The Security Strategist

EM360Tech

With cyber attacks more common than ever before and each attack becoming increasingly sophisticated, security teams need to be one step ahead of cybercrime at all times. “The Security Strategist” podcast delves into the depths of the cybercriminal underworld, revealing practical strategies to keep you one step ahead. We dissect the latest trends and threats in cybersecurity, providing insights and expect-backed solutions to protect your organisation effectively. Tune into this cybersecurity podcast as we dissect major threats, explore emerging trends, and share proven prevention strategies to fortify your defences.

  1. Will AI Kill Policy-Based Data Security?

    4d ago

    Will AI Kill Policy-Based Data Security?

    Podcast: The Security Strategist Guest: Nitay Milner, Co-Founder & CEO at ORION Security Host: Richard Stiennon, Chief Research Analyst at IT Harvest, Author, and Advisor to Vendors, VCs, and Private Equity Firms Cybersecurity is evolving every second, and Data Loss Prevention (DLP) has become a key focus for enterprises seeking to protect sensitive data. However, traditional DLP systems often struggle to keep pace with the scale of data in motion. In this episode of The Security Strategist Podcast, host Richard Stiennon, Chief Research Analyst at IT Harvest, Author, and Advisor to Vendors, VCs, and Private Equity Firms, sits down with Nitay Milner, Co-Founder & CEO at ORION Security. They discuss how DLP has changed and the new dynamics of AI for data security and data security for AI. They explore the challenges faced by traditional DLP systems, the need for deep contextual insights in data protection, and the implications of AI as both an enabler and a risk. The conversation highlights the shift from static, policy-based approaches to dynamic, AI-driven solutions, emphasising the importance of real-time monitoring and accurate, enforceable data exfiltration prevention. What are the Limitations of Traditional DLPTraditional DLP systems have existed for decades, but they mainly aim to protect stored data. These systems rely on fixed policies and rules that usually lack the context needed for smart security decisions. According to Milner, these systems cannot effectively manage data in motion, which is where data leakage typically occurs. Traditional DLP notoriously generates high numbers of false positive alerts. Milner cites an alarming statistic stating that some enterprises employ as many as 60 DLP analysts just to triage these alerts, creating a bottleneck in security processes resulting in critical alerts slipping through the cracks due to unmanageable signal-to-noise ratios. What are the Key Challenges in Real-World ApplicationsMilner shares his experiences at Cisco, where he worked with large enterprises like T-Mobile and Chevron. Even after putting traditional DLP measures in place, these enterprises continually struggled to protect their data effectively. Their challenges included the lack of real-time monitoring and an excessive focus on compliance instead of true data protection. AI and agentic approaches to cybersecurity are helping enterprise data security teams today win the fight against data loss. Agentic DLP can analyse data in context, understanding both the data itself and the circumstances of its movement. Milner notes that AI can interpret the source, destination, and nature of the data being handled. This allows AI systems to distinguish between legitimate business activities and potential data leaks. For example, if a financial analyst accesses sensitive information to complete a report, AI can identify this as a valid action rather than flagging it as suspicious. How is AI Impacting DLPA major benefit of adding AI to DLP systems is the decrease in false positives. Traditional methods often depend on deviations from set baselines, resulting in thousands of alerts lacking context. AI, particularly through Large Language Models (LLMs), can offer a better understanding, leading to smarter alerts and more efficient security responses. As enterprises increasingly adopt AI technologies, it becomes essential to have strong DLP systems that can incorporate AI innovations. Security professionals need to focus not only on protecting data but also on enabling the safe use of AI within enterprises. However, Milner spotlights the need to set guardrails around AI applications. As employees use AI tools for a variety of tasks, they can unintentionally expose sensitive information. By creating clear guidelines and monitoring systems, enterprises can keep data secure while still benefiting from AI. Introducing AI into business processes brings new challenges, especially regarding data exploitation. Milner cautions that as AI systems become more common, the risk of sensitive data being shared with untrusted third-party applications rises. Enterprises must be careful about what data is shared and with whom to effectively reduce these risks. Leveraging AI is not a question anymore; it’s how you do it that matters. Enterprises can create smarter, more efficient DLP systems that reduce noise, improve real-time data protection, and allow businesses to use AI safely. As we move into this new era of cybersecurity, the partnership between AI and DLP will be vital in protecting sensitive data. Key TakeawaysLegacy DLP tools generate an overwhelming number of false positives.AI can provide real-time contextual understanding.Traditional DLP systems are not equipped for the scale or movement of modern data.The future of data security relies on AI-native and agentic solutions.Guardrails are essential for safe AI usage in enterprises.Real-time monitoring is crucial for effective data protection.Policies should be limited and focused on specific use cases.AI can recognise risky data patterns that traditional methods cannot.Data security must adapt to the rapid evolution and adoption of AI tools and agents.Education on new risks is vital for enterprises. Chapters00:00 The Evolution of Data Loss Prevention (DLP) 02:54 AI's Role in Redefining Data Security 06:12 Challenges of Traditional DLP Systems 09:02 The Need for Contextual Understanding in DLP 12:07 Guardrails for AI in Data Security 15:04 Transitioning from Policies to AI-Driven Solutions 17:54 Real-World Examples of Data Protection 20:49 The Future of DLP and Data Security For more enterprise AI in cybersecurity and DLP insights, please follow Orion Security across its official channels: Website: ORION SecurityYouTube: @ORION-dlpLinkedIn: ORION Security For more information on enterprise tech analyst-led insights, please visit em360tech.com EM360Tech YouTube: @enterprisemanagement360EM360Tech LinkedIn: @EM360TechEM360Tech X: @EM360Tech

