Data Security Decoded

The race for AI dominance has created a dangerous imbalance between business velocity and cyber resilience. In this episode, host Caleb Tolin is joined by Joe Hladik, Head of Rubrik Zero Labs, and Staff Security Researcher Amit Malik to break down the findings of their latest report on agentic adoption. The discussion centers on the Agentic Paradox. This is the technical reality that tools designed to automate high-level tasks are inherently built to find the most efficient path around obstacles, including existing security policies.

A primary focus is implementing a three-layer framework for AI Operations. This model targets the Tool Layer, where agents interact with databases; the Cognitive Layer, which serves as the LLM brain; and the critical Identity Layer. The conversation explores stories in which agents, without malicious intent, have caused catastrophic data loss simply by following an optimized logic path. These instances prove that agents need not be sentient to be destructive when they lack proper human-in-the-loop checkpoints.

Technical hurdles of Identity Resilience are also addressed, specifically the explosion of non-human identities that spin up and down like elastic cloud infrastructure. The episode examines the fear index regarding job security, noting that 92% of leaders fear for their roles post-breach. Joe and Amit join Caleb to explore the evolution of personal liability for CISOs and the urgent need to move from basic visibility to deep observability. This is a forward-looking briefing for leaders who recognize that, in an era of autonomous routines, the human must remain the ultimate command-and-control center.

What You’ll Learn


Define the agentic paradox to understand why AI efficiency naturally compromises traditional security guardrails.


Implement a three-layer framework to secure the tool, cognitive, and identity components of AI.


Transition from basic visibility to deep observability to track autonomous decision-making in real time.


Mitigate prompt injection risks by auditing the input and output flows of the cognitive layer.


Utilize ephemeral containers to sandbox agentic tools and prevent unauthorized database alterations.


Manage the elasticity of non-human identities to maintain control over rapidly spinning AI agents.


Anchor AI operations with human-in-the-loop checkpoints to ensure integrity during high-stakes executions.

Episode Highlights


Defining the Agentic Identity and Autonomous Routines


Revenue vs. Resilience: The Drivers of AI Urgency


The Three-Layer Framework for Agentic Defense


Shadow AI and the Rise of Invisible Insider Threats


The Context Gap: Why Rolling Back AI Actions is Hard


The CISO Fear Index and Personal Liability Post-Breach


Visibility vs. Observability in Elastic Identity Environments

Adversaries are already logging into your network using your own admin credentials. In this episode, Caleb Tolin sits down with Allison Wikoff to move past the identity clichés and analyze the specific behavioral signals that separate routine IT maintenance from state-sponsored sabotage. They dissect why resilience is not a flash of genius during a crisis, but a mindset that organizations can adopt to stay ahead of dynamic threat actors.

The conversation explores how attackers are increasingly bypassing traditional controls like MFA and leveraging non-human identities such as service accounts, APIs, and AI agents. These identities often operate with persistent access and elevated privileges, making them highly attractive targets. As AI continues to lower the barrier to entry, adversaries are moving faster and blending more effectively into normal activity, making detection significantly more challenging.

The episode also examines how ransomware, espionage, and sabotage offer different behavioral tells, with data exfiltration now central across multiple threat types. In parallel, organizations must begin preparing for long-term risks like quantum computing, where encrypted data stolen today could be exposed in the future (i.e., “harvest now, decrypt later”_.

Throughout the discussion, practical strategies take center stage. From strengthening identity hygiene and segmentation to improving visibility across users, systems, and third parties, the fundamentals remain critical. The key takeaway is clear. While the threat landscape is evolving, organizations that focus on identity, preparedness, and resilience will be best positioned to reduce risk and recover effectively.

