk
  • 17:05 - MFA Downgrade Attacks Explained
  • 21:40 - ClickFix & FileFix Attacks
  • 25:00 - Browser-Based Phishing Outside Email
  • 29:10 - Real-Time Detection & Browser Intervention
  • 32:10 - Protecting Passwords in the Browser
  • 35:10 - Fish Kits, Evilginx & Credential Harvesting
  • 39:15 - Password Managers, Autofill & Risk
  • 42:00 - Browser Coverage, Platforms & Extension Controls
  • 47:00 - Passkeys, SaaS Sprawl & Identity Gaps
  • 51:10 - Product Direction & Future of Browser Security
  • 59:20 - Final Takeaways
Segment Seventeen

AI Code Security: Why AppSec Must Evolve for the Era of AI-Generated Code – WC #1

Key Moments
  • 0:00 - Introduction & Why AI Changes AppSec
  • 02:10 - Why Developers Are Already Overwhelmed
  • 04:10 - How AI Coding Assistants Multiply Risk
  • 07:10 - More Code, More Pull Requests, More Findings
  • 09:20 - Trust, Provenance & AI-Generated Code
  • 11:40 - Why Traditional AppSec Workflows Break
  • 14:50 - The Need for a New AppSec Model
  • 17:00 - AI Risk vs Business Pressure to Ship Faster
  • 20:00 - Why “Scan More” Won’t Solve This
  • 22:10 - Context Matters More Than Code Alone
  • 24:00 - How AI Can Help with Threat Modeling
  • 27:00 - Guardrails, ASPM & IDE-Native Security
  • 29:00 - The Rise of Contextual Security Engineering
  • 31:30 - Secure-by-Design in the AI Era
  • 34:00 - Why Developer Experience Matters
  • 36:20 - Reducing Noise & Building Developer Trust
  • 39:00 - AI for Autofix, Review & Risk Reduction
  • 42:00 - Measuring Success: Fewer Findings, Better Outcomes
  • 45:10 - What CISOs Should Expect Next
  • 48:00 - The Future of AppSec with AI
  • 51:20 - Final Takeaways
Segment Eighteen

Threat Intel & Security Awareness: How to Build a Proactive Cybersecurity Culture – WC #1

Key Moments
  • 0:00 - Introduction: Cybersecurity Awareness Month
  • 02:00 - Why Awareness Alone Isn’t Enough
  • 04:50 - Role of Threat Intelligence in Security
  • 06:20 - Detection, Prevention & Prioritization
  • 09:00 - The 3 Types of Threat Intelligence
  • 11:40 - Using Threat Intel in Awareness Training
  • 14:10 - Why Employees Don’t Retain Training
  • 16:00 - Real-World Phishing & Seasonal Attacks
  • 18:30 - Internal Threat Intelligence Goldmines
  • 21:00 - Turning Incident Data into Insight
  • 24:00 - Challenges Operationalizing Threat Intel
  • 27:00 - Strategic vs Tactical Intelligence
  • 30:00 - Noise, False Positives & Trust Issues
  • 32:20 - Making Non-Technical Staff Care
  • 34:30 - Real-World Security Blind Spots
  • 35:30 - KPIs That Actually Matter
  • 38:00 - Preventing Awareness Fatigue
  • 40:00 - Biggest Misconceptions About Threat Intel
  • 41:20 - Low-Cost Ways to Start Today
  • 45:50 - Key Takeaways & Final Advice
Segment Nineteen

Vulnerability Management is Broken: How to Reduce Risk (Not Just CVEs) in Containers – WC #1

Key Moments
  • 0:00 - Introduction & Topic: Risk vs CVEs
  • 02:30 - Why Vulnerability Volume Is Exploding
  • 05:00 - Containers vs Traditional Patching
  • 07:30 - Dev vs Security Friction Explained
  • 10:30 - Why Only 10% of Vulnerabilities Get Fixed
  • 13:00 - Prioritization, Exploitability & Reality
  • 16:00 - Why CVSS Alone Isn’t Enough
  • 18:30 - The Problem with “Noise” in Security
  • 21:00 - Rethinking Vulnerability Management
  • 23:00 - Minimus Approach: Minimal Containers
  • 25:30 - Reducing Attack Surface at the Source
  • 27:30 - Mean Time to CVE Explained
  • 30:00 - Why Less Software = Less Risk
  • 32:30 - Developer Experience & Better Signal
  • 35:00 - Real Example: Faster Patch Turnaround
  • 38:00 - Hardening vs Reduction Explained
  • 41:00 - Why Old Vulnerabilities Keep Reappearing
  • 44:30 - Dependency Hell & Supply Chain Risk
  • 47:30 - How Adoption Actually Works
  • 50:00 - Security + Dev Collaboration Model
  • 52:00 - Key Takeaways & Final Thoughts
Segment Twenty

