Security You Should Know

• Tackling Misconfigurations with ThreatLocker

  All links and images can be found on CISO Series. Misconfigurations represent one of cybersecurity’s most persistent and damaging vulnerabilities. Organizations often fall into the trap of deploying tools with overly permissive “permit everything” default settings, only to struggle with the operational overhead required to lock them down properly. Every configuration change away from these permissive defaults requires extensive testing and validation, creating what amounts to a prohibitive tax on implementing proper security controls. Is it any surprise that teams leave dangerous temporary configurations in place indefinitely? In this episode, Rob Allen, chief product officer at ThreatLocker, explains how their Defense Against Configuration (DAC) solution addresses these challenges through automated daily security checks across Windows endpoints that identify common misconfigurations before they lead to breaches. Joining him are Andy Ellis, principal at Duha, and Montez Fitzpatrick, CISO at Navvis. The conversation explores how DAC’s automated checks map misconfigurations against compliance frameworks, while ThreatLocker’s broader platform consolidates multiple security functions into a single low-impact agent that can replace multiple endpoint tools. Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com

  --------  

  16:20

  --------

  16:20
• Navigating Your Meeting Shadow Data with FORA

  All links and images can be found on CISO Series. Organizations excel at generating massive volumes of unstructured data through recorded meetings. The struggle lies in extracting value from it. The reality is that most of this data is never touch again after its created. The temporal nature of voice communication creates unique challenges. These conversations capture real-time insights and concerns that are highly valuable for immediate decision-making. But traditional data management approaches fail to surface actionable intelligence before it becomes stale. In this episode, Joe Essenfeld, CEO and co-founder at FORA, explains how their platform addresses these challenges by automatically processing recorded meetings to generate personalized, contextual summaries while maintaining strict data privacy controls. Joining him are Howard Holton, CEO at GigaOm, and Derek Fisher, Director of Cyber Defense at Temple University. The conversation explores how FORA’s AI-powered personalization engine creates individualized meeting cards based on organizational context and project involvement. The platform implements sophisticated filtering to remove personal banter and protects sensitive information through automated labeling systems that can detect IP discussions, HR-sensitive content, and accidental recordings. Huge thanks to our sponsor, FORA   Recorded meetings are the fastest-growing source of shadow data. FORA gives enterprises unified visibility and control—enforcing retention, access, and compliance across platforms. Security teams eliminate blind spots while employees gain powerful insights. With FORA, you know exactly what recorded data exists, where it’s stored, and who can access it.  

  --------  

  16:46

  --------

  16:46
• Exploring Storage Control with ThreatLocker

  All links and images can be found on CISO Series. In this episode, Rob Allen, chief product officer at ThreatLocker, explains how their Storage Control solution addresses these challenges by implementing program-level access restrictions that work alongside traditional user permissions. Joining him are Jonathan Waldrop, CISO-at-large, and Nick Ryan, former CISO at RSM. The conversation explores how ThreatLocker's endpoint-focused approach applies default-deny principles not just to what programs can run, but to what data they can access. This allows users to work normally while preventing unauthorized programs from reaching sensitive information. This streamlined block-request-approve process can resolve access needs within 60 seconds. Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment.  Threatlocker.com/CISO  

  --------  

  17:01

  --------

  17:01
• Transforming Asset Visibility with Trend Micro

  All links and images can be found on CISO Series. Asset visibility remains a persistent challenges in cybersecurity. Despite working on this challenge for decades, CISOs continue to struggle with knowing what assets exist in their environments, where they’re located, and what risks they present. The problem has only intensified with dynamic cloud resources spinning up and down in seconds, APIs proliferating across environments, and third-party integrations creating complex dependency chain. Traditional scanning tools simply can’t keep pace. In this episode, Franz Fiorim, Field CTO at Trend Micro, explains how their Cyber Risk Exposure Management (CREME) solution addresses these challenges through continuous asset discovery and risk prioritization across the entire attack surface. Joining him are Krista Arndt, Associate CISO at St. Luke’s University Health Network, and Brett Conlon, CISO at American Century Investments. They discuss how CREME consolidates external attack surface management, cloud security posture management, and vulnerability remediation into a unified platform that discovers hidden assets through multiple methods including agentless cloud integrations, network discovery sensors, and third-party API connections. Huge thanks to our sponsor, Trend Micro Reduce cost, complexity, and tool sprawl by consolidating critical security and risk disciplines like External Attack Surface Management (EASM), Cloud Security Posture Management (CSPM), Vulnerability Risk Management (VRM), Identity Security Posture, Security Awareness and more into one cyber risk exposure management solution. CREM simplifies security and business operations to enable faster, more strategic risk reduction by replacing fragmented point solutions across these domains.

  --------  

  16:54

  --------

  16:54
• Harnessing AI-Native PAM with Formal

  All links and images can be found on CISO Series. Most data breaches don't happen because attackers are geniuses. They happen because organizations give too much access to too many people for far too long. Despite decades of security frameworks and best practices, enforcing least privilege remains one of cybersecurity's most persistent challenges. The culprit isn't technology: it's politics. In this episode, Mokhtar Bacha, CEO of Formal, discusses how their granular privilege access management solution operates at the packet level to enforce least privilege across databases and APIs. Joining him are Howard Holton, COO and industry analyst at GigaOm, and Arvin Bansal, a Fortune 100 veteran CSO. The conversation tackles the truth about why access management fails, explores how AI agents are exploding the identity landscape, and examines whether automated policy enforcement can finally solve the political friction that has plagued privilege management for years. Huge thanks to our sponsor, Formal Formal secures humans, AI agent’s access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.  

  --------  

  19:26

  --------

  19:26

Meer Nieuws podcasts

Trending Nieuws -podcasts

Over Security You Should Know

Security You Should Know: Podcasts in familie