In this episode, we sit down with Rob Shavell, CEO and Co-Founder of DeleteMe, an organization focused on safeguarding exposed personal data on the public web and addressing user privacy challenges.

We dove into a lot of great topics, such as:

• The rapidly growing problem of personal data ending up on the public web and some of the major risks many may not think about or realize
• Trends contributing to personal data exposure, from the Internet itself to social media, mobile phones/apps, IoT devices, COVID, and now AI
• Where to get started when it comes to taking control of your personal data and privacy
• Potential abuses and malicious uses for personal data and how threat actors are leveraging it
• How DeleteMe can help, as well as free resources and DIY guides that individuals can use to mitigate risk associated with their personal data being exposed

In this episode of Resilient Cyber, we sit down with Steve Martano, Partner in the cyber Security Practice at Artico Search, to discuss the recent IANS & Artico Search Publications on the 2025 State of the CISO, security budgets, and broader security career dynamics.

Steve and I touched on some great topics, including:

• The 2025 State of the CISO report and key findings
• Board reporting cadences for CISO’s and the importance of Boardroom involvement in Cybersecurity
• The three archetypes of CISO’s: Tactical, Functional and Strategic
• How security leaders can advance their career to becoming strategic CISO’s as well as key considerations for organziation’s looking to attract and retain their security talent
• The growing scope of responsibility for CISO roles from not just Infosec but to broader IT, business risk, and digital strategy and implications for CISO’s
• Security budget trends, spending, macroeconomic factors and allocations

Here are a list of some of the great resources from IANS and Artico below on various areas of interest for CISO’s and Security leaders alike!

• https://www.iansresearch.com/resources/ians-security-budget-benchmark-report
• https://www.iansresearch.com/resources/ians-ciso-compensation-benchmark-report
• https://www.iansresearch.com/resources/ians-state-of-the-ciso-report
• https://www.iansresearch.com/resources/ians-leadership-organization-benchmark-report

In this episode of Resilient Cyber, we catch up with Katie Norton, an Industry Analyst at IDC who focuses on DevSecOps and Software Supply Chain Security. We will dive into all things AppSec, including 2024 trends and analysis and 2025 predictions.

Katie and I discussed:

• Her role with IDC and transition from Research and Data Analytics into being a Cyber and AppSec Industry Analyst and how that background has served her during her new endeavor.
• Key themes and reflections in AppSec through 2024, including disruption among Software Composition Analysis (SCA) and broader AppSec testing vendors.
• The age-old Platform vs. Point product debate concerns the iterative and constant cycle of new entrants and innovations that grow, add capabilities, and become platforms or are acquired by larger platform vendors. The cycle continues infinitely.
• Katie's key research areas for 2025 include Application Security Posture Management (ASPM), Platform Engineering, SBOM Management, and Securing AI Applications.
• The concept of a “Developer Tax” and the financial and productivity impact legacy security tools and practices are having on organizations while also building silos between us and our Development peers.
• The role of AI in corrective code fixes and the ability of AI-assisted automated remediation tooling to drive down remediation timelines and vulnerability backlogs.
• The importance of storytelling, both as an Industry Analyst and in the broader career field of Cybersecurity.

In this episode of Resilient Cyber, Ed Merrett, Director of Security & TechOps at Harmonic Security, will dive into AI Vendor Transparency.

We discussed the nuances of understanding models and data and the potential for customer impact related to AI security risks.

Ed and I dove into a lot of interesting GenAI Security topics, including:

• Harmonic’s recent report on GenAI data leakage shows that nearly 10% of all organizational user prompts include sensitive data such as customer information, intellectual property, source code, and access keys.
• Guardrails and measures to prevent data leakage to external GenAI services and platforms
• The intersection of SaaS Governance and Security and GenAI and how GenAI is exacerbating longstanding SaaS security challenges
• Supply chain risk management considerations with GenAI vendors and services, and key questions and risks organizations should be considering
• Some of the nuances between self-hosted GenAI/LLM’s and external GenAI SaaS providers
• The role of compliance around GenAI and the different approaches we see between examples such as the EU with the EU AI Act, NIS2, DORA, and more, versus the U.S.-based approach

In this episode, we sit down with Sounil Yu, Co-Founder and CTO at Knostic, a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI.

Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix.