AI is Writing Your Code… And It’s Insecure | The New AppSec Reality – WC #1

Key Moments
  • 0:00 - Introduction: AppSec Meets AI
  • 02:00 - AI is Now Writing Code—What Changes?
  • 04:00 - Faster Development, Bigger Risks
  • 06:00 - Why AI Generates Insecure Code
  • 08:30 - The “Volume Problem” in Security
  • 10:00 - Hallucinations & Slop Squatting
  • 12:00 - Prompt Injection Explained (Real Attacks)
  • 15:00 - Camel Leak: Hidden Instructions in Code
  • 18:00 - AI Agents as Security Risks
  • 20:00 - Data Exfiltration via AI Tools
  • 22:00 - MCPs: The New Attack Surface
  • 25:00 - Why AI is Like a Phishable Employee
  • 27:00 - Losing Understanding of Code
  • 30:00 - Can AI Be Trusted in Security?
  • 33:00 - Using AI for AppSec (The Right Way)
  • 36:00 - Governance: The Missing Layer
  • 39:00 - Traditional Controls Still Matter
  • 41:30 - “Just Add: Make It Secure” (Seriously)
  • 44:00 - Prompt Engineering as a Security Control
  • 47:00 - Monitoring & AI Guardrails
  • 50:00 - The Future of Secure AI Development
  • 52:00 - Key Takeaways & Final Advice
Segment 21

Vulnerability Management is Broken (Here’s How to Fix It) – WC #1

Key Moments
  • 0:00 - Introduction: Why Vulnerability Management is Broken
  • 02:30 - What “Vulnerability Management” Really Means Today
  • 05:00 - CVEs vs Real-World Risk (Huge Gap)
  • 08:00 - Why Most Vulnerabilities Don’t Matter
  • 10:00 - EPSS, CVSS, and Broken Prioritization
  • 13:00 - The First Scan Problem (Millions of Findings)
  • 16:00 - Why Your Scanner is Missing Half Your Environment
  • 18:30 - Auth Failures = Your Biggest Risk
  • 21:00 - Default Credentials & “Invisible” Vulnerabilities
  • 24:00 - Why Pentests and Scanners Don’t Overlap
  • 27:00 - How Attackers Actually Get In
  • 30:00 - Only a Few CVEs Actually Matter
  • 33:00 - The “Too Much Data” Problem
  • 36:00 - Risk-Based Vulnerability Management (Flaws)
  • 39:00 - Asset Visibility is Everything
  • 42:00 - Finding Unknown Assets (Real Techniques)
  • 45:00 - External Attack Surface vs Internal Reality
  • 48:00 - Intel-Driven vs Scan-Driven Security
  • 51:00 - Rapid Response vs Traditional Scanning
  • 54:00 - How to Tell If Your Program is Broken
  • 57:00 - Final Takeaways: What Actually Works
Segment 22

SSH Keys Are a Silent Security Risk: The Machine Identity Crisis Explained – WC #1

Key Moments
  • 0:00 - Introduction: The Hidden Risk of SSH Keys
  • 02:00 - What Are Machine Identities?
  • 05:00 - Why Machine Identities Outnumber Humans 100:1
  • 07:30 - SSH Keys: From Convenience to Security Risk
  • 10:00 - Key Sprawl & Lack of Visibility
  • 13:00 - How Attackers Exploit SSH Keys
  • 16:00 - Info Stealers & Lateral Movement
  • 19:00 - Why SSH Keys Bypass Traditional Security
  • 22:00 - The Audit Problem: Failing Without Knowing Why
  • 25:00 - Shadow Access: Keys Outside Identity Systems
  • 28:00 - Why Identity Teams Miss Machine Identities
  • 31:00 - Zero Trust for Machines (Not Just Humans)
  • 34:00 - Certificates vs SSH Keys (Big Shift)
  • 37:00 - Just-in-Time Access Explained
  • 40:00 - Real-World Risk: Outages & Breaches
  • 43:00 - Compliance Pressure (PCI, SOC2, HIPAA)
  • 46:00 - Discovery: Finding Keys Across Your Environment
  • 49:00 - Key Features to Look For in Solutions
  • 52:00 - KPIs: How to Measure Improvement
  • 55:00 - First Steps to Fix the Problem
  • 58:00 - Final Takeaways
Segment 23

