All links and images can be found on CISO Series.

Traditional identity systems authenticate credentials and devices, but they can't verify who's actually behind them. Attackers use AI-generated IDs and deepfake videos to pass background checks, then clone voices to reset MFAs at the help desk. Identity has become the primary attack surface, and existing IAM platforms still trust the human layer far too easily.

In this episode, Fernanda Sottil, Senior Director of Strategy at Incode Technologies, explains how their solution adds a real-world identity layer that integrates seamlessly with existing IAM systems. Joining her are Nick Espinosa, host of the Deep Dive radio show and Bozidar Spirovski, CISO at Blue Dot.

Questions answered on the show:

• How does Incode comply with GDPR when training AI models on employee facial data?
• What happens when legitimate users get blocked, especially job candidates?
• How does Incode maintain accuracy across 4,600 document types in 200 countries?
• Can organizations see error rates and override the system when needed?
• How quickly can Incode patch new attack vectors as adversarial threats evolve?

Huge thanks to our sponsor, Incode Technologies

Incode Workforce helps enterprises stop deepfakes, prevent fraud, and secure every identity moment. By matching an ID to a selfie with AI-powered biometrics, Incode confirms the real person behind each IAM interaction, safeguarding onboarding, access, and recovery with frictionless verification that ensures workforce security and trust at scale.

All links and images can be found on CISO Series.

Modern application security has become a tangled mess of VPNs, proxies, DLP, CASBs, and remote browser tools—all creating friction for users and security teams alike. The root issue? Browsers were built for consumers, not enterprise security, forcing organizations to pile on complexity that undermines both protection and performance.

In this episode, Braden Rogers, chief customer officer at Island, explains how their enterprise browser platform rethinks application delivery by building security services natively into the browsing experience. Joining him are Nick Ryan, former CISO, and Janet Heins, CISO at ChenMed.

Want to know:

• How do you explain this approach to your CEO in plain English?
• What's the real architecture difference between enterprise browsers and traditional VDI?
• How do you deploy a new browser to 20,000 users without change management chaos?
• What happens to your existing security stack when you add an enterprise browser?
• Can users access personal apps while keeping corporate data protected?
• What's the offline experience when cloud services fail?
• How does this handle the surge of AI tools in your organization?
• What's the difference between browser enforcement and a full enterprise browser?
• How do you apply different security controls without overwhelming users?
• What does vendor support actually look like from pilot to production?

Huge thanks to our episode sponsor, Island What if you no longer had to bolt agents, proxies, and gateways onto browsers? Island, the Enterprise Browser, embeds core security, IT, and productivity into the workspace. Intelligent boundaries keep data where it belongs. Orgs have full visibility into all work. And users enjoy a fast, smooth, and productive experience. Learn more at Island.io

Watch our demo with Imprivata on our site.

In this episode, Chip Hughes, chief product officer at Imprivata, explains how the company addresses shared access management challenges with specialized solutions that prioritize both security and user experience. Joining him are Kathleen Mullin, former CISO at MyCareGorithm, and Howard Holton, CEO at GigaOm.

Want to know:

• Why does shared access management remain such a persistent challenge across industries?
• What does Imprivata's solution actually do versus traditional IAM tools?
• How does passwordless authentication work in high-security, high-speed environments?
• What authentication modalities beyond badges are organizations adopting?
• How can organizations integrate access management across devices, operating systems, and applications?
• What are the unique access challenges in healthcare, law enforcement, and manufacturing?
• Can shared mobile devices provide enterprise-grade security while reducing hardware costs?

Huge thanks to our sponsor, Imprivata

Imprivata delivers solutions that provide simple and secure access management for healthcare and other mission-critical industries to ensure every second of crucial work is both frictionless and secure. Imprivata solves complex security, workflow, and compliance challenges with solutions that facilitate seamless user access, protect against internal and external security threats, and reduce total cost of ownership. Learn more at https://www.imprivata.com/

All links and images can be found on CISO Series.

Identity has become the Gordian knot of cybersecurity. Threat actors no longer need to break in. They log in. As organizations manage increasingly complex ecosystems spanning cloud, on-premises, and hybrid environments, the challenge isn't just understanding who has access to what. It's about understanding how an attacker could chain together seemingly innocent permissions to escalate from an initially compromised user to full environment control.

