What if the real problem with cybersecurity today is not the threats we see, but the way we prove who we are online?

In this episode of the Business of Cybersecurity podcast, I sat down with Gonzalo Alonso, CEO of Ditto, to explore why digital identity has quietly become one of the most important and misunderstood challenges in our digital economy. Drawing on his experience at Microsoft, Google, and now Ditto, Gonzalo shares a perspective that challenges long-held assumptions about how identity works, who owns it, and why the current model is starting to break under pressure from AI, regulation, and evolving user expectations.

We unpack what is changing across Europe with initiatives like the European Digital Identity Wallet and what that really means in practice for both consumers and businesses. Gonzalo explains how the shift toward user-controlled identity could reshape everything from onboarding and compliance to fraud prevention and cross-border trust. At the same time, he does not shy away from the complexity this creates for organizations that have historically treated identity data as an asset they control.

Our conversation also looks at the deeper technical shift from trusting systems to relying on cryptographic proof. Gonzalo brings this to life with real-world examples, including how identity could travel with you across borders, unlock access to services, and even influence financial opportunities. But alongside the opportunity, we also discuss the risks, from device security to identity recovery, and why getting the model right matters just as much as the technology behind it.

This episode offers a clear-eyed view of where digital identity is heading, why it matters now, and what leaders need to start thinking about before the rules change around them. So as identity moves from passwords and tokens to something far more personal and portable, are we ready to give control back to the individual, and what does that mean for the businesses built on the old model?

How prepared are businesses for a world where AI agents are quietly becoming some of the most powerful users inside their systems?

In this episode of Business of Cybersecurity, I sit down with Uri Haramati, CEO and co-founder of Torii, to unpack a shift that is happening faster than most organizations can keep up with. AI is no longer sitting on the sidelines as a productivity tool. It is now deeply embedded across platforms like Slack, Google Workspace, and CRM systems, often operating with levels of access that rival or even exceed human users. As Uri explains, that changes the entire security conversation, especially when many of these agents are effectively invisible to traditional identity and governance models.

What stood out to me in this conversation is how quickly AI adoption has moved from experimentation to something far more operational. Uri shares insights from Torii’s 2026 SaaS Benchmark Report, which reveals that enterprises added nearly 700 new AI applications in just one year, with 61 percent of all apps operating outside of IT oversight. That creates a growing blind spot, where non-human identities, API tokens, and automated workflows are interacting with sensitive data without clear ownership or lifecycle management. It is a shift that feels familiar, echoing past waves like BYOD, but this time the scale and speed are on another level.

We also explore why this is not simply a story about risk. There is a clear business driver behind this surge in AI adoption. Organizations are under pressure to control costs, reduce manual work, and get more value from their software stack. AI is stepping into that role, but it introduces new challenges around usage-based pricing, unexpected spend, and governance models that were designed for a much slower era of IT. Uri makes the case that the real issue is not adopting AI too quickly, but failing to evolve governance at the same pace.

By the end of the conversation, one idea really stayed with me. Within the next couple of years, non-human identities could outnumber human ones inside most enterprises. That raises a simple but uncomfortable question. If every actor in your system needs to be treated as an identity, how many do you actually have, and how many are you truly managing?

If this is a topic you are grappling with, I highly recommend checking out Torii’s 2026 SaaS Benchmark Report and connecting with Uri to continue the conversation. But for now, I would love to hear your perspective. Are we building the right guardrails for this new era of AI-driven access, or are we already further behind than we think?

What happens when AI makes your security teams faster, but leaves the same people carrying all the risk?

In this episode of Business of Cybersecurity, I sit down with Shan Kulkarni, CEO of Nullify, to discuss a growing tension that many security leaders are already feeling. AI is helping developers ship code faster than ever. Still, for product security teams, that speed often creates even more alerts, more vulnerabilities to review, and more pressure on already stretched teams.

Shan argues that the real issue is not productivity alone. It is accountability. When copilots increase output while ownership remains with the same engineers, the workload does not disappear. It multiplies.

We explore why Shan believes the next phase of enterprise AI will be shaped by autonomous AI employees rather than assistant-style tools.

He explains how Nullify is designed to onboard, reason, and act like a human security engineer, with access to code bases, ticketing systems, cloud environments, and internal documentation.

From validating whether a vulnerability is truly exploitable to assigning fixes and following up with developers, Shan shows how AI workers could replace several disconnected security tools and the extensive manual coordination required.

Our conversation also gets into trust, which remains one of the biggest barriers to adoption in high-risk environments. Shan talks openly about the safeguards needed before companies will feel comfortable allowing AI to take action instead of simply making suggestions.

We discuss merge-ready patches, exploit confidence scores, the rising threat surface created by AI-generated code, and why authorization, authentication, and business logic flaws may become some of the biggest risks in modern software.

