Adrian Sanabria
Enterprise Security Weekly (Audio)
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.
Author
Adrian Sanabria
Category
Podcast website
Latest episode
Jul 6, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Mastering agent permissions and Identiverse interviews - Howard Ting, Ajay Gupta, Sandy Bird, Amir Ofek - ESW #466 06.07.2026 1:17:39
Interview with Sandy Bird, co-founder of Sonrai Security In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like C...
Fixing pentesting, Meta is destroying its engineering org, the weekly news - Adriel Desautels - ESW #465 29.06.2026 1:40:54
Interview with Adriel Desautels - the pentest is broken Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it. Segment Resources: https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity https://www.scworld.com/perspective/how-to-build-a-breach-ready-security-posture-without-the...
Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464 22.06.2026 1:37:53
Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and a...
Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463 15.06.2026 1:31:17
Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://s...
The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462 08.06.2026 1:37:51
Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is ef...
Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461 01.06.2026 1:37:35
Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this appr...
Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460 25.05.2026 1:44:54
Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the...
AI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459 18.05.2026 1:36:29
Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Seg...
The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Chris Wallis, Deepen Desai, Erich Kron - ESW #458 11.05.2026 1:39:53
The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, an...
Post Quantum Migration Struggles, AI Threats, and Modern Defenses - HD Moore, Ramin Farassat, Eyal Benishti, Daniel dos Santos, Bobby Ford - ESW #457 04.05.2026 1:32:39
Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn't the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion hig...
Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Karen Heart, Sachin Jade, Phil Calvin, Craig Sanderson, Travis Wong - ESW #456 27.04.2026 1:35:44
Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operat...
Making AI actually work in the enterprise and more RSAC Conference 2026 interviews - Camellia Chan, Aamir Lakhani, Jim Spignardo, Jody Brazil, Ely Abramovitch - ESW #455 20.04.2026 1:40:09
Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss...
We catch up on the news, including AI vuln hunting; also more RSAC interviews! - John Wilson, Mark Lambert, Georges Bossert, Samuel Hassine - ESW #454 13.04.2026 1:37:15
Segment 1: We cover the weekly enterprise news! Segment 2: RSAC interviews from ArmorCode and Filigran ArmorCode: AI Exposure Management and Governing Shadow AI AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer workflows, agents and MCP servers, security leaders must enable innovation without losing control over risk, accountability...
Battling payment fraud with tokenization and executive interviews from RSAC 2026 - Jimmy White, Thyaga Vasudevan, Brian Oh, Mickey Bresman, Ashish Jain - ESW #453 06.04.2026 1:45:34
Interview with Brian Oh from FIS Global Merchant-Specific Tokenization: Making Embedded Finance More Fraud-Resistant Payment fraud has not gone away. It has evolved into a largely social engineering-driven problem that increasingly lands on security leaders' desks. In this episode, Brian Oh from FIS Global explains how merchant-specific tokenization and virtual cards work, why embedded finance rai...
Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM - Alexandre Sieira, Lenny Zeltser, Helen Patton - ESW #452 30.03.2026 1:50:02
Interview with Helen Patton about her new book, Switching to Cyber Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career. Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a...
Can AI help critical infrastructure, the state of the cyber market, and weekly news - Mike Privette, Kara Sprague - ESW #451 23.03.2026 1:42:52
Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette...
AI Governance, new book (Code War) from Allie Mellen, and the weekly news! - Jeremy Snyder, Allie Mellen - ESW #450 16.03.2026 1:51:31
Interview with Jeremy Snyder from FireTail about AI Governance Death by a thousand cuts: the AI shadow IT problem I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once . Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the...
Breaking in with CrashFix, supply chain security, and CMMC phase 1 - David Zendzian, Anna Pham, Jacob Horne - ESW #449 09.03.2026 1:34:33
Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the thr...
OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448 02.03.2026 1:54:09
Interview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industrie...
Bringing intelligence to assets, new White House cybersecurity strategy, and the news - Tim Morris - ESW #447 23.02.2026 1:42:55
Segment 1 - Interview with Tim Morris Bringing intelligence to assets You've been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different a...
Hardware-level zero trust, don't trust AI with your employees, and the news - J Wolfgang Goerlich, Matias Katz - ESW #446 16.02.2026 1:47:12
Segment 1: Interview with Mathias Katz What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised? Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him. Segment 2: Interview with Wolfgang Goerl...
Clickfixed, Zero Trust World, and OpenClaw is out of control - but that's the point - Rob Allen - ESW #445 09.02.2026 1:41:05
Interview Segment - Rob Allen - Clickfix "Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it! This s...
Initial entry to resilience: understanding modern attack flows and this week's news - Warwick Webb - ESW #444 02.02.2026 1:37:58
Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly,...
The future of data control, why detection fails, and the weekly news - Thyaga Vasudevan - ESW #443 26.01.2026 1:35:59
Segment 1: Interview with Thyaga Vasudevan Hybrid by Design: Zero Trust, AI, and the Future of Data Control AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive i...
Making vulnerability management and incident response actually work. Also, the News! - Ryan Fried, Beck Norris, José Toledo - ESW #442 19.01.2026 1:43:26
Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security dis...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.