Business Security Weekly (Audio)

The browser has become the primary gateway to work, data, and AI. In this episode, Arunesh Chandra, Head of Product, Microsoft Edge for Business at Microsoft Edges for Business, will discuss why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. Arunesh cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft Edge for Business. Visit https://securityweekly.com/edgeforbusiness to learn more about them! In the leadership and communications segment, CISO role changes as cyber-risk appetites in the C-suite grow, AI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!, 6 Ways Leaders Harness Stress, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-452

The ultimate goal, scale a company to $100M and go IPO. Easier said than done. We've seen some make it and others that get stuck. What's he difference? Joshua Gould, CEO at thebigword, joins Business Security Weekly to discuss how to scale to $100M. From startup to platform, Joshua helps us understand the challenges and how to address them. If you're a founder looking to scale, this is an interview you can't miss. Segment Resources: https://en-gb.thebigword.com/ http://www.youtube.com/@Exec_Craft https://www.linkedin.com/in/joshuadgould/ In the Security Money segment, the Security Weekly Index and NASDAQ set new records. After CyberArk's acquisition, the Security Weekly Index is now comprised of the following 24 companies: SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies Inc FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc NTSK Netskope Inc TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-450

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-448

As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you're closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the board, we are selling. How can influence help? Dan Rochon, Author of Teach to Sell, joins Business Security Weekly to discuss psychology of influence, personal transformation, and how to build trust that converts. Dan will cover the four pillars from his book: Believe (in Yourself) Find Business Build an Organization to Scale Leadership And how they will help you overcome self-doubt, communicate confidently, and build careers that serve your life—not consume it. Segment Resources: Teach to Sell Book: https://www.teachtosellbook.com/ No Broke Months Podcast: https://podcasts.apple.com/us/podcast/no-broke-months-for-salespeople/id1527318879 The Agentic SOC: Autonomous AI Analysts at Machine Speed SOC teams are overwhelmed with the sheer number of alerts and have historically been reactive. Edward will discuss how Dropzone's Agentic SOC deploys autonomous AI agents that investigate every alert, respond to emerging threats, and proactively hunt attackers - without a human bottleneck. He'll explain how agent collaboration, deep recursive investigations, and self-agency expand SOC capacity by 10x without additional headcount. This segment is sponsored by Dropzone AI. Visit https://securityweekly.com/dropzonersac to learn more about them! Browser in the AI Era: Apply Controls Where the Work Happens The browser has become the primary gateway to work, data, and AI. In this episode, we talk about why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. We'll cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft. Visit https://securityweekly.com/microsoftrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-446

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-434

The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on? Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users' accounts. Is there anyway to stop this? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By only allowing users from IP addresses and networks deemed trusted by ThreatLocker to get in—phishing and token theft attacks are rendered useless. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Finance and security leaders are at odds over cyber priorities, and it's harming enterprises, The Importance of Strong Leadership in IT and Cybersecurity Teams, How CIOs [and CISOs] can retain talent as pay growth slows, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-432

The three proactive security principles of visibility, prioritization, and remediation have always been the foundation of vulnerability management teams. But these teams face continuous challenges. How do you address these challenges? Erik Nost, Senior Analyst at Forrester, joins Business Security Weekly to break down the six questions that need to be answered for each proactive security principle: who, what, when, where, why, and how. The introduction of generative AI (genAI) into proactive security promises to provide a broader and speedier ability to answer these questions, providing further opportunities for the proactive security market to grow. In the leadership and communications segment, What the CEO and C-Suite Must Ask Before Building an AI Enabled Enterprise, Don't Underestimate the Value of Professional Friendships, What Kevin Bacon Can Teach You About Cybersecurity Career, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-430