How identity security can keep pace with the evolving threat landscape, with Brett Winterford

Today’s threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team’s most recent investigations, as well as recommendations for organizations looking to strengthen their defenses.

Segment Resources

• https://www.okta.com/newsroom/articles/okta-threat-intelligence-exposes-genai-s-role-in-dprk-it-scams/
• https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/
• https://sec.okta.com/articles/uncloakingvoidproxy/

How to navigate app development in the AI era with Shiv Ramji

As AI reshapes how applications are built and consumed, developers and engineering leaders face a new set of challenges: enabling innovation while maintaining security. In this interview, Auth0 President Shiv Ramji will discuss the shifting landscape of application development in the AI era. He’ll discuss the shift toward developing AI agents that are secure by design and standards-first so they can thrive within an interconnected web of applications and systems.

How AI agents are reshaping cybersecurity from the inside out with Damon McDougald

AI is being harnessed to transform cybersecurity operations—from automating routine tasks to closing skills gaps and accelerating incident response. Damon McDougald, Global Security Services Lead at Accenture, shares how agents can cut through alert fatigue and proactively defend against threats at scale. Damon also outlines the identity risks these agents introduce—and what cybersecurity leaders must do now to secure their access and maintain control in an increasingly autonomous environment.

All three segments are sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more!

Show Notes: https://securityweekly.com/esw-426

Interview with Tod Beardsley

This interview is sponsored by runZero.

Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM.

Check out https://securityweekly.com/runzero to learn more!

Topic Segment: NPM Incidents

In this week’s topic segment, we’re discussing all the NPM supply chain attacks from the past 3 weeks.

I recently published a roundup of these incidents over on my Substack.

Weekly Enterprise News

Finally, in the enterprise security news,

1. funding and acquisitions are going crazy
2. an exciting new canarytoken
3. banks have a more sedate approach to agentic
4. MCP security
5. the future Subprime Code crash of 2028
6. is security worried about the wrong risks?
7. botnets are back in the headlines
8. some bs research
9. journalists getting duped by AI
10. Animal crossing villagers are organizing against Tom Nook

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-425

Segment 1 - Interview with Jeff Pollard

Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security

For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best:

As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won’t be as simple or as straightforward as mobile and cloud — and that’s bad news for security leaders who in some cases still find themselves challenged by cloud security.

Segment 2 - Weekly News

Then, in the enterprise security news,

1. there’s funding and acquisitions, but we’re not going to talk about them
2. AI’s gonna call the cops on you
3. and everyone’s losing money on it
4. and Anthropic agreed to pay for all the copyright infringement they did when training models
5. and Otter.ai got sued for recording millions of conversations without consent
6. Burger King got embarrassed and their lawyers didn’t like it
7. NPM package mayhem
8. certificate authority hijinks
9. AI darwin awards

All that and more, on this episode of Enterprise Security Weekly.

Segment 3 - Executive Interviews from Black Hat 2025

Interview with Rohit Dhamankar from Fortra

Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape.

Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures.

Whether you’re building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence.

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more!

Interview with Michael Leland from Island

At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity’s most urgent realities: compromised credentials aren’t a possibility — they’re a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren’t “breaking in” anymore… they’re logging in.

Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island’s enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins.

Key takeaways:

• Why credential compromise is inevitable — and how to stop credential use
• How presentation layer DLP prevents data leaks inside and outside apps
• Real-time blocking of phishing logins and unsanctioned SaaS access
• Plug-in risk scoring, version pinning, and selective extension control
• Enabling BYOD securely — even after a catastrophic laptop loss
• Why many users never go back to Chrome, Edge, or Safari after switching

Segment Resources:

• https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials

This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more!

Show Notes: https://securityweekly.com/esw-424

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity’s most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue’s global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere.

Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research.

In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines.

This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them!

Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis’ recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go.

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report!

Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach.

Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh

Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today’s most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces.

This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them!

CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need.

Try runZero free! Get started at https://securityweekly.com/runzerobh

Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms.

To explore Cyware’s new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh.

Show Notes: https://securityweekly.com/esw-423

Interview with Dave Lewis on Security's Role in M&A Due Diligence

In this episode, Dave Lewis from 1Password discusses the critical importance of security in mergers and acquisitions, from due diligence through integration. He explores common pitfalls, essential security assessments, and practical strategies for security leaders to protect organizational value throughout the M&A process.

Topic: The Challenge of Breach Transparency

Every industry concerned with safety has a process for publishing the details of accidents, incidents, and failures. Cybersecurity has yet to reach this milestone, and hiding the details of failures is holding us back. This talk will argue for the need for breach details to go public, and share strategies for finding and using some little-known sources of detailed breach data.

Weekly Enterprise News

Finally, in the enterprise security news,

1. A funding, a few acquisitions, and an IPO for the first time in forever!
2. Attackers are really actually starting to use AI now
3. Some researcher spent all of August poking holes in all the AI tools
4. Someone got Microsoft Copilot to be an accomplice in a coverup
5. Microsoft is making a big change in Azure that will probably break some stuff
6. No, Flipper Zero can’t help you steal your car (just the stuff in it)
7. Domain names are free to register now, maybe?
8. Disgruntled former employee goes to jail
9. AI tricked into doing more bad things

All that and more, on this episode of Enterprise Security Weekly.

This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them!

Show Notes: https://securityweekly.com/esw-422