Managing risk is the name of the game for a CISO. Quantification is a major part of that job, but it doesn't end there. Without a means of communicating that quantification to the rest of the business, quantification just adds to the noise. In this episode, UJ Desai , Senior Director of Product Management, Partner Programs at Qualys explains how they provide a comprehensive solution for the Risk Operations Center, with comprehensive ways to ingest data from your applications, make sense of the d...
Jun 30, 2025•16 min
Security teams today are expected to manage two fronts—building and maintaining proactive defenses, and staying ready to respond at any moment to threats that slip through. But unless someone actively watches those alerts 24/7, your detection tools are expensive noise generators. In this episode, Rob Allen , chief product officer at ThreatLocker , lays out why their Cyber Hero® MDR offering is built not as a standalone security strategy, but as a complement to a deny-by-default, proactively hard...
Jun 02, 2025•18 min
Large language models are most useful to your business when they have access to your data. But these models also overshare by default, providing need-to-know information without sophisticated access controls. But organizations that try to limit the data accessed by an LLM risk undersharing within their organization, not giving the information users need to do their jobs more efficiently. In this episode, Sounil Yu, CTO at Knostic, explains how they address internal knowledge segmentation, offer ...
May 28, 2025•17 min
Unauthorized site access remains a significant security concern for organizations. But why does this issue persist, and how can it be effectively addressed? In this episode, Rob Allen , chief product officer at ThreatLocker , discusses the core functionality of ThreatLocker's Web Control solution: blocking access to unauthorized sites without meddling with DNS servers—a common pitfall among other tools. Rob explains that the simplicity of defining where employees can and cannot access is pivotal...
May 19, 2025•15 min
Linux is the backbone of critical infrastructure, yet it often flies under the radar when it comes to endpoint monitoring. From legacy servers to embedded systems, Linux devices are frequently unprotected, either due to operational risk, overlooked assets, or the false assumption that Linux is “secure by default.” In this episode, Craig Rowland , founder and CEO of Sandfly Security , introduces an agentless approach to EDR purpose-built for Linux systems. By operating over SSH and running rapid,...
May 12, 2025•18 min
For years, patch management has been treated as a solved problem—until reality strikes. Outdated applications, portable executables, patch conflicts, and shadow software leave organizations unknowingly exposed. The tools may exist, but the process often breaks down. In this episode, Rob Allen , chief product officer at ThreatLocker , discusses why their new patch management solution goes beyond legacy approaches. With built-in patch packaging, pre-deployment testing, and granular control, the pl...
May 07, 2025•17 min
Automated attacks are growing in speed and sophistication, far outpacing the human defenses most organizations rely on. Whether it’s credential stuffing, scraping, or denial-of-wallet attacks, bots can drain your resources before they even steal a cent. In this episode, Sam Crowther , founder of Kasada , discusses how their bot detection and mitigation solution flips the economics of attacks. By disrupting automated behavior at wire speed—without impacting user experience—Kasada ensures you’re d...
May 05, 2025•16 min
Managing privileged access across a sprawling IT environment remains one of cybersecurity’s toughest balancing acts. Admin privileges are often granted too broadly and retained for too long, opening dangerous pathways for lateral movement and ransomware. In this episode, Rob Allen , chief product officer at ThreatLocker , introduces their Elevation Control tool — a solution designed to help security teams remove unnecessary privileges, apply just-in-time elevation for specific apps, and restrict...
Apr 30, 2025•18 min
Security operations centers (SOCs) are drowning in alerts, forcing analysts to waste time chasing down false positives while real threats slip through. The problem isn’t just efficiency—it’s burnout, missed signals, and limits on what security teams can reasonably triage. In this episode, Edward Wu , CEO and founder of Dropzone AI , explains how their AI-powered SOC analyst automates triage and investigation for security alerts. The result is more efficient operations, faster detection of real t...
Apr 28, 2025•15 min
Securing endpoints is a persistent challenge, especially in a hybrid working environment. The human factor is an unavoidable element with endpoint security, which means you have to be ready for a lot of unexpected behavior. Centrally managed policies for endpoints can only enhance security if they don’t compromise the flexibility the business needs. In this episode, Rob Allen , chief product officer at ThreatLocker , discusses how their Network Control solution offers a endpoint-based firewall t...
Apr 23, 2025•16 min
Customer security reviews often miss their mark, leaving organizations scrambling to compensate with extensive questionnaires that divert attention away from genuine risk management. The inconsistency of these processes and the lack of clear authority or visibility contribute to prolonged timelines and increased frustration. So, how can companies maintain trust without drowning in the complex processes that come with these reviews? In this episode, Chris Gomes , head of product at Conveyor, disc...