    23 min
  2. How Agentic AI Is Reshaping Cybersecurity

    Jun 4

    How Agentic AI Is Reshaping Cybersecurity

    Artificial intelligence has moved well beyond the chatbot era. The systems being deployed today don't just respond to questions; they plan, decide, and act. In this episode of the Security Strategist, host Trisha Pillay sits down with Kevin Curran, Professor of Cybersecurity at Ulster University and IEEE senior member, to unpack what this shift means for organisations, security teams, and the people responsible for keeping data safe. From prompt injection to privacy by design, this conversation covers the full spectrum of what agentic AI brings to the cybersecurity table and what it demands of us in return. From Chatbots to Autonomous AgentsFor years, AI in the enterprise context meant tools that waited for instructions. You asked, it answered. The dynamic was predictable, and security teams could build controls around it. Fast forward today, that world is rapidly becoming a memory. Agentic AI represents a step-change. These systems don't sit idle waiting for a prompt; they pursue goals, interact with APIs, browse the web, execute code, and coordinate with other AI agents, often with minimal human involvement. As Curran explains, this autonomy is both the point and the problem. "Our surface area has dramatically expanded," he notes, capturing in a single phrase what security architects are grappling with across industries. The implications are immediate. Traditional security frameworks were designed around human actors, meaning slow-moving, auditable, and accountable. Agentic systems operate at machine speed, across multiple endpoints simultaneously, and can chain together dozens of actions before a human reviewer even knows a task has begun. The perimeter, as security professionals understood it, has effectively dissolved. For organisations still thinking about AI security in terms of data privacy policies and acceptable use clauses, this is a wake-up call. The threat model has changed. The question is no longer just what data an AI can access, but what actions it can take and on whose behalf. The Vulnerabilities Nobody Warned You AboutAs the capabilities of agentic AI grow, so does the attack surface. Curran highlights prompt injection as one of the most pressing and underappreciated threats in this new landscape. Unlike traditional software vulnerabilities that exploit code, prompt injection attacks exploit the AI's core function: its ability to read and follow instructions. The attack is deceptively simple. A malicious actor embeds hidden instructions in content that the AI will encounter, a webpage it browses, a document it processes, or an email it reads. The agent is unable to distinguish between legitimate directives and injected commands, following the hidden instruction. It might exfiltrate data, take an unauthorised action, or silently alter its behaviour. The user never knows. This vulnerability is particularly dangerous in agentic contexts precisely because these systems have broader permissions and longer action chains. An AI agent with access to calendars, emails, file systems, and external APIs is a high-value target. A successfully injected prompt doesn't just compromise a single response but it can compromise an entire workflow. The accountability question compounds the problem. As Curran puts it: "Who's responsible when AI acts autonomously?" When an AI agent makes a decision that causes harm, whether through a security breach, a compliance violation, or an erroneous action. The lines of responsibility blur in ways that existing legal and organisational frameworks aren't equipped to handle. Boards, legal teams, and CISOs need to be asking this question now, before an incident forces the issue. The principle of least privilege emerges here as a critical mitigation. Curran is clear that AI agents should operate with the minimum access necessary for any given task, not a blanket set of enterprise-wide permissions. Limiting scope limits damage. If a compromised agent can only touch what it needs for a specific transaction, the blast radius of any attack is contained. Secure by DesignThe answer to agentic AI's security challenges isn't to slow down adoption, it's to build differently. Curran is a strong advocate for the secure by design philosophy, which holds that security must be an architectural decision made at the beginning of a system's life, not a layer of controls bolted on after deployment. This principle has been discussed in cybersecurity circles for years, but agentic AI gives it new urgency. When you're deploying systems that make autonomous decisions, the cost of a security oversight isn't a patching cycle, it can be an incident. Designing for security from day one means conducting AI-specific threat modelling before a system goes live, mapping out what an agent can access, what actions it can take, and where the failure points lie. Privacy by design sits alongside this as an equally vital framework. Curran points to ephemeral transaction models as a promising approach, structures in which AI agents handle sensitive data only for the duration of a specific task, with no persistent storage of information that isn't necessary. "Privacy by design minimises data collection," he explains, and in a world where autonomous systems are constantly processing personal and organisational data, minimisation isn't just good practice. It's good governance. Tools and platforms are beginning to emerge that support this approach. Signing room technologies, for instance, offer ways to conduct sensitive transactions with built-in auditability and access controls, worth exploring for organisations managing AI-assisted workflows involving contracts or identity verification. Security scanning platforms designed for AI-era codebases are also maturing, giving development teams the ability to identify vulnerabilities before they reach production. Organisations that treat security and privacy as foundational to AI deployment, rather than compliance requirements, will be better positioned as these systems become more capable and increasingly embedded in critical operations. TakeawaysAgentic AI and autonomous decision-makingSecurity vulnerabilities in AI systemsSecure by design principles for AI deploymentInvest in AI-specific threat modelingImplement security by design principles from the startAdopt ephemeral transaction frameworks for privacy Chapters00:00 Introduction to Agentic AI and Cybersecurity 04:07 Understanding Agentic AI and Its Implications 09:50 The Shift from Assistive Tools to Autonomous Agents 15:46 Emerging Threats in AI Security 22:02 Secure by Design: Building Security into AI Systems 27:51 Privacy by Design in Autonomous Transactions 29:46 Conclusion and Future Outlook on AI Security