Rethinking Email Security in the AI Era How Modern Phishing Bypasses Traditional SEGs – WC #1

Key Moments
  • 0:00 - Intro
  • 04:00 - Evolution of email threats
  • 08:00 - AI-powered phishing
  • 14:00 - Why traditional SEGs fail
  • 22:00 - Behavioral AI explained
  • 31:00 - Operational benefits
  • 37:00 - Collaboration app threats
  • 57:00 - What buyers should look for
Segment 24

Shadow AI Risks Explained: Securing AI Agents, MCP & Enterprise Data – WC #1

Key Moments
  • 0:00 - Introduction
  • 03:30 - What Is Shadow AI?
  • 11:00 - AI Agents & Security Risks
  • 19:00 - AI Threat Landscape
  • 27:00 - AI Visibility & Logging
  • 32:00 - AI Security Frameworks
  • 41:00 - Enterprise AI Governance
  • 46:00 - AI Data Leakage Risks
  • 56:00 - Best Practices for CISOs
Segment 26

Securing AI Agents & Non-Human Identities | The Next IAM Challenge – WC #1

Key Moments
  • 0:00 - Intro
  • 06:40 - What Are Non-Human Identities?
  • 12:10 - Why NHIs Are Exploding
  • 22:50 - AI Agents: Asset or Liability?
  • 31:40 - Just-in-Time Access for AI
  • 39:20 - NHIs and Zero Trust
  • 45:00 - Where CISOs Should Start
  • 48:45 - Lightning Round
  • 52:50 - Explaining AI Identity Risk to Boards
  • 55:00 - Final Advice for Security Leaders
Segment 27

Autonomous IT & AI Automation: How to Build Trust at Enterprise Scale – WC #1

Key Moments
  • 0:00 - Intro
  • 02:50 - Why Enterprise Automation Stalls
  • 07:45 - AI vs Traditional Automation
  • 12:00 - Real-Time Visibility & Patch Management
  • 18:00 - IT and Security Team Alignment
  • 28:00 - Building Confidence in Automation
  • 35:00 - Rollback & Guardrails
  • 43:30 - AI-Generated Playbooks
  • 49:00 - Continuous Compliance Automation
  • 54:00 - Where Enterprises Should Start
Segment 28

AI in Network Security: Solving Alert Fatigue or Creating New Risks? – Mandy Logan – WC #1

Key Moments
  • 0:00 - Introduction: AI in Network Security
  • 02:30 - Pre-AI Challenges: Skills Gap & Talent Shortage
  • 05:00 - Alert Fatigue & False Positives Problem
  • 07:30 - Dwell Time & Detection Delays
  • 10:00 - What AI Actually Improves Today
  • 12:30 - Reducing False Positives (70–80%)
  • 15:00 - AI for Alert Triage & SOC Efficiency
  • 18:00 - AI vs Attackers: Faster Threat Evolution
  • 21:00 - The “Unknown Behavior” Problem
  • 24:00 - AI Blind Spots & Explainability Gap
  • 27:00 - Using AI to Defend Against AI
  • 30:00 - AI as a Security Identity (New Risk Model)
  • 33:00 - Agentic AI & Autonomous Decisions
  • 36:00 - Overreliance on AI (Skills Degradation)
  • 39:00 - Practical Strategies for Secure AI Use
  • 42:00 - AI Governance & Cross-Functional Security
  • 45:00 - SMB Risk: Why Everyone Is a Target Now
  • 48:00 - Building Resilience Against AI Attacks
  • 51:00 - Key Takeaways & Final Thoughts
Guest
Brainstem Hacker and InfoSec Enthusiast at Redacted

Advanced, multi-faceted professional with background in SWPP, construction management, functional architect/engineer to field liaison ship, commercial design, and marketing/business development. Re-entering world following fantastic recovery from intense injuries. Using experience and drive to focus on data science, tech development for non-verbal autistics, biohacking and building up the information security community. I’m a fighter, a comic, and a re-abled person through and through, with desire for positive change everywhere I go.

