In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut speaks with Dr. Masoud Nafey, Founder of Ment, an AI-driven relationship intelligence platform built on a foundation of privacy and authenticity. Together, they explore how artificial intelligence can help professionals build and nurture meaningful relationships without compromising personal data.

Dr. Nafey discusses Ment’s “privacy by design” approach, which protects user data through encryption and transparency, and explains how AI-generated contextual insights can strengthen both personal and professional connections. The conversation delves into topics like data ethics, authenticity in digital interactions, regulatory compliance, and the future of human-centered AI.

Listeners will gain a hopeful and practical perspective on how technology can make relationships more human—not less.

The browser has quietly become the most critical—and most overlooked—attack surface in cybersecurity. In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with John Carse, Field CISO at SquareX, about the company’s groundbreaking Browser Detection and Response (BDR) technology and why legacy tools like EDR and Secure Web Gateways can’t see today’s browser-native threats.

John draws on his two decades of global cybersecurity experience—spanning the U.S. Navy, JPMorgan, Expedia, and Dyson—to explain emerging risks like Syncjacking, Polymorphic Extensions, and the coming wave of AI-powered browser agents. He also shares practical steps for CISOs to reduce risk from Shadow SaaS and unmanaged devices.

If you think your browser is safe, this episode will make you think again.

In this episode of the Brilliance Security Magazine Podcast, Andrew Warren, Vice President of Sales and Marketing at Exclusive Networks North America, joins us to discuss why security-focused distribution matters in today’s cyber landscape. Andrew shares insights from his nearly two decades in the channel, explores how distribution has evolved beyond logistics, and explains how Exclusive Networks helps partners cut through vendor noise, address the cybersecurity skills gap, and adapt to the shift toward services and subscription models.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with Mark Stadtmueller, CTO at SUPERWISE, about the realities of AI governance in today’s enterprises. Mark explains why fear, confusion, and the use of “shadow AI” are fueling an AI governance crisis, and how organizations can move beyond experimentation to trusted, enterprise-grade adoption. The conversation covers regulatory patchworks, runtime safety, smaller language models, and practical safeguards that keep AI both innovative and secure. Mark also shares forward-looking advice for business leaders eager to embrace AI responsibly while maintaining trust, compliance, and visibility.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut speaks with Julian Hamood, Founder and Chief Visionary Officer of TrustedTech. Julian shares his journey from simplifying Microsoft licensing to leading a full-service technology partner recognized as a Microsoft Managed Partner—an achievement reserved for less than 1% of providers worldwide. The conversation explores how enterprises can modernize securely, integrate AI responsibly, navigate IT complexity, and prepare for emerging Microsoft-related risks.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with Tony Garcia, Chief Information and Security Officer at infineo, about what it takes to secure AI systems and safeguard intellectual property. Tony shares his perspective on the threats companies with their own AI may face, the unique challenges of securing blockchain-driven infrastructure, and why security should be seen as a strategic business advantage.

In this episode, we talk with Abhay Bhargav, co-founder of SecurityReviewAI and CEO of we45. Abhay shares how SecurityReviewAI transforms months-long security architecture reviews into actionable insights in just hours, helping teams improve security, compliance, and efficiency.

Summary:

In this episode, we welcome Alex Brennan, Vice President of Global Enterprise Sales at Sign In Solutions, to explore the emerging role of visitor management in modern physical security strategies. Alex and host Steven Bowcut dive into how converged threat models are turning the front desk into a vital security checkpoint — and why managing risk doesn’t have to come at the expense of a positive visitor experience.

In Episode S7E13 of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with cybersecurity veteran Jim Alkove to discuss the evolving landscape of identity security. With over 25 years in the industry and leadership experience at Microsoft, Salesforce, and now as CEO of Oleria, Jim shares unique insights into the identity challenges facing modern enterprises. He explains why traditional identity frameworks fall short in today’s complex IT environments and how technologies like graph databases and autonomous access management are poised to transform the way organizations secure digital identities.

Summary

The conversation begins with Jim describing the experiences that led him to found Oleria. Having worked at major tech companies, he saw firsthand how fragmented and outdated identity security practices were becoming in the face of hybrid IT environments, cloud adoption, and the rise of AI. Security practitioners, he explains, are often stuck managing disparate systems that don’t integrate well, leaving dangerous gaps in visibility and control.