    29 min
  3. The New Cyber Battlefield: AI vs AI and the Rise of Autonomous Security Systems

    Jun 3

    The New Cyber Battlefield: AI vs AI and the Rise of Autonomous Security Systems

    The moment an organisation's board starts asking how to prepare for autonomous AI attacks, the conversation has already shifted. What used to be a theoretical briefing topic is now a line item in risk registers and a direct question landing on CISOs' desks from the C-suite. Shachar Hirshberg and Dan Shiebler, co-founders of Artemis Security, an AI-Native Protection Platform for security operations, in production at Mercury, Lemonade, Wix, Upwork, and some of the largest enterprises in the world, have that conversation daily. Artemis raised $70M in series A, led by Felicis with First Round Capital and Brightmind Partners doubling down, alongside top VCs including Theory Ventures, Lockstep, Two Sigma Ventures, and prominent cybersecurity industry leaders, including the founders of Abnormal AI and Demisto, the former CEO and CTO of Splunk, and senior executives from CrowdStrike, Palo Alto Networks, Microsoft, and Okta. In a recent episode of the Security Strategist Podcast with host Richard Stiennon, Hirshberg and Shiebler laid out the strategic reality with unusual clarity, not as a product pitch, but as a candid assessment of where the threat environment stands and what it demands from security leadership. The Economics of Attack Have ChangedThe foundation of legacy security architecture rests on an assumption that no longer holds: that launching a sophisticated, targeted attack is expensive. Acquiring intelligence on a specific organisation, crafting adaptive exploits, and manually steering a multi-stage breach required time, skill, and resources. Defenders could lean on that cost. Understand attacker behaviour, get ahead of their patterns, and you impose meaningful friction. Shiebler identifies this as the core structural failure of traditional approaches today. "AI really changes that. It's so much easier for attackers to craft new attacks, to explore different strategies, and make it much cheaper to send out radically different, really sophisticated attacks, which really means that trying to rely on approaches that involve just understanding attackers and trying to stay ahead of that is very, very challenging." The consequence is not simply faster attacks. It's the collapse of the distinction between opportunistic, broad-based threats and sophisticated targeted campaigns. What previously required nation-state resources or advanced persistent threat infrastructure can now be approximated by an attacker with limited technical knowledge and access to capable agentic tooling. The MTTR CalculationHirshberg frames the urgency in operational terms. The industry benchmark for mean time to respond sits at roughly four hours. The top 0.1 per cent of security operations globally measure in minutes. The frontier measures in seconds and adversaries are already in seconds. "We are still talking in hours and need to bridge that gap because we will live in an era where it will have a hundred real zero days every single day in every organisation. If you're measuring your MTTR in hours and you have a hundred real attacks per day, you are fully overwhelmed with traditional tooling." The arithmetic is unambiguous, and no staffing model resolves it. No incremental tooling investment closes it. It requires a categorical shift in how detection, investigation, and response are architected, moving from human-executed to human-guided autonomous response. The Defender’s Unused AdvantageUnderneath the operational urgency Hirshberg and Shiebler describe, sits an architectural premise about how Artemis is built. In an AI era, both sides draw on the same technology. Whatever edge the defender once held in raw capability is gone. What remains, and what the attacker cannot acquire from outside, is knowledge of the defender's own environment. Who works where. What is normal for this user? Which systems matter to the business? Whether a 3 a.m. login is routine or the first in this person's history. That knowledge has always existed. What has never existed is a security platform that could assemble it, keep it continuously current, and detect against it at machine speed. Artemis is built around that advantage. The company calls it Environment Intelligence, and the practical effect for the security team is a qualitatively different output. Where most platforms produce alerts that an analyst then has to investigate, Artemis produces decision-grade cases: findings that arrive ready to act on. The Strategic Cybersecurity Imperative Hirshberg and Shiebler are blunt on timing, and it is the part that leaders miss. Deploying the technology is the fast part: Artemis connects in under an hour and produces real cases within 48 hours. The slow part is organisational: governance, and process maturity for a human-supervised AI to act at machine speed. That work compounds in months, not weeks. Organisations starting now will be operating in the new model when the threat tilts. For more information on this, visit https://artemissecurity.com/ or connect with the guests: Shachar Hirshberg | LinkedIn | Co-Founder and CEO Artemis Dan Shiebler | | Linkedln | Co-Founder and CTO Artemis Takeaways AI transforming cyber operationsAI-driven attacks and defenseLimitations of traditional security architecturesHow Artemis Is Shaping Autonomous Cyber Defence Chapters 00:00 — The Evolving Cybersecurity Landscape 03:40 — AI in Cyber Operations 09:19 — Challenges of Traditional Security Architectures 14:03 — The Future of Cyber Defence 20:05 — Adapting to New Threats 25:29 — Strategic Planning for CISOs