Segment 29

Cybersecurity Trends for 2026: AI Hype, Exposure Management & Resilience – WC #1

Key Moments
  • 0:00 - Intro & Favorite Concerts
  • 05:20 - AI Hype vs Reality
  • 13:15 - Agentic AI in Security
  • 18:00 - Shift Left & Security Champions
  • 27:00 - Exposure Management Explained
  • 35:00 - Most Underrated Security Trends
  • 44:00 - 2026 Security Priorities
  • 52:00 - What Vendors Are Missing
Segment 30

SOC Communication Failures: Why SIEM Projects Break Down | Sumo Logic – WC #1

Key Moments
  • 0:00 - Intro
  • 03:00 - Why SIEM Deployments Fail
  • 09:00 - SOC Burnout vs Alert Fatigue
  • 18:00 - AI for Detection Engineering
  • 27:00 - Why Most AI Security Tools Disappoint
  • 33:00 - SIEM Evaluation Best Practices
  • 45:00 - Improving SOC Communication
  • 56:00 - Final Advice for Security Teams
Segment 31

Agentic AI, Identity Security & Trust: Managing Human and AI Risk – WC #1

Key Moments
  • 0:00 - Introduction
  • 02:00 - Is Identity Still the Security Perimeter?
  • 03:30 - Generative AI vs Agentic AI
  • 06:00 - Securing AI Identities and Data Access
  • 08:20 - Can Agentic AI Make Unauthorized Decisions?
  • 12:35 - Non-Human Identities and Synthetic Identities
  • 17:00 - Trust But Verify: Managing AI Agents
  • 23:20 - AI for Threat Detection and Defense
  • 28:00 - Future of AI Security
  • 30:15 - AI Security Frameworks: NIST, OWASP & CSA
Segment 32

Why Trust & Data Integrity Are Critical for AI in Government | CISA Insights – WC #1

Key Moments
  • 0:00 - Introduction
  • 04:53 - The Trust Deficit in AI
  • 07:56 - Building AI Resilience
  • 11:14 - Data Integration & Replication
  • 14:23 - CISA's AI Governance Framework
  • 22:24 - Breaking Down Data Silos
  • 25:10 - Monitoring AI Systems
  • 31:11 - Detecting AI Manipulation
  • 36:46 - AI Readiness & Data Foundations
  • 40:55 - Auditing AI Systems
  • 43:15 - Key Takeaways
Segment 33

AI Accelerated DevSecOps: Building AI Trust Without Slowing Innovation – WC #1

Key Moments
  • 0:00 - Introduction
  • 03:30 - The AI Revolution in Software Development
  • 10:15 - Why Traditional DevSecOps Isn't Enough
  • 18:40 - AI Trust and Modern AppSec
  • 27:15 - The Evolution of Developer Roles
  • 35:20 - AI-Accelerated DevSecOps Framework
  • 45:10 - Fact Engine, Flow Engine & Threat Engine
  • 53:45 - Future of AI-Powered Security
  • 58:30 - Key Takeaways
Segment 35

How Cortex XDR & Unit 42 MDR Stop Modern Cyberattacks Faster – WC #1

Key Moments
  • 0:00 - Introduction
  • 01:22 - Unit 42 Threat Report Highlights
  • 06:28 - Why Traditional SOCs Are Struggling
  • 09:44 - What Is Cortex XDR?
  • 12:46 - How Unit 42 MDR Works
  • 19:47 - Correlating Threat Data Across Systems
  • 23:44 - Real-World Threat Hunting Examples
  • 29:02 - Reducing Alert Fatigue
  • 30:48 - Green Bay Packers Case Study
  • 34:55 - Key Takeaways for CISOs
  • 39:27 - Managed XSIAM Explained
  • 42:09 - Final Thoughts
Segment 36

Mainframe Security & Compliance: MFA, PCI DSS & Regulatory Readiness – WC #1

Key Moments
  • 0:00 - Introduction
  • 02:00 - Key Security Regulations Impacting Mainframes
  • 09:30 - What Data Lives on Mainframes?
  • 18:10 - Passwordless Authentication & MFA
  • 23:20 - Compliance Challenges & Compensating Controls
  • 29:00 - Protecting PII & Sensitive Data
  • 38:00 - Modernizing Mainframe Security
  • 45:30 - Recommendations for Security Teams
  • 48:00 - Final Takeaways
Segment 37