Jim then shares how his background as an inventor, with over 50 U.S. patents, shapes his approach to solving these complex challenges. He highlights how advancements in graph databases now allow identity systems to model and analyze access relationships with much greater granularity, down to the individual file or ticket level.

A major focus of the conversation is the concept of adaptive and autonomous access. Jim explains that true least privilege enforcement requires constant adjustment of access rights based on real-time usage and business context. Oleria’s platform addresses this by using AI to manage and automate access decisions, reducing the reliance on manual approvals and ticketing systems.

Steven and Jim also explore how identity tools like Oleria can dramatically improve incident response. Instead of spending hours gathering logs and writing scripts, security teams can quickly view a compromised account’s access and activity during the threat window, reducing response time and impact.

Trust and transparency are also essential, Jim notes. Organizations must understand and control what their identity platform is doing. Oleria ensures this by providing detailed visibility into every automated action and allowing users to configure the level of human oversight.

Looking to the future, Jim stresses that AI is both a tremendous opportunity and a significant security challenge. As AI agents begin to act on behalf of users and businesses, identity systems will need to keep pace by securing access at a much finer level, and for entities far beyond human users. This includes understanding the authority and trustworthiness of AI agents acting on behalf of external partners.

The episode closes with a compelling reminder that the complexity of today’s IT environments—and tomorrow’s AI-driven workflows—demands a new approach to identity. Enterprises that don’t evolve their identity infrastructure risk falling behind both in innovation and in protection.

About Our Guest

Jim Alkove is the co-founder and Chief Executive Officer of Oleria, where he leads company strategy, vision, and growth. A tech industry veteran with over 25 years of experience, Jim has held senior security leadership positions at Microsoft, Salesforce, and other major technology firms. He holds over 50 U.S. patents and is a recognized innovator in identity security and access management. Jim also serves as a strategic advisor to numerous startups working on the future of cybersecurity.

In Episode S7E12 of the Brilliance Security Magazine Podcast, host Steven Bowcut is joined by Steve Bassett, Senior Director of Security Consulting at GMR Security. With over three decades of experience in physical security operations, Steve shares insights on how organizations, particularly large, multi-site enterprises, can successfully modernize their physical security posture. The discussion uncovers the growing convergence of physical and cybersecurity, the importance of holistic risk assessments, and the role of technology and policy in creating effective security programs.

Summary

The conversation begins with Steve recounting his unconventional path into security consulting, beginning with his early interests in electronics and broadcasting, and culminating in leadership roles within large integration firms and global financial institutions like Salomon Smith Barney.

Steve and Steven delve into the challenges facing complex organizations, including outdated technology, siloed operations between IT and security teams, and the widespread absence of formal standards and policies, particularly in companies undergoing mergers or acquisitions. Steve emphasizes that many organizations still lack updated documentation or unified security procedures, which creates vulnerabilities and inconsistencies across locations.

He explains his risk assessment approach, which starts with stakeholder engagement to understand each group's perspective on threats and critical assets. Steve highlights how even seasoned organizations often overlook gaps in understanding or communication, especially between IT, facilities, and security teams. These assessments go beyond checklists; they result in actionable roadmaps with prioritized recommendations based on industry standards.

The episode also touches on the difference between physical security and life safety, emphasizing the need for guard forces to play a more integrated role in emergency preparedness, not just surveillance and access control. Steve notes that security teams must collaborate with life safety stakeholders to ensure responsibilities are clearly defined and that early detection and response are effectively handled.

When discussing technology’s impact on physical security, Steve explores the increasing role of AI-powered systems. From anomaly detection to intelligent camera analytics, he stresses that while technology is powerful, it must be applied appropriately and with clear operational goals. Not every high-tech solution is right for every organization, and understanding infrastructure readiness and legal constraints—like facial recognition laws—is essential.

Steve also makes a compelling case for the value of engaging a consultant early in the planning process. While some organizations delay bringing in outside expertise until problems arise, Steve argues that early collaboration prevents costly mistakes, helps avoid bias from vendors, and ensures solutions are aligned with both current and future needs.