What You’ll Learn


How attackers bypass MFA and blend in using legitimate credentials


Which non-human identities are high-risk targets


How threat actors are leveraging AI to lower the barrier to entry for cybercrime


The difference between ransomware, espionage, and sabotage intent signals


What “harvest now, decrypt later” means for quantum risk


The three hygiene practices that still stop most attacks

Episode Highlights

[00:00:00] The Limits of MFA Why attackers are starting to work around multi-factor authentication

[00:02:00] The Explosion of Non-Human Identities Service accounts, APIs, and AI agents as new attack surfaces

[00:04:00] AI and the Speed of Threats How AI is accelerating reconnaissance and malware creation

[00:05:00] Ransomware vs. Espionage Why data exfiltration is now central to both

[00:06:00] Healthcare Under Pressure Why critical sectors face compounded cyber risk

[00:08:00] Quantum Threats Explained Understanding “harvest now, decrypt later”

[00:11:00] Identity Recovery Challenges Why restoring trust is harder than restoring systems

[00:14:00] The 3 Security Fundamentals Identity hygiene, segmentation, and visibility

Cybersecurity in healthcare is undergoing a critical shift. What was once viewed as a back-office IT concern is now directly tied to patient safety and clinical outcomes. In this episode of Data Security Decoded, host Caleb Tolin sits down with John Fokker, Vice President of Threat Intelligence Strategy at Trellix, to explore new findings that reveal a significant increase in inpatient mortality rates following cyberattacks on hospitals, reframing cybersecurity as a life-or-death issue.

The conversation dives into how attackers infiltrate healthcare environments, often through familiar entry points like email, before moving laterally across interconnected systems. From HVAC units to supply chain logistics, even nonclinical systems can disrupt care delivery when compromised. The discussion highlights how adversaries blend into hospital networks using legitimate tools, making detection increasingly difficult.

We also examine the alarming dwell times seen in healthcare environments and what defenders can do to identify subtle anomalies before they escalate. The episode outlines practical strategies, including stronger email defenses, network segmentation, and proactive threat hunting.

Finally, we confront two uncomfortable truths: apolitical healthcare and humanitarian organizations remain prime targets, and AI introduces both powerful defenses and new risks. The takeaway is clear. Cyber resilience is not optional. It is essential to maintain trust, ensure continuity, and ultimately save lives.

What You’ll Learn


Why cyberattacks in healthcare directly impact patient mortality


How nonclinical systems can disrupt critical care delivery


What long dwell times reveal about attacker behavior


How threat actors use legitimate tools to evade detection


The most effective ways to reduce healthcare attack surfaces


Why email remains the primary entry point for attackers


How to reframe cybersecurity as a patient safety priority

Episode Highlights

00:00 – A Shocking Statistic A 29 percent increase in mortality reframes cyber risk

02:30 – From IT to Patient Safety Why CISOs now have a stronger voice at the board level

05:10 – The Backdoor Problem Nonclinical systems and third parties as attack vectors

09:00 – Living in the Network Understanding long dwell times and stealthy attackers

13:45 – Spotting the Signals Key behavioral indicators defenders should watch

18:20 – Three Steps to Resilience Email security, segmentation, and attack surface reduction

23:10 – Two Inconvenient Truths AI risk and the myth of healthcare immunity

27:00 – Final Takeaway Cybersecurity as operational resilience

In this RSAC Conference recap, Dave Bittner, Host of The CyberWire Daily, joins Data Security Decoded host Caleb Tolin from the guest seat to unpack the biggest theme dominating the conference: artificial intelligence, and, more specifically, agentic AI.

From wall-to-wall AI messaging across San Francisco to in-depth conversations with security leaders and analysts, one thing became clear: the industry has moved past debating whether AI will take hold. It already has. Now, the focus has shifted to making it safe.

Dave shares insights from discussions with vendors, researchers, and intelligence professionals, highlighting a growing consensus around the need for strong guardrails, identity controls, and governance frameworks. As organizations begin deploying AI agents capable of acting autonomously, concerns around misuse, manipulation, and “machine-speed” attacks are accelerating.