The problem is compounded by privilege creep, where employees accumulate access over time as roles change and exceptions pile up without systematic review. Traditional security tools excel at protecting identities at rest or governing access for individual users. Still, they often miss the needle in the haystack: the cascading attack paths that adversaries actively exploit.

In this episode, Justin Kohler, chief product officer at SpecterOps, explains how Bloodhound Enterprise addresses these challenges by proactively uncovering and eliminating attack paths before adversaries can exploit them, transforming abstract permissions into visual maps that show precisely how attackers could move through your environment. Joining him are Angela Williams, SVP and CISO at UL Solutions, and Brett Conlon, CISO at American Century Investments.

Want to know:

• Why does identity security remain such a persistent challenge for organizations?
• What attack path management actually does versus traditional identity governance tools?
• How does Bloodhound Enterprise complement other solutions in your stack?
• How to visualize and prioritize the attack paths that matter most?
• What emerging identity-based threats should CISOs prioritize over the next 12 months?
• How has the definition of "identity" evolved beyond just human users?
• Can continuous attack path mapping keep pace with dynamic cloud environments?

Huge thanks to our sponsor, SpecterOps

SpecterOps' 2025 State of Attack Path Management report reveals how technical debt transforms into identity risk and provides actionable strategies for security teams. Drawing insights from the creators of BloodHound, this report outlines proven methods for strengthening identity directory security to prevent costly breaches. Learn more at https://specterops.io/.

All links and images can be found on CISO Series.

Earning and maintaining customer trust has become increasingly complex as organizations struggle with manual, repetitive security review processes that frustrate customers and slow revenue cycles. Despite decades of talking about customer trust in security, companies still rely on outdated approaches like sending spreadsheets back and forth for questionnaires. The challenge isn't just about having strong security programs. It's how do you enable sales teams to move deals forward without constantly pulling security experts into routine questions.

In this episode, Al Yang, CEO and Co-founder at SafeBase by Drata, explains how their trust center platform addresses these challenges by creating transparent, always up-to-date security portals that streamline NDAs, access requests, and security questionnaires through AI automation. Joining him are Dan Holden, CISO at Commerce, and Terry O'Daniel, former CISO at Amplitude.

Huge thanks to our sponsor, SafeBase by Drata

SafeBase by Drata is the leading Trust Center platform that helps companies showcase their security posture, streamline security reviews, and accelerate sales. By combining an enterprise-grade, customer-facing Trust Center with AI-powered Questionnaire Assistance, SafeBase enables organizations to share certifications, policies, and security documentation on demand while automating accurate, context-aware questionnaire responses. This reduces manual effort, shortens review cycles, and delivers the trust signals buyers need to move forward. Companies like Asana, Jamf, and OpenSpace use SafeBase to turn security transparency into a competitive advantage and make trust a growth driver. Learn more at https://safebase.io.

All links and images can be found on CISO Series.

Misconfigurations represent one of cybersecurity's most persistent and damaging vulnerabilities. Organizations often fall into the trap of deploying tools with overly permissive "permit everything" default settings, only to struggle with the operational overhead required to lock them down properly. Every configuration change away from these permissive defaults requires extensive testing and validation, creating what amounts to a prohibitive tax on implementing proper security controls. Is it any surprise that teams leave dangerous temporary configurations in place indefinitely?

In this episode, Rob Allen, chief product officer at ThreatLocker, explains how their Defense Against Configuration (DAC) solution addresses these challenges through automated daily security checks across Windows endpoints that identify common misconfigurations before they lead to breaches. Joining him are Andy Ellis, principal at Duha, and Montez Fitzpatrick, CISO at Navvis. The conversation explores how DAC's automated checks map misconfigurations against compliance frameworks, while ThreatLocker's broader platform consolidates multiple security functions into a single low-impact agent that can replace multiple endpoint tools.

Huge thanks to our sponsor, ThreatLocker

ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com

All links and images can be found on CISO Series.

Organizations excel at generating massive volumes of unstructured data through recorded meetings. The struggle lies in extracting value from it. The reality is that most of this data is never touch again after its created. The temporal nature of voice communication creates unique challenges. These conversations capture real-time insights and concerns that are highly valuable for immediate decision-making. But traditional data management approaches fail to surface actionable intelligence before it becomes stale.

