In this episode, I sit down with Andy Ellis, a longtime industry security leader who has turned investor, advisor, and mentor. We will discuss how security vendors can build effective marketing and sales teams and Andy's experience identifying and investing in industry-leading security startups.

Don't miss this chance to hear from an industry legend who has worn multiple hats and excelled as an operating, investor, and overall security leader.

- One of the biggest SaaS security incidents recently of course is the Salesloft Drive/Salesforce incident, which impacted hundreds of organizations and involved compromised OAuth tokens. Can you tell us a bit about the incident and the fallout?

- In an AppOmni blog on the incident, you all discuss attackers taking advantage of persistent OAuth access, over-permissive access, limited monitoring, and unsecured secrets. Why do these problems continue to plague organizations despite incidents like this?

This is part of a broader trend of increased SaaS supply chain attacks. What makes these attacks so enticing for malicious actors and challenging for organizations to prevent entirely?

You recently published your State of SaaS Security Report, which projects SaaS to grow 20% YoY between 2025 and 2032. This is despite 75% of organizations reporting a SaaS security incident in the past year. Why do you think we're seeing continued growth in adoption but still lagging in SaaS security to accompany the adoption?

The report discusses the rise of NHIs and GenAI and how this will exacerbate problems around SaaS Access and incidents. Can you unpack that for us?

I was shocked to see the report find that just 13% of organizations use SSPM tooling despite SaaS's widespread adoption. When you talk to enterprises, for example, nearly everyone is doing some CSPM activity for IaaS. Why are so many neglecting hygiene and posture for their SaaS footprint?

In this episode of Resilient Cyber, I sit down with the SANS Institute's Chief of Research (COR) & Chief AI Officer (CAIO), Rob T. Lee to discuss AI's impact on cybersecurity and the workforce.

We will discuss SANS Critical AI Security Guidelines, the opportunities and obstacles AI presents for cybersecurity, and how practitioners should navigate AI's impact on the workforce.

In this episode of Resilient Cyber, I sit down with Gianna Whitver and Maria Velasquez to chat about the state of marketing in the cybersecurity industry, as well as their popular event "Cyber Marketing Con"

In this episode, we discussed:

• The background of the CyberMarketingCon and what led Gianna and Maria to co-found the event and community
• Where marketers typically fall short and what can be done to drive more effective marketing and selling to security practitioners and leaders
• What practitioners can learn their marketing peers when it comes to communication, empathy, story telling, and building relationships
• The importance of marketing, brand and broader GTM for security vendors to stand out from their competitors
• What to keep an eye out for at the upcoming CyberMarketingCon in December in Austin Texas

In this episode I sit down with Michael Bargury, Co-Founder and CTO at Zenity to discuss all things AI Agent Security.

Michael and the Zenity team have recently disclosed various AI agent risks, vulnerabilities and threats.

In this episode, I sit down with Andrew Carney, Program Manager for DARPA's AI Cyber Challenge (AIxCC).

DARPA's AIxCC recently concluded at Black Hat, and it brought together the industry's leading experts on AI and Cybersecurity with a focus on securing software that is critical to all Americans.

Teams had to create novel AI systems to secure critical code, include software involved in critical infrastructure.

In this episode we sit down with Sid Trivedi, Partner at venture capital firm Foundational Capital and host of the Inside the Network podcast.

Sid brings great insights around cybersecurity market trends, industry events such as Black Hat and the impact that AI is having on the startup and venture capital ecosystem.

In this episode, I sit down with Daniel Bardenstein, CTO & Co-Founder of Manifest Cyber.

We discussed the AI supply chain security, including open source risks, AIBOMs, best practices for CISOs, and regulatory approaches in the U.S. and EU.

We dove into:

• What is the same and different between the risks AI introduces across the enterprise compared to open source software, and where and how the two converge.
• The rise of an “AIBOM” and why it is becoming a critical part of enterprise risk management in the AI Era
• The work Daniel and others are doing as part of a Tiger Team defining “SBOM-for-AI-Use Cases”.
• Why is it so difficult for organizations to gain visibility into their AI models' internals, especially training data, model provenance, and pipeline dependencies?
• Where CISOs and security teams can get started when it comes to understanding where and how AI is being used and avoiding some mistakes.
• Gaps among the current waves of AI security startups and how they contrast with the approach Manifest is taking when managing AI supply chain risks.
• Real-world insights and examples of how organizations operationalize SBOM for risk reduction.
• Key differences between the U.S. and EU regarding regulatory approaches to AI and supply chain security risks.