Cyberhaven Panelcast – WC #1

Key Moments
  • 0:00 - Introduction
  • 02:30 - How Generative AI Changed Data Security
  • 08:45 - Evolution from Legacy DLP to Next-Gen DSPM
  • 12:10 - Data Classification, Context & Lineage
  • 20:30 - Managing Data Sprawl and Risk
  • 25:00 - Reducing False Positives with AI
  • 31:45 - Natural Language Security Policies
  • 40:20 - Real-Time Data Discovery
  • 43:40 - Measuring Data Security Success
  • 53:20 - Building a Modern Data Security Program
  • 59:10 - Final Thoughts
Segment 38

Exposure Management Explained: Reduce Risk with Attack Path Analysis – WC #1

Key Moments
  • 0:00 - Introduction
  • 03:13 - What Is Exposure Management?
  • 08:04 - Beyond Traditional Vulnerability Management
  • 15:32 - Connecting Internal and External Attack Surfaces
  • 20:32 - Automated Remediation and AI
  • 23:47 - Integrating Security Tools and Context
  • 27:53 - Responding to Emerging Threats
  • 34:26 - Building Trust in Security Automation
  • 41:10 - Validating Real-World Exploitability
  • 47:41 - Secrets, Data Security, and Attack Paths
  • 55:10 - Operational Benefits of Exposure Management
  • 58:43 - Measuring Risk Reduction
  • 1:03:37 - Closing Thoughts
Segment 39

How Monday.com Saved $400K by Automating Identity & Access Management – WC #1

Key Moments
  • 0:00 - Introduction
  • 01:30 - Identity Security Threat Landscape
  • 05:10 - Why Traditional Identity Tools Fall Short
  • 09:00 - Monday.com's Growth Story
  • 13:10 - Identity Management Challenges at Scale
  • 18:30 - When Manual Processes Become Unsustainable
  • 22:00 - Extending Identity Governance to Every App
  • 26:10 - Before Identity Automation
  • 28:50 - Improving User Experience & Security
  • 33:00 - Measuring ROI: $400K Saved
  • 34:45 - Scaling Identity Automation Across 200 Apps
  • 37:10 - Future of Identity Governance & AI
  • 40:15 - Prioritizing Identity Risk
  • 43:10 - Integrating Identity Automation with Okta
  • 45:20 - Managing Legacy Apps and RPA Challenges
  • 47:50 - Live Demo Invitation
Segment 40

Cyber Threat Intelligence for CISOs: ISACs, Nation-State Threats & Resilience – WC #1

Key Moments
  • 0:00 - Introduction
  • 02:30 - Meet the Panel
  • 08:40 - Why Cyber Threat Intelligence Matters
  • 13:25 - Breaking Down Intelligence Silos
  • 20:10 - Choosing the Right Threat Intelligence Sources
  • 28:15 - Managing Risk Through Threat Intelligence
  • 32:10 - Building Relationships Before an Incident
  • 40:55 - Threat Intelligence KPIs for CISOs
  • 46:45 - Favorite Threat Intelligence Sources
  • 50:40 - How Small Teams Can Leverage Threat Intelligence
  • 54:25 - Final Takeaways
Segment 42

API Security in the Age of AI: Managing Identity, Risk & AI Agents – WC #1

Key Moments
  • 0:00 - Introduction
  • 01:50 - Why AI Is Expanding the AppSec Attack Surface
  • 07:40 - API Security Lessons for AI Security
  • 13:35 - Identity, Least Privilege & AI Agents
  • 20:23 - Do We Need New Security Controls for AI?
  • 23:29 - Can AI Improve Application Security?
  • 29:53 - MCP Servers, Permissions & Risk
  • 33:56 - Why Data Governance Matters for AI
  • 42:03 - Runtime Security & Visibility
  • 45:16 - Selling AI Security to the Business
  • 48:29 - Biggest Mistakes Security Teams Make
  • 52:58 - RSA Preview & Final Thoughts
Segment 43

Identity Attacks Surge 389%: Inside the Industrialization of Cybercrime – WC #1

Key Moments
  • 0:00 - Introduction
  • 03:15 - Why Identity Is the New Perimeter
  • 08:30 - 85% Success Rate Using Valid Credentials
  • 13:25 - Phishing-as-a-Service & Tycoon 2FA
  • 20:25 - IT Impersonation & Vishing Attacks
  • 25:20 - ClickFix & Fileless Malware Delivery
  • 28:15 - The 14-Minute Exploitation Window
  • 31:15 - RMM Abuse & Persistence
  • 36:45 - Most Targeted Industries
  • 42:30 - How AI Helps Defenders
  • 47:15 - Defending Against AI-Powered Threats
  • 52:30 - Fake IT Workers & DPRK Operations
Segment 44