Sounil and I dug into a lot of interesting topics, such as:

• The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S.
• The different approaches to AI security and safety we’re seeing unfold between the U.S. and EU, with the former being more best-practice and guidance-driven and the latter being more rigorous and including hard requirements.
• The age-old concept of need-to-know access control, the role it plays, and potentially new challenges implementing it when it comes to LLM’s
• Organizations rolling out and adopting LLMs and how they can go about implementing least-permissive access control and need-to-know
• Some of the different security considerations between
• Some of the work Knostic is doing around LLM enterprise readiness assessments, focusing on visibility, policy enforcement, and remediation of data exposure risks

----------------

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 16,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us!

----------------

SecOps continues to be one of the most challenging areas of cybersecurity. It involves addressing alert fatigue, minimizing dwell time and meantime-to-respond (MTTR), automating repetitive tasks, integrating with existing tools, and leading to ROI.

In this episode, we sit with Grant Oviatt, Head of SecOps at Prophet Security and an experienced SecOps leader, to discuss how AI SOC Analysts are reshaping SecOps by addressing systemic security operations challenges and driving down organizational risks.

Grant and I dug into a lot of great topics, such as:

• Systemic issues impacting the SecOps space include alert fatigue, triage, burnout, staffing shortages, and inability to keep up with threats.
• What makes SecOps such a compelling niche for Agentic AI, and what key ways can AI help with these systemic challenges?
• How Agentic AI and platforms such as Prophet Security can aid with key metrics such as SLOs or meantime-to-remediation (MTTR) to drive down organizational risks.
• Addressing the skepticism around AI, including its use in production operational environments and how the human-in-the-loop still plays a critical role for many organizations.
• Many organizations are using Managed Detection and Response (MDR) providers as well, and how Agentic AI may augment or replace these existing offerings depending on the organization's maturity, complexity, and risk tolerance.
• How Prophet Security differs from vendor-native offerings such as Microsoft Co-Pilot and the role of cloud-agnostic offerings for Agentic AI.

In this episode, we sit down with Rajan Kapoor, Field CISO of Material Security, to discuss the security risks and shortcomings of native cloud workspace security offerings and the role of modern platforms for email security, data governance, and posture management.

Email and Cloud Collaboration Workspace Security continues to be one of the most pervasive and challenging security environments, and Rajan provided a TON of excellent insights. We covered:

• Why email and cloud workspaces are some of the most highly targeted environments by cyber criminals, what they can do once they do compromise the email environment, and the broad implications.
• The lack of security features and capabilities of native cloud workspaces such as M365 and Google Workspaces and the technical and resource constraints that drive teams to seek out innovative products such as Material Security.
• The tug of war between security and productivity and how Material Security helps address challenges of the native workspaces that often make it hard for people to do their work and lead to security being sidestepped.
• Particularly industries that are targeted and impacted the most, such as healthcare, where there is highly sensitive data, regulatory challenges, and more.
• Common patterns among threats, attacks, and vulnerabilities and how organizations can work to bolster the security of their cloud workspace environments.

This is a fascinating area of security. We often hear “identity is the new perimeter” and see identity play a key role in trends such as zero trust. But, so often, that identity starts with your email, and it can lead to lateral movement, capturing MFA codes, accessing sensitive data, impacting business partners, phishing others in the organization, and more, all of which can have massive consequences for the organizations impacted.

Raja brought his expertise as a Field CISO and longtime security practitioner to drop a ton of gems in this one, so be sure to check it out!

While cybercriminals can (and do) infiltrate organizations by exploiting software vulnerabilities and launching brute force attacks, the most direct—and often the most effective—route is via the inbox. As the front door of an enterprise and the gateway upon which employees rely to do their jobs, the inbox represents an ideal access point for attackers.

And it seems that, unfortunately, cybercriminals aren’t lacking when it comes to identifying new ways to sneak in. Abnormal Security’s Field CISO, Mick Leach, will discuss some of the sophisticated threats we anticipate escalating in the coming year—including cryptocurrency fraud, AI-generated business email compromise, and more.

Mick and I dove into a lot of great topics, including:

• The evolution of email based attacks and why traditional tooling may fall short
• How attackers are leveraging GenAI and LLM’s to make more compelling email-based attacks
• How defenders can utilize AI to improve their defensive capabilities
• The role of tooling such as Secure Email Gateways and more, and how they still play a role but fail to meet the latest threat landscape
• How Abnormal is tacking email-based attacks and the outcomes they are helping customers achieve with streamlined integration and use