    28 min
  4. Thinking Like an Attacker: How to Strengthen Modern Cyber Defence Strategies

    May 28

    Thinking Like an Attacker: How to Strengthen Modern Cyber Defence Strategies

    Most organisations believe they have a solid grip on their security posture. They invest in tools, run penetration tests, and build out security teams. Yet when a breach happens, the entry point is often an asset no one was monitoring, something unknown, unmanaged, and fully exposed. That gap between perceived security and actual exposure is the core challenge Rob Gurzeev has spent his career trying to solve. In this episode of Security Strategist, host Richard Stiennon speaks with Rob Gurzeev, CEO of CyCognito, to unpack the realities of external attack surface management and why many organisations continue to fall behind despite years of investment. The Attack Surface Has Outgrown The scale of the problem is difficult to overstate. Where an enterprise once managed a handful of websites and internal systems, it now contends with hundreds of thousands of applications, cloud assets, APIs, and connected devices, many of which were provisioned quickly, handed off between teams, or simply forgotten. Gurzeev points out that in large enterprises, the number of externally exposed assets can reach into the tens of millions. Up to 50 per cent of those assets are often entirely unknown to the security team. They are not in any inventory. Nobody is patching or monitoring them. From an attacker's perspective, they are the most attractive place to start. This is the nature of the modern external attack surface, not a defined perimeter, but a constantly shifting sprawl of exposure that grows faster than most teams can track it. Why Traditional Security Approaches Fall ShortThe instinct for many organisations is to run more penetration tests. It is a reasonable response, but it addresses only a fraction of the actual risk. Manual pen testing, by its nature, is scoped and time-limited. Gurzeev is direct on this point: in environments with hundreds of thousands of assets, traditional testing leaves the vast majority of the attack surface unexamined. The result is a false sense of security; teams believe they have assessed their exposure when, in practice, they have assessed a small and carefully selected slice of it. The big issue is visibility. Security investments have historically been built around known assets, things that are already in the inventory, already behind a firewall, already being monitored. The unknown assets fall outside that perimeter entirely, and it is precisely those assets that attackers seek out. The Shift AI Has Made PossibleThis is where the conversation turns. AI has fundamentally changed what is achievable in attack surface management, and Gurzeev is clear about the practical impact: real-time threat detection, at scale, across the entire external surface, not just the assets that are already known. Continuous automated testing now makes it possible to assess every exposed asset, not a curated sample of them. Vulnerabilities that would previously have gone undetected for months can now be surfaced within hours. The economics have shifted as well. The prohibitive cost of testing at scale, which once made comprehensive coverage impractical, has been dramatically reduced. For CISOs and CIOs operating under resource constraints, that matters. The question is no longer if comprehensive coverage is possible. It is whether the organisation has decided to pursue it. What Security Leaders Should Take AwayVisibility is not something organisations can assume; it has to be actively built and continuously maintained. In large enterprises, unknown assets often make up the bulk of real exposure, rather than being a marginal risk. AI-driven tools are now making it possible to assess this landscape continuously and at scale. In this context, mean time to remediation becomes the defining metric separating organisations that actively manage risk from those that only measure it. Thinking like an attacker means asking a simple question: which of our assets does nobody know about? The answer to that question is where the real work begins. For more on external attack surface management and enterprise cybersecurity, visit cycognito.com. Connect with the guest: Rob Gurzeev: LinkedIn | Co-Founder & CEO, CyCognito TakeawaysExternal attack surface complexityImpact of AI on cybersecurityStrategies for attack surface visibilityContinuous monitoring is essential, not one-off assessmentsProactive exposure management reduces breach risk Chapters00:00 – Introduction to External Attack Surface Challenges 01:02 – Rob Gurzeev's Background and Focus on Attack Surface Management 02:42 – From Intelligence to Cybersecurity: Rob's Journey 04:51 – Why Organisations Lack Clear External Attack Surface Visibility 07:43 – The Growing Complexity of IT Environments 11:27 – Vulnerability Management vs Attack Surface Management 13:20 – Challenges in External Attack Surface Discovery 17:05 – The Role of AI in Cybersecurity and Attack Surface Management 20:16 – Key Takeaways for CISOs and CIOs