In this episode, Joe Essenfeld, CEO and co-founder at FORA, explains how their platform addresses these challenges by automatically processing recorded meetings to generate personalized, contextual summaries while maintaining strict data privacy controls. Joining him are Howard Holton, CEO at GigaOm, and Derek Fisher, Director of Cyber Defense at Temple University. The conversation explores how FORA's AI-powered personalization engine creates individualized meeting cards based on organizational context and project involvement. The platform implements sophisticated filtering to remove personal banter and protects sensitive information through automated labeling systems that can detect IP discussions, HR-sensitive content, and accidental recordings.

Huge thanks to our sponsor, FORA

Recorded meetings are the fastest-growing source of shadow data. FORA gives enterprises unified visibility and control—enforcing retention, access, and compliance across platforms. Security teams eliminate blind spots while employees gain powerful insights. With FORA, you know exactly what recorded data exists, where it's stored, and who can access it.

All links and images can be found on CISO Series.

In this episode, Rob Allen, chief product officer at ThreatLocker, explains how their Storage Control solution addresses these challenges by implementing program-level access restrictions that work alongside traditional user permissions. Joining him are Jonathan Waldrop, CISO-at-large, and Nick Ryan, former CISO at RSM.

The conversation explores how ThreatLocker's endpoint-focused approach applies default-deny principles not just to what programs can run, but to what data they can access. This allows users to work normally while preventing unauthorized programs from reaching sensitive information. This streamlined block-request-approve process can resolve access needs within 60 seconds.

Huge thanks to our sponsor, ThreatLocker

Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Threatlocker.com/CISO

All links and images can be found on CISO Series.

Asset visibility remains a persistent challenges in cybersecurity. Despite working on this challenge for decades, CISOs continue to struggle with knowing what assets exist in their environments, where they're located, and what risks they present.

The problem has only intensified with dynamic cloud resources spinning up and down in seconds, APIs proliferating across environments, and third-party integrations creating complex dependency chain. Traditional scanning tools simply can't keep pace.

In this episode, Franz Fiorim, Field CTO at Trend Micro, explains how their Cyber Risk Exposure Management (CREME) solution addresses these challenges through continuous asset discovery and risk prioritization across the entire attack surface.

Joining him are Krista Arndt, Associate CISO at St. Luke's University Health Network, and Brett Conlon, CISO at American Century Investments.

They discuss how CREME consolidates external attack surface management, cloud security posture management, and vulnerability remediation into a unified platform that discovers hidden assets through multiple methods including agentless cloud integrations, network discovery sensors, and third-party API connections.

Huge thanks to our sponsor, Trend Micro

Reduce cost, complexity, and tool sprawl by consolidating critical security and risk disciplines like External Attack Surface Management (EASM), Cloud Security Posture Management (CSPM), Vulnerability Risk Management (VRM), Identity Security Posture, Security Awareness and more into one cyber risk exposure management solution. CREM simplifies security and business operations to enable faster, more strategic risk reduction by replacing fragmented point solutions across these domains.

All links and images can be found on CISO Series.

Most data breaches don't happen because attackers are geniuses. They happen because organizations give too much access to too many people for far too long. Despite decades of security frameworks and best practices, enforcing least privilege remains one of cybersecurity's most persistent challenges. The culprit isn't technology: it's politics.

In this episode, Mokhtar Bacha, CEO of Formal, discusses how their granular privilege access management solution operates at the packet level to enforce least privilege across databases and APIs.

Joining him are Howard Holton, COO and industry analyst at GigaOm, and Arvin Bansal, a Fortune 100 veteran CSO. The conversation tackles the truth about why access management fails, explores how AI agents are exploding the identity landscape, and examines whether automated policy enforcement can finally solve the political friction that has plagued privilege management for years.

Huge thanks to our sponsor, Formal

Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.

All links and images can be found on CISO Series.

In this episode, Simone Rapizzi, CSO at RedCarbon, explains how their AI-powered platform uses specialized models to automate threat detection and response while learning from each customer's unique environment. Joining him are Jonathan Waldrop, former CISO, and John Scrimsher, CISO at Kontoor Brands.

Huge thanks to our sponsor, RedCarbon

RedCarbon platform enables AI SOC: automates threat detection, incident analysis, and intelligence monitoring across SOCs. Operating 24/7, our AI Agents reduce analyst fatigue and accelerate response times. Seamlessly integrating with SIEM, EDR, and XDR platforms, RedCarbon enables scalable, cost-effective security, adding infinite AI Agents.