Business Security Weekly

Zero Trust isn't a new concept, but not one easily implemented. How do organizations transform cybersecurity from a "default allow" model, where everything is permitted unless blocked, to a "default deny" model?

Danny Jenkins, Co-founder and CEO at ThreatLocker, joins Business Security Weekly to discuss this approach. Deny by default means all actions are blocked by default, with only explicitly approved activities allowed. This shift enhances security, reduces vulnerabilities, and sets a new standard for protecting organizations from cyber threats. ‍ Danny will discuss how ThreatLocker not only protects your endpoints and data from zero-day malware, ransomware, and other malicious software, but provides solutions for easy onboarding, management, and eliminates the lengthy approval processes of traditional solutions.

This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!

In the leadership and communications section, Bridging the Gap Between the CISO & the Board of Directors, CISO MindMap 2025: What do InfoSec Professionals Really Do?, How to Prevent Strategy Fatigue, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week, it's double AI interview Monday!

In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption?

Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams.

Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/

In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns?

Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand:

• Regulatory requirements regarding AI
• Build vs. buy decisions
• Security considerations for both build and buy scenarios
• Resources to help guide you

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities.

Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic.

This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them!

Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Cybersecurity teams were under increasing strain in 2024. To alleviate this burden, 2025 will see greater reliance on automation to streamline workflows, enhance threat detection, and accelerate incident response. But some of these investments may come with risks.

Greg Sullivan, Founding Partner at CIOSO Global, joins Business Security Weekly to discuss how the pace of investment will require better risk management. Greg will cover topics, including:

• The seismic C-level shift in interest will require a top-down approach to cybersecurity.
• The focus will shift from external cybersecurity solutions to building in-house resilience.
• The critical criteria needed to drive more refined defenses, smarter resource allocation, and wiser cybersecurity investments.

In the leadership and communications segment, Boards Challenged to Embrace Cybersecurity Oversight, Why Cybersecurity Needs More Business-Minded Leaders, How to Build a Cybersecurity Resume that Gets You Hired, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Organizations continue to suffer from security breaches, too many of which contain a human element. But there’s no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations.

Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including:

• Social Engineering
• Human Error
• Loss/Theft of Physical Assets
• Social Media Compromise
• Insider Risk
• Deep Fake Scams
• Gen AI Misuse
• Narrative Attacks

and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey.

Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/

In the leadership and communications segment, Smart cybersecurity spending and how CISOs can invest where it matters, Grading CISOs: Effective Metrics and Personal Growth Strategies, The Pandemic Proved that Remote Leadership Works, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Noam Krasniansky, the visionary founder of Komposite Blockchain, joins Business Security Weekly to explore Web3's transformative potential. Noam delves into the basics of blockchain technology, Bitcoin and the meteoric rise of Ethereum, and the critical role of decentralized systems in safeguarding brands against counterfeiting—a global issue costing companies $1.7 Trillions annually.

The conversation will shed light on blockchain can be designed to enhance transactional efficiency and security. Noam highlights how verification technologies are key to combating counterfeiting, protecting intellectual property, and fostering trust in an increasingly digital economy. He also provides practical insights into how businesses and individuals can embrace blockchain innovations, redefining digital ownership, the making of new wealth, and empowering communities.

In today’s dynamic markets, innovation is essential to maintaining a competitive edge. As Web3 technologies rapidly advance, businesses must adapt or risk falling behind. Understanding the foundational principles of blockchain is no longer optional—it’s a necessity.

Segment Resources: 1) https://finance.yahoo.com/news/komposite-blockchain-launches-whitepaper-bridge-163600646.html 2) https://www.youtube.com/watch?v=OOokN0XwpWE 3) https://rumble.com/v66x6ly-interview-komposite-a-fix-for-blockchain-limitations.html

In the leadership and communications segment, CISO vs. CIO: Where security and IT leadership clash (and how to fix it), The CISO's bookshelf: 10 must-reads for security leaders, The CISO's bookshelf: 10 must-reads for security leaders, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

After Sophos acquires Secureworks, Sailpoint's IPO saves the index. The Security Weekly 25 index is now made up of the following pure play security vendors:

SAIL SailPoint Ord Shs PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc

In the leadership and communications segment, The CISO Transformation — A Path to Business Leadership, The CISO's dilemma of protecting the enterprise while driving innovation, When Hiring, Emphasize Skills over Degrees, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week: CISOs struggling to balance security, business objectives, Signs Your Organization’s Culture is Hurting Your Cybersecurity, Servant Leadership: Putting Trust at the Center, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification.

In part 1, we discuss the challenges of data inventory and classification, including:

• identifying all data sources within an organization, including databases, applications, cloud storage, physical files, etc., and documenting details like data type, location, and volume
• categorizing all data based on its sensitivity level, usually using classifications like "public," "internal," "confidential," or "restricted," which determines the necessary security measures to protect it
• prioritizing security measures and protecting critical information more effectively

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification.

In part 2, we discuss the steps involved in data inventory and classification, including:

• Data discovery: Identify all data sources across the organization using data mapping tools.
• Data profiling: Analyze data attributes to understand its content and characteristics.
• Data classification: Assign appropriate sensitivity levels to each data set based on predefined criteria.
• Data tagging: Label data assets with their classification level for easy identification.
• Data ownership assignment: Determine who is responsible for managing each data set.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week, we tackle a ton of leadership and communications articles: Why CISOs and Boards Must Speak the Same Language on Cybersecurity, The Hidden Costs of Not Having a Strong Cybersecurity Leader, Why Cybersecurity Is Everyone’s Responsibility, Leadership is an Action, not a Position, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!