Apr 21, 2025•19 min
We hear all the time that identity is the new perimeter. If we place that much importance on identity, then compromised credentials can give away the keys to the kingdom. In an environment where hybrid infrastructures introduce visibility challenges, the need for advanced monitoring techniques for identities becomes clear. In this episode, Paul Nguyen , co-founder and co-CEO at Permiso Security , discusses how Permiso enables organizations to fortify their defenses against insider threats and ma...
Apr 16, 2025•16 min
Managing application control amid increasing ransomware threats while not impeding business flow remains a challenge. Organizations need a layered defense to bolster their security posture without overinvesting in overlapping tooling. In this episode, Rob Allen , chief product officer at Th r eatLocker , discusses how their deny-by-default approach to application control helps simplify this persistent challenge. Rob is joined by our panelists, Janet Heins , CISO at ChenMed , and Shaun Marion , v...
Apr 14, 2025•16 min
The tendency to focus on merely checking boxes to achieve compliance can lead to superficial solutions that may not effectively reduce operational risk. A strategic pivot towards ensuring compliance through holistic security measures is key; long-term, it demands less effort and provides more substantial protection. In this episode, Craig Unger , founder and CEO of HyperProof , discusses the company‘s efforts to help companies achieve compliance and manage third-party risks. Craig is joined by o...
Apr 09, 2025•16 min
SaaS visibility remains a mixed bag. Within company sanctioned tools we have visibility. But when it comes to visibility across tools, we struggle. And don't forget all of the SaaS apps your employees use that you don't know about. How do you start to address that SaaS visibility gap? In this episode, Russell Spitler , co-founder and CEO of Nudge Security , discusses how using email as the foundation for SaaS visibility makes the whole situation much easier to manage. Russell is joined by our pa...
Apr 07, 2025•16 min
Open source is a bedrock of modern enterprise software. But support for various components is all over the place. The ecosystem doesn't have the right incentives in place, leading to end-of-life security issues many organizations aren't ready to address. When community support for open-source components dries up over time, what is your recourse? In this episode, Aaron Frost , founder and CEO, HeroDevs , discusses how HeroDevs is addressing this problem by providing secure, drop-in replacements t...
Apr 02, 2025•15 min
The velocity of innovation necessitates an agile approach to infrastructure management, which often leads to complexity and, consequently, vulnerabilities. Organizations are in a relentless race to identify and prioritize security gaps, but how can we effectively manage and mitigate these risks? In this episode, Jay Mar-Tang , field CISO at Pentera , discusses how Pentara blends the efficiency of automation with insightful human judgment to addresses the gaps in traditional security processes wh...
Mar 13, 2025•17 min
The sheer volume of security alerts and data being generated by various sources like firewalls, servers, and endpoint devices is daunting. The challenge lies in sifting through this vast amount of information to identify genuine threats without throwing manual effort at it. Traditional security logs merely tell us what happened but do not provide insights on what's happening now. The demand is for more actionable intelligence that focuses on different, more relevant data types rather than just m...
Mar 11, 2025•17 min
Understanding and mitigating insider risk has taken a front seat in organizational security strategies. What once was a niche concern, we’re seeing significant escalation in insider threats, particularly from nation-state actors, with insiders becoming victims of coercion or identity theft. In this episode, Mohan Koo, president & co-founder, DTEX Systems , explains why understanding human behavior, continuous data tracking, and proactive collaborations are key components in staying ahead of ...
Mar 04, 2025•15 min
The fragmentation and vast amount of data generated from enterprise tools create a convoluted landscape for cybersecurity professionals to navigate. This complexity is exacerbated in large companies with dynamic environments, where innovation and growth must be balanced with the ever-present need for security. In this episode, Piyush Sharrma , CEO and co-founder at Tuskira discusses what the company is doing to unify security tools and validate defenses in this sea of data. Piyush is joined by o...
Feb 27, 2025•21 min
What if you could get a no-nonsense look at security solutions in just 15 minutes? Security You Should Know , the latest podcast from the CISO Series, does just that. Hosted by Rich Stroffolino, each episode brings together one security vendor and two security leaders to break down a real-world problem and the solution trying to fix it. Expect straight answers on: How to explain the issue to your CEO What the solution actually does (and doesn’t do) How the pricing model works Then, our security ...
Feb 26, 2025•1 min