Securing AI-Generated Code: How to Protect Coding Agents & AI Dev Tools – WC #1

Key Moments
  • 0:00 - AI Coding Agents Are Changing Software Development
  • 02:17 - How AI Is Transforming Engineering
  • 06:08 - Why AI Creates New Security Risks
  • 10:14 - Testing AI-Generated Code at Scale
  • 13:56 - Securing the Agents Themselves
  • 20:39 - AI Supply Chain & Prompt Injection Risks
  • 24:28 - Can Traditional Security Still Help?
  • 31:00 - Shadow AI and Agent Visibility
  • 35:06 - The Future of AppSec Teams
  • 42:54 - Why AI Security Will Improve
  • 50:02 - Predictions for AI Development Security
Segment 45

Identity Security in 2026: Stopping Modern Attacks Before They Spread – WC #1

Key Moments
  • 0:00 - Introduction
  • 03:15 - Why Attackers Log In Instead of Hack In
  • 08:25 - Detecting Identity-Based Threats
  • 15:00 - Identity Sprawl & Visibility Challenges
  • 21:05 - Behavioral Analytics & Risk Signals
  • 29:25 - Authorization and AI Agents
  • 38:40 - Non-Human Identities Explained
  • 45:45 - Responding to Identity Threats in Real Time
  • 49:48 - Where Organizations Should Start
  • 53:50 - The Future of AI Agent Identity
Segment 46

Modern Identity Security: JML, Zero Standing Privileges & AI Agents – WC #1

Key Moments
  • 0:00 - Introduction
  • 02:25 - Why Identity Security Matters
  • 04:10 - Understanding Joiners, Movers & Leavers (JML)
  • 08:25 - Privilege Creep and Identity Risk
  • 12:50 - Automating Identity Lifecycle Management
  • 17:55 - AI-Powered Identity Analytics
  • 23:10 - Compliance, Audits & User Access Reviews
  • 28:45 - Modernizing Identity Governance
  • 36:30 - Zero Standing Privileges Explained
  • 39:50 - AI Agents and Identity Security Risks
  • 43:40 - Identity Security Priorities for CISOs
  • 53:30 - The Future of Identity Security Platforms
  • 58:00 - Closing Thoughts
Segment 47

Mobile App Security: Hidden SDK Risks, AI Coding & DevSecOps Best Practices – WC #1

Key Moments
  • 0:00 - Introduction
  • 01:40 - Why Mobile App Security Matters
  • 07:40 - First-Party vs Third-Party Mobile Apps
  • 12:00 - Anatomy of a Mobile App
  • 15:30 - Hidden Risks of SDKs
  • 27:20 - Why Traditional AppSec Misses Mobile Risks
  • 31:00 - Open Source Mobile Security Tools
  • 38:00 - AI-Generated Code Security
  • 53:00 - Building a Continuous Mobile Security Program
Segment 48

Cloud Security & AI: Governance, Automation and Risk for Security Leaders – WC #1

Key Moments
  • 0:00 - Introduction
  • 05:30 - AI's Impact on Cloud Security
  • 08:00 - Building Trust in AI
  • 16:45 - AI for Security Operations
  • 24:10 - AI Governance & Guardrails
  • 32:30 - Risks of AI in Cloud Environments
  • 38:50 - Balancing Innovation and Compliance
  • 44:20 - Lightning Round
  • 47:20 - Audience Q&A
  • 54:55 - Blink Ops Overview
  • 57:40 - Closing Remarks
Segment 49

Managing AI Agent Risks: Identity Security & Governance at Enterprise Scale – WC #1

Key Moments
  • 0:00 - Introduction
  • 02:00 - Why AI Changes Identity Security
  • 05:45 - AI Agents vs. Machine Identities
  • 09:50 - Multi-Agent Architectures
  • 15:10 - AI Governance Challenges
  • 20:00 - Shadow AI & Enterprise Visibility
  • 26:45 - AI Agent Lifecycle Management
  • 33:20 - Identity Governance Best Practices
  • 39:20 - AI Visibility & Monitoring
  • 45:10 - Asset Ownership & Agent Discovery
  • 51:40 - Three-Agent Governance Workshop
  • 56:20 - Closing Remarks

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

You can skip this ad in 5 seconds