Business Security Weekly (Audio)

Attackers are increasingly weaponizing frontier models to accelerate the entire attack lifecycle, with current and emerging models reducing the time and expertise needed to start disruptive attacks. As offensive capabilities become more automated and agentic, organizations will need security programs that are equally autonomous, coordinated and continuous. But where do you start?
Mark Hughes, Global Managing Partner, Cybersecurity Services at IBM, joins Business Security Weekly to discuss autonomous security, the next frontier of cybersecurity services. IBM recently announced IBM Autonomous Security, a separate service that uses AI agents to analyze software exposures and runtime environments. Mark will discuss the fears and hype of AI and how agentic AI agents can identify paths in an enterprise security environment that can be exploited, improve cyber hygiene, and enforce security policies. As frontier models, like Mythos, accelerate attacks, security programs need to respond with speed, at scale, to drive the right business outcomes.
AI Agents for Vulnerability Management Introducing Quantro Security, Inc., a new agentic AI solution bringing AI agents to vulnerability management. The company is focused on applying agentic AI to help address modern security challenges. In this interview, we'll learn more about Quantro Security, Inc., its approach, and what this new solution means for the future of vulnerability management.
This segment is sponsored by Quantro Security. Visit https://securityweekly.com/quantrorsac to learn more about them!
The Guardrails are Gone: The Onus for AI Security Is On the Enterprise AI model providers are increasingly stepping back from enforcing guardrails, putting the responsibility for AI security squarely on enterprises. But most organizations don't yet have the visibility to meet that responsibility, facing a blind spot across the broader ecosystem of AI systems already operating in their environments. Closing that gap requires unified visibility across both AI systems and the cryptographic infrastructure they touch, so security teams can assess risk and act on it in one place.
Visit https://securityweekly.com/sandboxaqrsac to discover how enterprises are taking control of their AI security with AQtive Guard AI-SPM by SandboxAQ.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-445

Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don't like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it's time to rethink cyber literacy.
Craig Taylor, CEO and Co-founder at CyberHoot, joins Business Security Weekly to discuss why we need to shift our Cyber Literacy industry from shame and punishment towards gamification, positive reinforcement, and small rewards. If we truly aspire to change behaviors, then we need a different approach. Craig will discuss how a multi-disciplinary approach rooted in science is the future of training and phishing programs.
Segment Resources:
Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/ Newsletter Registration: https://cyberhoot.com/newsletters/ Blog Articles: https://cyberhoot.com/blog/ Cybrary (Library of 1000+ Cybersecurity Terms in non-technical language): https://cyberhoot.com/cybrary/ Special Podcast Offer: 20% off CyberHoot for 1 year using the podcast's unique coupon code: "Business Security Weekly"
From Reactive to Autonomous: Real-Time Endpoint Intelligence in the Age of AI As organizations experiment with agentic AI and autonomous security operations, many are discovering a difficult reality: AI is only as effective as the data and visibility behind it. Yet most enterprises still struggle to answer basic questions about their endpoints in real time.
In this conversation, we'll explore how IT and security teams are evolving from reactive operations toward proactive, preventative, and ultimately autonomous models. The journey begins with real-time endpoint intelligence—the ability to see, understand, and act across every endpoint in seconds.
This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumrsac to learn more about them!
Hard Truths: The Lies We Keep Buying in Cybersecurity Cybersecurity isn't broken because of a lack of technology—it's broken because the industry avoids hard truths. Fear still drives budgets. AI is oversold as a cure‑all while foundations remain weak, and CISOs are held accountable without the authority to change outcomes. In this conversation, Illumio CEO and founder Andrew Rubin breaks down what must change to build real resilience—because the next breach won't just impact the business, it could end a career.
For more information about Illumio, please visit: https://securityweekly.com/illumiorsac
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-444

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think.
Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers.
Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats.
This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them!
Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business.
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-443

Autonomous AI agents are creating a new attack surface for enterprise security teams, particularly as organizations deploy agents for operational tasks such as customer support automation, data analysis, and incident response. How can we align our Zero Trust initiatives to also address the emerging Agentic AI risks?
John Bruggeman, Consulting CISO at CBTS, joins Business Security Weekly to discuss how your Zero Trust readiness can also prepare you for Agentic AI deployments. Organizations are granting agents access to sensitive systems without the security controls typically required for other Zero Trust initiatives. John will help educate CISOs on what they should be doing now to get ahead of the risk, including:
Agent inventory
Data security controls, including data model poisoning
Agent identity controls, including authorization and access levels
Infrastructure security controls, including MCP servers
Why More Technology Hasn't Made Us More Secure Despite massive investment in cybersecurity tools, organizations remain vulnerable because their existing technologies are often misconfigured, poorly integrated, and disconnected from real operational risk. This keynote argues that complexity, human decision‑making, and gaps in execution—not a lack of products—are what truly empower attackers, especially as modern environments like cloud and SaaS expand the attack surface. Real security comes from simplifying, aligning, and expertly orchestrating what organizations already own, shifting the focus from buying tools to achieving disciplined, resilient outcomes grounded in breach reality.
This segment is sponsored by Fenix24. Visit https://securityweekly.com/fenix24rsac to learn more about them!
Downtime: The New Economic Threat Downtime is costing global enterprises hundreds of billions of dollars in losses annually. Caused by cyber incidents and software failures, enterprise CISOs are searching for strategies and solutions that will accelerate recovery and restoration of business operations after cyber disruptions render systems inoperable.
This segment is sponsored by Absolute Security. Visit https://securityweekly.com/absolutersac to join The Resilient CISO Inner Circle!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-442

Most organizations don't fail because of technology. They fail because decision authority is unclear in the first critical minutes. "Being careful" is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure?
Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss:
Where Paralysis Actually Comes From
What "Being Careful" Looks Like in Practice
Why the First 20 Minutes Matter
How Paralysis Becomes Business Damage
Why Existing Plans Don't Hold
What Actually Fixes It
Then, we rebroadcast two interviews from RSAC 2026.
Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We'll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself.
This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!
Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance.
This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-441