Enterprise Security Weekly (Audio)

Segment 1 - Interview with Tim Morris
Bringing intelligence to assets
You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way?
Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts…
Segment Resources
Trusted automation: Building autonomous IT with confidence
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Segment 2 - Topic: the new White House cybersecurity strategy
In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here!
Segment 3 - News
Finally, in the enterprise security news,
Massive amounts of funding and acquisitions as we get close to RSA
Open source registries need help
Microsoft Copilot reads email marked as DO NOT READ
Don't use an LLM to generate passwords
is prompt injection a vulnerability
defining risks
AI changes the build versus buy equation
the scammer's perspective
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-447

Segment 1: Interview with Mathias Katz
What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised?
Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him.
Segment 2: Interview with Wolfgang Goerlich
Addressing the nuanced, nefarious threats of AI
Sure, we need to worry about AI prompt injection and AI data leakage, but what about the threats to our BRAINS? Seriously, as we start to have daily conversations with this technology, how are they going to shape how we think? What inherent biases in the training, fine tuning, guardrails, or lack of guardrails are going to affect our decisions or how we work?
Wolfgang is concerned about this, so he performed a human/AI experiment. With almost 1000 people partaking in the experiment, the results are sure to be intriguing.
Segment 3: This week's enterprise security news
Finally, in the enterprise security news,
survey results on how folks are feeling about openclaw
some hidden drama discovered in KEV updates
some new KEV tools
is AI replacing traditional code scanning tools?
remote code execution in notepad
no, not notepad++, NOTEPAD.EXE
you know, the one that ships preinstalled on Windows
the RSAC innovation sandbox finalists
dealing with legacy vulnerabilities
Don't accept OpenClaw Mac Minis from strangers!
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-446

Interview Segment - Rob Allen - Clickfix
"Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it!
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Interview Segment - Rob Allen - Zero Trust World
Threatlocker's 6th annual Zero Trust World event is happening next month! This three day event runs from March 4th through the 6th once again in sunny Orlando, Florida.
This year's event is packed with hands-on hacking workshops, competitions, prizes, and keynotes from Marcus Hutchins, and Linus and Luke from Linus Tech Tips. Security Weekly will be there as well, doing live interviews and recording an episode of ESW live!
This segment is sponsored by ThreatLocker's annual Zero Trust World. Visit https://securityweekly.com/ztw to learn more about the conference and register with discount code ZTW26ESW!
News Segment
For this week's enterprise news, we discuss
OpenClaw!
funding!
acquisitions!
testing out AI models' offensive security capabilities
more openclaw!
the need for more transparency and testing in the vendor space
A photobooth service leaks drunken pictures of wedding parties
The salty snack that helps server uptime
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-445

Segment 1: Interview with Warwick Webb
From Initial Entry to Resilience: Understanding Modern Attack Flows
Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense.
Segment Resources:
Wayfinder MDR Solution Brief
451 MDR Report
Managed Defense Redefined Blog
This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!
Segments 2 and 3: The Weekly News
In this week's enterprise security news,
we've got funding
free tools!
the CISO's craft
agentic browsers
tech companies are building cyber units?
giving AI agents access to your entire life
lots of dumpster fires in the industry today
Cisco killed Kenna
the state of AI in the SOC
homemade EMP guns! don't try this at home
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-444

Segment 1: Interview with Thyaga Vasudevan
Hybrid by Design: Zero Trust, AI, and the Future of Data Control
AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world.
In this episode, we'll unpack why real-time visibility and control over data usage are now essential for safe AI adoption, accurate outcomes, and regulatory compliance. From preventing data leakage to governing how data is used by AI systems, security teams need controls that operate in the moment - across cloud, browser, SaaS, and on-prem environments - without slowing the business.
We'll also explore how growing data sovereignty and regulatory pressures are driving renewed interest in hybrid architectures. By combining cloud agility with local control, organizations can keep sensitive data protected, governed, and compliant, regardless of where it resides or how AI is applied.
This segment is sponsored by Skyhigh Security. Visit https://securityweekly.com/skyhighsecurity to learn more about them!
Segment 2: Why detection fails
Caleb Sima put together a nice roundup of the issues around detection engineering struggles that I thought worth discussing. Amélie Koran also shared some interesting thoughts and experiences.
Segment 3: Weekly Enterprise News
Finally, in the enterprise security news,
Fundings and acquisitions are going strong
can cyber insurance be profitable?
some new free tools shared by the community
RSAC gets a new CEO
Large-scale enterprise AI initiatives aren't going well
LLM impacts on exploit development
AI vulnerabilities
global risk reports
floppies are still used daily, but not for long?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-443