    21 min
  5. Are Your AI Agents a Hidden Attack Surface? Rethinking Identity and Access in the Agent Era

    May 26

    Are Your AI Agents a Hidden Attack Surface? Rethinking Identity and Access in the Agent Era

    Podcast: The Security Strategist Guest: Jasson Casey, CEO & Co-Founder, Beyond Identity Analyst: Richard Stiennon, Chief Research Analyst at IT-Harvest In an enterprise technology market that’s saturated with AI copilots and coding agents, most enterprise security strategies are already outdated. On the recent episode of The Security Strategist podcast, analyst Richard Stiennon, Co-Founder and Chief Research Analyst at IT-Harvests, presses Jasson Casey, CEO & Co-Founder, Ceros by Beyond Identity, on a question few vendors are answering clearly. “How do you actually control autonomous agents once they’re inside your environment?” posed Stiennon. Casey’s answer is architectural, focusing on Ceros – a new control plane from Beyond Identity built specifically for agentic workflows. What is Ceros built for? The problem Ceros addresses is practically faced by enterprises. For instance, enterprises deploying tools like Claude, Codex, or Copilot for coding and workflow automation are effectively granting agents the same privileges as human operators, but without equivalent oversight. These agents write code, call APIs, and interact with sensitive systems, often across long-lived sessions where risk can evolve in real time. Casey points out that most enterprises fall into one of two active camps: those moving fast and accepting the risk, and those slowed by governance concerns. What both groups lack is visibility. Not logs after the fact, but live, session-level awareness of what agents are doing, what tools they’re invoking, and how their behaviour changes over time. Ceros is designed to sit directly in that gap. Rather than acting as a perimeter control or identity gateway, it operates in tandem with agent sessions, exposing granular telemetry on tool calls, device posture, and execution context. The emphasis is not on blocking upfront, but on establishing a real-time inventory of agent activity—a prerequisite for any meaningful governance model. Moving Beyond Passwordless to Agent-Bound TrustBeyond Identity built its reputation on eliminating passwords, but Casey makes it clear that passwordless authentication was only the first step. The deeper issue is the portability of credentials themselves. Whether it’s a password, API key, or session token, anything that can be copied can be abused—and in agentic systems, that risk multiplies. Ceros extends the company’s device-bound identity model into AI workflows. Instead of relying on bearer tokens, which Casey likens to “Willy Wonka golden tickets,” Ceros enforces cryptographic, device-bound sessions where every API request is uniquely signed. This approach draws on emerging standards like DPoP but applies them in a way that doesn’t require upstream API providers to change their architecture. The result is a subtle but important shift. Security is no longer tied to possession of a token, but to the integrity of the device and session generating each request. For agents, this means their actions are continuously attributable, and any attempt to export or replay credentials simply fails. In practical terms, it collapses the blast radius of an incident to a single device and makes lateral movement significantly harder. Why Casey Says the Time to Deploy Is “Immediately”Perhaps the most striking moment in the discussion comes when Stiennon asks when organisations should introduce controls like Ceros into their agent pipelines. Casey’s answer is blunt: immediately. Not after pilots, not post-deployment hardening, but at the same time, agents are introduced. That urgency reflects a broader shift in how enterprise risk is accumulating. AI agents are active participants in systems, capable of chaining actions, interacting with multiple tools, and amplifying both productivity and exposure. Retrofitting security after these patterns are established is, in Casey’s view, a losing strategy. Ceros has been intentionally designed to avoid the friction that typically delays security adoption. Developers running AI-based workflows see no change in their experience, while security teams gain visibility and policy controls through the same interface. The initial deployment phase focuses on observation rather than enforcement, allowing enterprises to understand their agent footprint before introducing restrictions. Ultimately, identity security must evolve from authenticating users to governing actions—human or otherwise—in real time. With Ceros, Beyond Identity believes that the future of enterprise security will be defined not by who logs in, but by what autonomous systems are allowed to do once they’re already inside. Teams can get their AI governance started on ceros.sh. Key TakeawaysAI agents are introducing major identity and visibility gaps across enterprise systems.Traditional “authenticate then trust” models fail in dynamic, long-running agent sessions.AI agents have no real identity. Ceros binds every agent action cryptographically to hardware, making credential theft pointless and every action attributable to a specific user and device.Ceros gives security teams identity, visibility, and control over AI agents — enforcing policies at the proxy layer before agents can act, not after. Get started at ceros.sh. Chapters00:00 Emerging Security Gaps in AI Coding Agents03:03 The Role of Governance in AI Deployment05:58 Beyond Identity: The Passwordless Revolution09:00 Device-Bound Credentials and API Security11:59 Integrating Security Solutions for AI Agents To learn more about Ceros and how agentic workflows in cybersecurity enterprises are changing, follow: Beyond Identity LinkedIn: @Beyond Identity Beyond Identity X: @beyondidentity Beyond Identity YouTube: @BeyondIdentity EM360Tech YouTube: @enterprisemanagement360 EM360Tech LinkedIn: @EM360Tech EM360Tech X: @EM360Tech Follow: @EM360Tech on YouTube, LinkedIn and X Stay connected for more expert insights, podcast episodes, and enterprise data strategy discussions.