As the conversation wraps, Steve offers insights into future-proofing security strategies, urging organizations to keep doors open for emerging technologies, such as drone detection or automated visitor management, without overcommitting to unproven solutions. He encourages security leaders to build flexibility into their infrastructure and to align technological capabilities with real-world operational needs.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with John Sobczak, founder and CEO of NXT1, to explore how software development teams can accelerate time to market without compromising on security or compliance. John shares how his career shaped the vision behind NXT1 and discusses the structural pitfalls that often delay or derail promising SaaS startups. This engaging conversation is packed with actionable insights for developers, founders, and investors navigating the complex intersection of speed, scale, and security.

Summary

John Sobczak brings decades of experience in enterprise technology and government cybersecurity to this discussion, offering a compelling argument for embedding security from the very first line of code. He outlines how modern SaaS development is hampered by excessive cognitive load on developers, who are often forced to juggle core product development with complex compliance frameworks. This leads to delays, technical debt, and avoidable risk.

NXT1’s solution is LaunchIT, a turnkey platform designed to provide secure, compliant infrastructure out of the box. Sobczak explains how inheritance—not just guardrails—makes the difference. By giving developers access to hardened, policy-aligned environments that meet standards like SOC 2, HIPAA, and FedRAMP, NXT1 dramatically shortens the path from idea to revenue. This also reduces founder and investor risk while increasing the cost for adversaries targeting early-stage SaaS companies.

Throughout the episode, Sobczak emphasizes the importance of building with scale and regulation in mind—even if those market demands aren’t immediate. He notes that most early-stage teams wait too long to consider security, mistakenly treating compliance as a checklist to be addressed after product development. Instead, NXT1 aims to "meet customers where they are," helping both startups and more mature companies seamlessly scale into new verticals like healthcare and public sector without rebuilding from scratch.

He also touches on the cultural shifts required in development organizations: making security everyone’s responsibility, automating infrastructure to reduce human error, and resisting the temptation to reinvent the wheel when platforms already exist that can shoulder much of the compliance burden.

Whether you're an entrepreneur launching a new SaaS product or a development leader in a growth-stage company, this episode is a must-listen for those looking to secure their software—and their future—from the ground up.

What if the world’s most trusted cryptographic systems could be broken in just minutes instead of centuries? In this thought-provoking episode of the Brilliance Security Magazine Podcast, David Close, Chief Solutions Architect at Futurex, joins host Steven Bowcut to discuss the very real—and rapidly accelerating—threat that quantum computing poses to modern encryption. With quantum advancements progressing faster than many expected, Close explains why organizations need to act now to safeguard long-term data, and how hybrid and agile cryptographic systems are the key to staying ahead.

Summary

David Close opens the conversation by tracing his own journey from embedded firmware engineering to his current role leading cryptographic innovation at Futurex. He shares how his work with Hardware Security Modules (HSMs)—specialized devices that securely manage encryption keys—laid the groundwork for Futurex’s leadership in enterprise-grade encryption.

The core of the episode centers on the quantum computing threat to current encryption standards like RSA and elliptic curve cryptography. David breaks down the technical implications in accessible terms: quantum computers can solve problems exponentially faster than classical computers, meaning encryption methods that would take millennia to break with today’s machines might be cracked in minutes by quantum processors.

A key highlight is the concept of “Harvest Now, Decrypt Later”—a tactic where attackers steal encrypted data today, intending to decrypt it once quantum technology matures. David emphasizes that this threat is not futuristic; it’s already underway, with critical long-life data like medical records, financial information, and government secrets at risk.

David outlines how Futurex and other leading organizations are proactively adapting. For example, Google and Cloudflare have already implemented hybrid cryptography using both classical and quantum-safe algorithms. Futurex is doing the same across its suite of HSMs and key management solutions, supporting new standards ratified by NIST (including Kyber and Dilithium) and enabling “crypto agility”—the ability to quickly adopt new encryption standards without overhauling infrastructure.

He also shares how Futurex is helping clients through cryptographic discovery, which allows organizations to identify where and how cryptography is being used across their environments. This step is essential for prioritizing risk areas and laying a foundation for a secure, phased migration to post-quantum cryptography.