The conversation also explores the rise of “shadow AI,” where employees use AI tools outside official oversight, and why banning these tools may backfire. Instead, organizations must embrace visibility and collaboration to manage risk effectively.

Ultimately, this episode captures a pivotal moment for cybersecurity: a transition from experimentation to operational reality. The tools are powerful, the risks are real, and the path forward requires balancing innovation with control while, as Dave puts it, doing everything possible to “limit the blast radius.”

What You’ll Learn


Why AI adoption in cybersecurity has shifted from optional to inevitable


What “agentic AI” means and why it’s a game changer


How identity is becoming the core security layer for AI systems


Why “machine speed” is forcing defenders to rethink workflows


The real risks of AI misuse, including manipulation and prompt injection


How “shadow AI” is emerging inside organizations—and why it matters


Practical ways companies are thinking about AI guardrails and governance

Episode Highlights

[00:00] – Role Reversal at RSA Dave steps into the interviewee seat and kicks things off with a lighthearted karaoke discussion.

[02:15] – RSA Energy Check Why this year’s conference felt more optimistic despite industry uncertainty.

[04:10] – AI Everywhere From billboards to conversations—AI dominates RSA.

[06:00] – Agentic AI Arrives Why autonomous AI agents are no longer theoretical.

[08:30] – Guardrails & Identity How security leaders are thinking about controlling AI behavior.

[11:15] – When AI Goes Wrong A real-world example of AI being manipulated—and what it reveals.

[14:00] – Machine-Speed Threats Why defenders must move faster than ever before.

[17:30] – The Big Shift AI is inevitable—now the focus is containment.

[19:30] – Shadow AI Risk Why employees using AI outside oversight is a growing concern.

Security teams spend enormous effort chasing the latest threats, yet often overlook one of the most revealing sources of truth already in their environment: backups. In this episode of Data Security Decoded, host Caleb Tolin sits down with Kyle Fiehler, Transformation Analyst at Rubrik Zero Labs, to explore why backup data has become a critical — and largely ignored — form of security telemetry.

Kyle explains how secure, immutable backups act as a historical record of attacks that evaded traditional detection tools, capturing digital fingerprints left behind by sophisticated adversaries. From hypervisor-level threats to long-dwell state-backed actors, backups often reveal what endpoint and network tools miss. And attackers know it. As Kyle outlines, ransomware groups like Evil Corp and Storm-0501 deliberately target backups and identity infrastructure to maximize leverage and accelerate payouts.

The conversation also challenges how organizations think about recovery and Mean Time to Response (MTTR). Rather than treating MTTR as a single metric, Kyle advocates breaking recovery into phases — scoping compromise, validating clean recovery, and restoring identity — to pinpoint where resilience actually breaks down. The result is a more actionable, operational view of cyber readiness.

This episode offers a clear message for security and IT leaders alike: resilience isn’t just about preventing attacks. It’s about using every available signal, drilling recovery before incidents occur, and recognizing that backups are no longer passive insurance — they’re active intelligence.

What You’ll Learn


Why secure backups function as a record of threats other tools miss


How ransomware groups deliberately target backups and identity systems


Where organizations commonly fail to extract security value from backup data


How to rethink MTTR by breaking recovery into measurable phases


Why identity infrastructure is central to modern recovery strategies


Three concrete steps to operationalize backup intelligence today

Episode Highlights

[00:00] Backups as Digital Fingerprints Why immutable backups reveal threats that evade traditional security tools.

[04:30] The Telemetry Everyone Ignores How organizations overlook backups as a source of threat intelligence.

[07:45] Who Owns Backup Security? The growing shift from IT ownership to security accountability.

[10:30] MTTR Is Broken Why recovery metrics fail — and how phased recovery fixes that.

[12:45] Threat Actors Targeting Backups How groups like Evil Corp and Storm-0501 maximize leverage.

[15:00] Three Actions Security Teams Can Take Today Practical steps to extract real value from backup data.