    17 min
  6. The Cybersecurity Blind Spot Leaders Are Missing, and Why It’s About to Get Worse

    May 13

    The Cybersecurity Blind Spot Leaders Are Missing, and Why It’s About to Get Worse

    Podcast: The Security Strategist Guest: Garrett Hamilton, CEO, Reach Security, and Jay Wilson, CIO & CISO, Insurity Host: Shubhangi Dua, Podcast Producer and B2B Tech Journalist, EM360Tech There’s a growing disconnect at the core of enterprise cybersecurity, and most enterprise leadership teams don’t recognise it yet. With budgets increasing, tools improving more than ever, and AI quickly being integrated into both offensive and defensive strategies. On paper, this should be a golden era for cyber resilience. However, many enterprises feel more exposed, not less. The issue isn’t a lack of innovation, rather it’s something harder to see—and far more dangerous. In this episode of The Security Strategist podcast, host Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech, sits down with Garrett Hamilton, CEO of Reach Security, and Reach customer, Jay Wilson, CIO & CISO at Insurity. They unpack why enterprises are still getting breached despite record security spend—and how configuration drift, AI-driven threats, and operational blind spots are quietly reshaping the future of cyber defence. They address the key issues enterprises are playing with in the industry today – whether what enterprises configured yesterday is still protecting them now. The reality is that it isn't safeguarding them. “The surface area of the problem is just continuing to increase,” says Wilson. “But security teams aren’t growing at the same rate.” This mismatch is creating a new kind of exposure—one that doesn’t show up in dashboards. Also Read: Ten Hidden Cybersecurity Misconfigurations What Cybersecurity Enterprise Strategies are Missing?For years, cybersecurity strategies have focused on accumulation – collecting tools, more telemetry, and more layers of defence. For instance, respondents, on average, were dealing with 35 tools at a time. But as environments grow, they become harder to manage. The issue pertains to control, not to the visibility of risk. “You had one product expert acting as five or six experts in one,” Hamilton explains. “That approach never scaled well.” Today, this issue is worse. Teams inherit complex tools they can’t fully optimise or continuously validate. Over time, small changes—like exceptions, updates, and integrations—start to add up. No single change breaks the system, but together, they alter it. Also Read: Configuration Lifecycle Management (CLM) That Reduces Complexity And Risk Is Drift the Quiet Failure AI is Accelerating?This shift is what insiders are increasingly referring to as configuration drift. It’s becoming one of the most overlooked risks in cybersecurity. It’s not dramatic or invisible, but it’s constant. “If it isn’t broken, don’t touch it—that used to work,” Isurity CISO says. “Not so much anymore.” In a pre-AI world, misconfigurations could linger for months before being exploited. Now, that time frame has shrunk. “The adversary can find it faster than that three-month or six-month window,” Hamilton warns. The new reality is that enterprises are no longer just defending against external threats. They are now racing to keep up with changes within their own environments. AI too is making the problem worse. For example, rapid “vibe coding” can quickly create solutions, but those solutions tend to fail without ongoing maintenance. “It worked for two or three months,” the Reach CEO notes, alluding to customer experience pertinent to vibe coding. “Then I returned to it—and it wasn’t working as expected.” Drift isn’t a bug but a byproduct of speed. Where AI Offers Real ValueFor the past decade, cybersecurity investments have focused heavily on detection and response. However, that model is starting to show its weaknesses. There are too many alerts, too much noise, and too many problems that shouldn’t be there in the first place. “If you don’t emphasise the preventive side, you end up with a lot of unnecessary focus on detection and response,” Hamilton tells Dua. The current shift is subtle but significant, with leaders now asking not just how quickly they can respond, but how many of those incidents could have been completely avoided. This is where configuration integrity comes into play. It’s also where AI may finally offer real value—not as a substitute for analysts, but as a tool to continuously monitor, validate, and adjust security measures in real time. Still, both Hamilton and Wilson are wary of too much automation. “I would not use automated remediation in my production environment,” Wilson states. “What if it broke something?” The future shouldn’t be about fully autonomous security. Instead, it should focus on awareness, controlled automation—and that’s a much more complicated challenge to tackle. There’s a tendency in cybersecurity to chase the next big thing—AI, zero trust, platform consolidation. But this discussion points to a more fundamental issue. The biggest risk might not be what’s new but what’s actually changing quietly. “This is the most exciting time in 16 or 17 years of being in security,” Hamilton expresses. “But it’s also moving faster than we’ve ever seen.” For CISOs and CEOs alike, speed alters the dynamics. Building the right architecture is a part of the goal, but now cybersecurity leaders should ensure the strategies are aligned consistently at scale. This is where most enterprises are falling behind. Key TakeawaysConfiguration drift is the hidden cause of modern cyber riskAI is accelerating both cyberattacks and security failuresSecurity teams can’t keep up with expanding attack surfacesToo many cybersecurity tools are underused or misconfiguredPrevention is making a comeback in cybersecurity strategyAI-driven automation must be controlled, not fully autonomous Chapters00:00 Introduction to Cybersecurity Challenges02:52 The Role of AI in Cybersecurity05:54 Configuration Drift: The Overlooked Risk11:47 The Impact of Configuration Drift on Security17:49 The Need for Visibility in Security Infrastructure23:57 Balancing Detection and Prevention29:49 The Future of AI and Automated Remediation To hear how leaders are tackling configuration drift, AI-driven threats, and the growing control gap, listen to the full conversation with Reach Security on EM360Tech.com. Find Reach Security’s Configuration Drift Report here. For more information, visit reach.security. Reach Security LinkedIn: Reach Security Reach Security X: @ReachSecurity Reach Security YouTube: @ReachSecurity EM360Tech YouTube: @enterprisemanagement360 EM360Tech LinkedIn: a...