Finally, David stresses that while the quantum threat is real and imminent, organizations shouldn’t panic—but they must act now. The transition to post-quantum cryptography is already underway, and those who prepare today will be far more secure and resilient tomorrow.

In this episode of the Brilliance Security Magazine Podcast, we sit down with Matt Stern, Chief Security Officer at Hypori, to discuss how organizations can move beyond outdated mobile device management strategies and adopt a zero-trust approach to the future. Stern shares compelling insights from his extensive experience in both military and federal cybersecurity, highlighting why traditional BYOD approaches—like MDM and MAM—are no longer adequate. If you're a CISO, IT leader, or just curious about secure mobile innovation, this is a conversation you don’t want to miss.

Summary

The episode begins with Matt Stern’s journey from Army Ranger to cybersecurity executive. He discusses how his experience leading large-scale cyber operations, including the U.S. Army CERT and the EINSTEIN national cybersecurity system, shaped his threat-centric approach to enterprise security.

The conversation then turns to the evolving BYOD (Bring Your Own Device) landscape. Stern highlights the risks posed by traditional mobile device management (MDM) and mobile application management (MAM) solutions—such as increased attack surface, privacy concerns, and inadequate control over unmanaged personal devices. He also touches on regulatory challenges like the “No TikTok Law,” which bans certain apps on government-affiliated devices due to data exposure risks.

Stern explains how Hypori addresses these issues with its Virtual Mobile Infrastructure (VMI), which keeps all data and compute operations off the user’s device. Hypori streams pixels only—meaning no data is stored or processed locally—eliminating risks associated with compromised devices. He walks listeners through Hypori’s layered authentication system and robust security architecture, which enables secure operation from any personal device without compromising user privacy.

The show concludes with a discussion on cost savings and operational efficiency. Stern notes that the Department of Defense already uses over 70,000 Hypori licenses and highlights how organizations can achieve significant savings—up to 42%—by eliminating the need to purchase and manage government-furnished equipment (GFE). His advice to IT leaders: assess your current BYOD risks, examine the real-world behaviors of your workforce, and consider whether legacy models are hindering your security posture.

In Episode S7E8, Steven welcomes Arvind Parthasarathi, founder and CEO of CYGNVS, to discuss reinventing cyber incident readiness and response collaboration. Arvind shares his background in analytics and cybersecurity, explaining how CYGNVS was created to address the chaos organizations face during major cyber incidents. The conversation covers the importance of comprehensive preparation for cyber incidents, the benefits of CYGNVS’s incident response platform, and the company’s approach to preparing, practicing, responding to, and reporting on cyber crises.

In Episode S7E7, Steven welcomes Glenn Day, CEO of NVISIONx, to discuss data risk intelligence and emerging threats in the age of AI and complex data environments. Glenn shares insights on data governance, the importance of proper data organization for AI adoption, and how NVISIONx helps organizations manage and purge data responsibly. The conversation underscores the significance of intelligent data classification in cybersecurity and the need for collaborative data governance across departments to achieve enhanced protection, compliance, and a competitive edge through AI models.

In Episode S7E6 of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with Dmitri Vellikok, VP of Embedded Security at F-Secure, to discuss F-Secure’s newly launched Scam Kill Chain Framework and explore critical insights into how cybercriminals select and exploit their targets.

The Inspiration Behind Scam Kill Chain

Dmitri shares his 20+ year journey in cybersecurity, from his early fascination with web-based hacking to his extensive experience with F-Secure, highlighting what motivates him to continue tackling cyber threats. He explains the inspiration behind the Scam Kill Chain Framework, a groundbreaking approach designed to close gaps in existing cybersecurity strategies, providing better protection for both businesses and consumers.

Exploring the Scam Kill Chain Framework

The discussion delves deep into each stage of the Scam Kill Chain, from initial reconnaissance and infrastructure setup to lateral movement and eventual monetization. Dmitri emphasizes that timely intervention, especially during initial contact attempts by scammers, is critical for effective defense.

Dispelling Misconceptions About Cyber Scams

Listeners gain valuable insights into common misconceptions around scams, understanding the psychology of cybercriminals, and why attacks, although widespread, aren't typically personal but rather opportunistic and scaled. Dmitri also addresses emerging cybersecurity threats associated with connected IoT devices and AI-based systems, emphasizing the need for updated software and proactive threat detection.

