In this episode, I sit down with a friend and ex-CIA Officer turned Cybersecurity leader, Ross Young over at CISO Tradecraft. We will be unpacking the topic of mastering the cybersecurity budget. This includes examining whether most cyber budgets are wasted, determining where and how to make investments, justifying spending, and more. Don’t miss this chance to delve into an often-overlooked subject that many Cybersecurity leaders struggle with.

In this episode, I sit down with Mitchel Herckis, Global Head of Government Affairs at cloud security leader Wiz. We will be discussing all things public sector and cybersecurity, including the evolution of the FedRAMP program, modernizing vulnerability management, and the future of Continuous ATO (cATO). We covered a lot of ground, including: Mitch’s background, both at Wiz and inside Government at roles such as OMBHow Wiz is working with Federal agencies and Defense Industrial Base (...

In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future. Kenny and I dove into a lot of topics, including: What FedRAMP is and why it mattersWhat FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressingThe various aspects of FedRAMP 20x, i...

In this episode of Resilient Cyber, I sit down with repeat guest Snehal Antani, who serves as the Co-Founder & CEO of Autonomous Pen Testing leader Horizon3.ai. We will discuss the latest developments in AI and Autonomous Pen Testing, as well as the tremendous growth and success of Horizon3.ai, as Snehal balances technical topics with business-centric hard won wisdom of growing an industry leading organization.

In this episode of Resilient Cyber, I sit down with Astrix Security Co-Founder and CEO Alon Jackson to discuss the need for secure agentic adoption across the enterprise. This includes Astrix’s approach, which involves enabling enterprises to discover, secure, and deploy AI agents responsibly at scale.

In this episode of Resilient Cyber, I sit down with Binalyze Founder/CEO Emre Tinaztepe. We will discuss how AI and automation are impacting the future of the SOC and the role that forensics-level data can play in incident response and recovery, as well as proactive threat hunting.

In this episode, I sit down with Andy Ellis, a longtime industry security leader who has turned investor, advisor, and mentor. We will discuss how security vendors can build effective marketing and sales teams and Andy's experience identifying and investing in industry-leading security startups. Don't miss this chance to hear from an industry legend who has worn multiple hats and excelled as an operating, investor, and overall security leader.

- One of the biggest SaaS security incidents recently of course is the Salesloft Drive/Salesforce incident, which impacted hundreds of organizations and involved compromised OAuth tokens. Can you tell us a bit about the incident and the fallout? - In an AppOmni blog on the incident, you all discuss attackers taking advantage of persistent OAuth access, over-permissive access, limited monitoring, and unsecured secrets. Why do these problems continue to plague organizations despite incidents li...

In this episode of Resilient Cyber, I sit down with the SANS Institute's Chief of Research (COR) & Chief AI Officer (CAIO), Rob T. Lee to discuss AI's impact on cybersecurity and the workforce. We will discuss SANS Critical AI Security Guidelines, the opportunities and obstacles AI presents for cybersecurity, and how practitioners should navigate AI's impact on the workforce.

In this episode of Resilient Cyber, I sit down with Gianna Whitver and Maria Velasquez to chat about the state of marketing in the cybersecurity industry, as well as their popular event "Cyber Marketing Con" In this episode, we discussed: The background of the CyberMarketingCon and what led Gianna and Maria to co-found the event and communityWhere marketers typically fall short and what can be done to drive more effective marketing and selling to security practitioners and leadersWhat practit...

In this episode I sit down with Michael Bargury, Co-Founder and CTO at Zenity to discuss all things AI Agent Security. Michael and the Zenity team have recently disclosed various AI agent risks, vulnerabilities and threats.

In this episode, I sit down with Andrew Carney, Program Manager for DARPA's AI Cyber Challenge (AIxCC). DARPA's AIxCC recently concluded at Black Hat, and it brought together the industry's leading experts on AI and Cybersecurity with a focus on securing software that is critical to all Americans. Teams had to create novel AI systems to secure critical code, include software involved in critical infrastructure.

In this episode we sit down with Sid Trivedi, Partner at venture capital firm Foundational Capital and host of the Inside the Network podcast. Sid brings great insights around cybersecurity market trends, industry events such as Black Hat and the impact that AI is having on the startup and venture capital ecosystem.

In this episode, we sit down with Christian Posta, the Field CTO at Solo.io and an industry author and leader on topics such as Microservices, AI, and IAM. We will explore the rise of Agentic AI and its supporting protocols, such as MCP and A2A, and the broader challenges and considerations of Identity security in the age of LLMs.

In this episode, I sit down with Daniel Bardenstein, CTO & Co-Founder of Manifest Cyber. We discussed the AI supply chain security, including open source risks, AIBOMs, best practices for CISOs, and regulatory approaches in the U.S. and EU. We dove into: What is the same and different between the risks AI introduces across the enterprise compared to open source software, and where and how the two converge.The rise of an “AIBOM” and why it is becoming a critical part of enterprise risk man...

In this episode, we sit down with Jim Manico, a longtime industry AppSec Leader, Educator, and Innovator, to discuss enhancing software security in the era of AI. This includes covering recent talks Jim has given about using AI as a force multiplier for software development, the importance of security-centric prompting, and the overall impact of AI on the field of AppSec. We discussed: A recent talk Jim gave where he discussed transforming secure software creation with AI, doing the work of ...

In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance. We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era. We dove into: What the phras...

In this episode of Resilient Cyber, we chat with Patrick Duffy, Product Manager at Material Security, on Securing the Modern Workspace. The conversation will include discussions about the increased adoption of cloud office suites, limitations of traditional security approaches, and a deep dive into how Material Security is tackling issues such as securing email and data, identity threat detection, and posture management. Stepping back a bit before we get too specific, we've seen major f...

In this episode, I sit down with SAIC Chief Technology Officer (CTO) and longtime Federal/Defense leader Bob Ritchie to discuss his experience securing public sector digital modernization, including everything from large multi-cloud environments to zero trust, identity, and where things are headed with AI. Bob starts discussing SAIC and his background there. He went from intern to CTO over 20 years with this public sector industry leader, including a brief stint with Capital One on the commer...

In this episode, I sit down with longtime industry researcher Wade Baker to dive into Cyentia's latest IRIS report. The report provides a data-driven look at incident trends, impacts, costs, and more. Are cyber incidents becoming more or less frequent? Are specific industries doing better than others? What does the average incident impact actually look like? Tune in to learn the answers, along with many other interesting insights! The report found that the number of security incidents conti...