    41 min
  7. Your API Security Wasn’t Built for AI Agents

    May 13

    Your API Security Wasn’t Built for AI Agents

    Podcast: The Security Strategist podcast Guest: Eric Schwake, Director of Cybersecurity Strategy, Salt Security Host: Shubhangi Dua, Podcast Producer and B2B Tech Journalist Adopting enterprise AI is often seen as a productivity boost. However, a subtler change is happening behind the scenes, and security leaders are still trying to understand it. Enterprises now not only optimise AI tools but are also bringing autonomous agents into their workplaces. “We would call AI agents an additional workforce that enterprises are deploying,” says Eric Schwake, Director of Cybersecurity Strategy at Salt Security. The description is more literal than it seems. These agents can access systems, interact with data, and perform multi-step tasks with little human input. Unlike employees, they lack intuition and caution. In the recent episode of The Security Strategist podcast, Schwake sat down with Shubhangi Dua, Podcast Producer and B2B Tech Journalist to discuss AI agents, shadow AI, and API security challenges are transforming enterprise cybersecurity. Schwake explains how to secure autonomous AI systems at scale today. Has AI Surpassed Experimentation Across Enterprises?AI is no longer in the experimental stage. Leadership teams across industries are actively promoting its use to boost innovation. Executives like Jensen Huang, Founder, President & CEO of NVIDIA, are highlighting a larger trend where enterprises are measuring, incentivising, and expecting AI adoption. This urgency creates a familiar tension. Speed provides a competitive edge, but it also shortens the time available for governance. “You want them to use this innovation to do their work,” Schwake tells Dua. “But you don't want sensitive data leaking and getting into the wrong hands.” Also Watch: What Happens to API Security When AI Agents Go Autonomous? Key TakeawaysAI agents behave like employees and need the same level of security oversight.Most AI risk sits in the API layer where actions actually happen.Faster AI systems can turn small security gaps into major threats.Unmonitored “shadow AI” tools are quietly exposing sensitive data.Continuous visibility is the foundation of securing any AI ecosystem. Chapters00:00 Introduction to AI and Cybersecurity02:43 Insights from RSA Conference06:30 The Role of AI Agents in Security08:30 Transitioning from Discovery to Governance12:03 Protecting Sensitive Data in AI Systems15:21 Identifying Weak Points in AI Security18:54 The Need for Measured Security Approaches20:38 CISO Strategies for API Security23:22 The Future of AI in Cybersecurity25:14 Visibility as a Key Security Measure For more information, please visit em360tech.com and salt.security. To learn more about Salt Security and AI and API security, follow: Salt Security LinkedIn: Salt Security Salt Security X: @SaltSecurity Salt Security YouTube: @SaltSecurity EM360Tech YouTube: @enterprisemanagement360 EM360Tech LinkedIn: @EM360Tech EM360Tech X: @EM360Tech Enterprise AI, AI Security, Cybersecurity, API Security, Autonomous Agents, Agentic AI, Shadow AI, AI Governance, Enterprise Technology, Digital Transformation, Security Leadership, AI Risk, Data Protection, AI Compliance, Cyber Risk, CISO Strategy, AI Infrastructure, Emerging Technology, Enterprise Security, Salt Security #AISecurity #EnterpriseAI #Cybersecurity #APISecurity #AgenticAI #AutonomousAI #ShadowAI #AIGovernance #EnterpriseSecurity #ArtificialIntelligence #AICompliance #DataSecurity #CyberRisk #TechPodcast #CISO #SecurityLeadership #GenerativeAI #AIInfrastructure #DigitalTransformation #CyberDefense #AIThreats #EnterpriseTech #SaltSecurity #EM360Tech #AIInnovation