AI’s Role in Threat Detection

The role of artificial intelligence and machine learning in identifying and preventing cyber threats within the Scam Kill Chain Framework is explored, providing practical guidance for security professionals interested in integrating this approach into their practices.

Future Cybersecurity Challenges and Preparation

Finally, Dmitri shares forward-looking perspectives on evolving threats and how F-Secure is proactively preparing to stay ahead of increasingly sophisticated cybercriminals. Don't miss this episode packed with actionable insights to enhance your cybersecurity strategies.

In Episode S7E5, host Steven Bowcut speaks with Ian Amit, CEO and Founder of Gomboc AI. The conversation covers various aspects of Gomboc AI and its approach to computer science and cybersecurity. Ian shares his practical problem-solving philosophy and insights into the evolving landscape of cybersecurity, highlighting the impact of generative AI and the inefficiencies in traditional cloud security and DevOps processes. They discuss the complexities of cloud security, including risks from misconfigurations and shadow IT, and outline Gomboc AI's deterministic approach to AI, which relies on provider documentation to deliver precise solutions while maintaining human oversight. Finally, Ian emphasizes the future direction of Gomboc AI, advocating for improved DevSecOps practices and the integration of infrastructure as code and GitOps methodologies.

In Episode S7E4,David Matalon, CEO and Founder ofVenn, joins Steven Bowcut to explore the evolving landscape of remote work security and the challenges of traditional Virtual Desktop Infrastructure (VDI). David shares insights into how financial services and other industries have struggled with data security, compliance, and usability in a BYOD-driven world, and how Venn’sSecure Enclave and Blue Border technology provide a more seamless, secure alternative. They also discuss the importance ofwork+life integration over balance, how Venn’s approach enhances remote productivity without sacrificing security, and the lessons learned from scaling a cybersecurity business. The conversation delves into thefuture of BYOD, its growing strategic importance in hybrid workforces, and how Venn is shaping the future of secure remote access by integrating with existing applications and infrastructure. David also shares his vision for thenext phase of remote work, where BYOD becomes the standard rather than the exception.

In Episode S7E3, the discussion features Marko Simenov, CEO of Plainsea, who talks about the company's innovative augmented penetration testing platform. Marko explains the origins of Plainsea, its unique features, and its benefits to both pen-testing companies and their clients, including time and cost savings, continuous testing capabilities, and improved efficiency. The conversation also covers Plainsea's integration with various industries, compliance requirements, and other cybersecurity software, as well as its potential for future development based on user feedback and market demands.

In this podcast conversation, Steven and Edward explore the potential of AI in cyber defense, emphasizing its role in augmenting human security teams. Edward highlights a case study where AI enables a tech startup to function as if it has more engineers on staff. They delve into the concept of 'agentic AI' and its application in coaching AI systems, with Edward noting Dropzone AI's recognition as a 'cool vendor' by Gartner in October of the previous year—an important milestone for the company.

Edward explains that agentic AI refers to systems capable of autonomously performing complex tasks without incremental instructions from users. He underscores the importance of coachability in AI, comparing these systems to digital workers who must adapt to an organization’s specific needs. Steven adds that the value of a team member grows exponentially as they learn the operational nuances of the organization. Edward points out the trend of utilizing agentic AI to enhance productivity by offloading tedious tasks, such as tier-one analytical work.

The duo also discusses the ethical training of large language models, addressing the challenges related to using unlicensed and private customer data. Edward raises concerns about the risks involved and advocates for responsible data handling, urging vendors to keep a clear distinction between private information and data used for system improvement. Steven expresses worry about the potential for agentic AI systems to learn from humans who may not fully grasp ethical standards. In response, Edward emphasizes the significance of case studies from fields like medicine.

Finally, they discuss the growing adoption of AI in cybersecurity, with Edward noting that the technology has matured significantly in the past year. He highlights the potential for attackers to exploit large language models as well. Sharing his vision for the future, Edward aspires to create the most capable and trustworthy AI security analyst, which would empower organizations of all sizes to investigate security alerts promptly, making it harder for attackers to succeed. Steven conveys enthusiasm about the prospect of using digital workers as a force multiplier for startups and small businesses.