    25 min
  8. Why Cybersecurity Policies Fail And How to Fix Them

    May 12

    Why Cybersecurity Policies Fail And How to Fix Them

    Policy is the backbone of every effective cybersecurity framework. It defines how an organisation protects its data, governs access to critical resources, and dictates the rules that every firewall, endpoint, and identity system must enforce. Yet for most organisations, policy management is the one discipline they consistently get wrong. In this episode of The Security Strategist, Chief Research Analyst Richard Stiennon sits down with Jody Brazil, CEO of FireMon, and John Kindervag, Chief Evangelist at Illumio and the father of Zero Trust, to dissect why cybersecurity policies fail, where the rot begins, and what it genuinely takes to build a security posture that holds. Policy as the foundation of security architectureEvery discussion of cybersecurity eventually circles back to one uncomfortable truth, which is that technical controls are only as good as the policies that drive them. Firewalls, intrusion detection systems, and endpoint agents all execute instructions someone wrote down. If those instructions are incorrect, outdated, or in conflict, the tools become liabilities rather than defences. Stiennon opened the conversation by framing this in concrete terms, as most organisations have accumulated years, sometimes decades, of firewall rules written by engineers who have long since left. Nobody knows what the rules do. Nobody wants to remove them in case something breaks. So the attack surface quietly grows, rule by rule, misconfiguration by misconfiguration. Why cybersecurity policies failPolicy rules accumulate over the years, with no regular auditing or ownership.Engineers who wrote original rules leave, taking institutional knowledge with them.Implicit trust zones create blind spots between internal network segments.Manual management of distributed devices introduces critical human error.Organisations lack unified visibility across multi-vendor firewall estates.Compliance-driven policy creation prioritises documentation over real protection. One Misconfiguration Can Cost Millions of DollarsBrazil's journey into policy management began not in a boardroom but at a terminal in the late 1990s, watching a misconfigured firewall bring a major financial institution to its knees. A single incorrectly written rule, one that should have been straightforward, caused a cascading failure that resulted in significant financial losses and reputational damage that took years to repair. The Firemon CEO said: "It was that moment that it hit me. We need a solution to better manage the policies that are enforced on these devices. And that was the genesis of FireMon." Zero Trust Was Born From Bad PolicyKindervag's origin story is equally revealing, and it directly challenges a comfortable myth. Zero Trust is often described as a bold new philosophy, a paradigm shift invented in the halls of Forrester Research around 2010. Kindervag's account is more earthbound as the framework emerged from watching bad policy fail, over and over, in environments that assumed internal network traffic was inherently safe. The Illumio Chief Evangelist shared his thoughts: "It said that you didn't have to have a policy statement or rule when you went from a high-trust zone to a low-trust zone. I thought that was silly — and I started putting out firewall rules on all interfaces. All of these systems should have the same trust level. And it should be zero. That's where Zero Trust comes from. It comes from bad policy." Firewall Advanced ToolingBrazil and Kindervag converge on a shared conclusion that tools exist to solve this problem. The barriers are organisational inertia, institutional fear of breaking existing connectivity, and a lack of executive mandate to treat policy governance as a first-class security discipline. FireMon's platform approaches the problem from the management layer, giving security teams unified visibility across multi-vendor firewall estates, automated rule analysis, change workflow management, and compliance reporting. Illumio's micro-segmentation platform approaches it from the enforcement layer, applying granular policy controls workload-to-workload, whether on-premises or in the cloud, without requiring network reconfiguration. Together, they represent a maturity arc that Stiennon describes as increasingly urgent. As organisations migrate workloads to cloud environments, adopt containerisation, and expand their attack surface through remote work and third-party integrations, the traditional approach to policy management has been reactive, manual, and siloed by device, which is simply incompatible with operational reality. Want to learn more about cybersecurity strategies? Visit firemon.com TakeawaysThe evolution of cybersecurity policy and its impact on security architecture.The origins and importance of policy management in firewalls.Challenges of managing complex policies in large enterprises.The concept of zero trust and its relation to policy flaws.The role of micro-segmentation and graph databases in modern security. Chapters00:00 The Foundation of Cybersecurity Policy 03:21 The Evolution of Network Security 10:10 Challenges of Firewall Policies 14:28 The Complexity of Network Segmentation 19:12 Understanding the Security Graph 23:24 AI and Vulnerability Management 29:45 Conclusion and Key Takeaways

    29 min
See All (229)

About

With cyber attacks more common than ever before and each attack becoming increasingly sophisticated, security teams need to be one step ahead of cybercrime at all times. “The Security Strategist” podcast delves into the depths of the cybercriminal underworld, revealing practical strategies to keep you one step ahead. We dissect the latest trends and threats in cybersecurity, providing insights and expect-backed solutions to protect your organisation effectively. Tune into this cybersecurity podcast as we dissect major threats, explore emerging trends, and share proven prevention strategies to fortify your defences.

Information

  • Creator
    EM360Tech
  • Years Active
    2020 - 2026
  • Episodes
    229
  • Rating
    Clean
  • Copyright
    © Copyright 2026 EM360Tech
  • Show Website
    The Security Strategist