It is a timely conversation about what security teams actually need right now: fewer dashboards, fewer false positives, and better ways to manage growing responsibility in a world of machine-speed software delivery. If you are trying to understand where AI fits inside security operations, and whether autonomous systems can truly ease the burden rather than increase it, this episode should give you plenty to think about.

What do you think, are we heading toward a future of AI teammates in cybersecurity, and how much responsibility are you willing to hand over?

What if the biggest blind spot in cybersecurity today is the place where most work actually happens, the browser?

In this episode of the Business of Cybersecurity podcast, I sat down with Adam Bateman, co-founder and CEO of Push Security, to explore a growing shift in how modern attacks are carried out and why traditional defenses are increasingly struggling to keep up. Adam brings a rare perspective to the conversation, having spent years in offensive security and red team operations simulating real-world attacks against major enterprises before founding Push Security.

One of the central ideas we unpacked is the claim that the browser has quietly become the new endpoint. As organizations move more work into cloud applications and SaaS platforms, the connection between users and company systems increasingly runs through the browser rather than traditional networks or local applications. The problem is that most security tools still focus on endpoints, networks, and email. That leaves what Adam describes as a “missing middle,” the space between a user logging in and the moment a breach is discovered.

We also discuss how phishing attacks have evolved beyond the inbox. Push has observed that as much as thirty-four percent of the malicious phishing attempts they detect now originate outside email, appearing instead through platforms like LinkedIn messages, Google search results, or other online channels. These platform-native attacks bypass traditional email gateways entirely, often targeting senior executives and employees with privileged access to business systems.

Adam also shares insights from a recent campaign his team uncovered called ConsentFix, an attack technique that combines browser manipulation with OAuth consent abuse. Instead of exploiting software vulnerabilities or deploying malware, these attacks manipulate trusted workflows inside cloud platforms and identity systems. The result is a compromise that can occur entirely within a browser session, often without triggering traditional security alerts.

Throughout our conversation we explore why these browser-native threats are growing, how attackers are using AI to scale social engineering campaigns, and why visibility into browser activity may become one of the most important capabilities for modern security teams. Adam also explains how Push Security approaches this challenge by bringing real-time detection and response directly into the browser environment where work and attacks increasingly collide.

If cybersecurity teams are still focused only on networks, endpoints, and email, they may be missing the layer where attackers now spend most of their time. As work moves deeper into cloud platforms and SaaS tools, could the browser become the next frontline in enterprise defense?

What really determines whether a company survives a cyberattack, the sophistication of the attacker or how well the organization prepared before the breach ever happened?

In this episode of Business of Cybersecurity, I sat down with Andrew Carr, Managing Director at Booz Allen Hamilton and leader of the firm’s Commercial Threat Detection and Response practice. Andrew has spent nearly two decades working in digital forensics, ransomware response, and incident investigations across both government and enterprise environments. During our conversation, he shared lessons drawn from hundreds of cyber incidents and explained why preparation, clarity, and coordination often matter far more than the tools organizations deploy.

One of the most striking themes in this conversation was the importance of the first seventy-two hours during a cyber crisis. Andrew explained that organizations that stabilize quickly tend to have one thing in common. They understand their environments with precision. They know where critical data lives, how systems connect, and which assets attackers are most likely to target. When that visibility is missing, those early hours are often spent trying to answer basic questions rather than containing the incident.

We also explored why traditional incident response exercises sometimes fail to prepare organizations for real attacks. Many companies still run tabletop exercises within individual departments, yet real cyber incidents rarely stay confined to a single team. Andrew described why effective rehearsals must involve the entire business, from technical responders to executive leadership, and why organizations need to define what he calls the “minimum viable company,” the core functions required to keep operations running during a major disruption.

Another key takeaway from our discussion was the role of leadership. Cybersecurity can no longer be treated as a purely technical function handled by the IT or security team. Andrew argues that cyber risk is a business risk, and executives across the organization must understand how decisions, priorities, and communication shape the response when a crisis unfolds.

We also discussed emerging risks around supply chains and AI systems, and how organizations are beginning to think more seriously about resilience rather than prevention alone. In a world where no company can block every attack, the ability to respond quickly and recover effectively is becoming the true measure of cybersecurity maturity.

If you lead a technology team, oversee risk, or simply want to understand how organizations prepare for high-stakes cyber incidents, this conversation offers a clear look inside the realities of modern incident response. When the next breach happens, will your organization be scrambling to understand its environment, or ready to act within those critical first seventy-two hours?

What happens when the backup you trusted turns out to be anything but immutable?

In this episode of Business of Cybersecurity, I sit down with Anthony Cusimano from Object First to unpack one of the most misunderstood words in cyber resilience right now: immutability. It is a term that appears in countless vendor pitches and product pages, but as Anthony explains, the reality behind those claims can vary wildly. In a world where attackers are actively targeting backups as part of modern ransomware campaigns, that gap between promise and reality can have serious consequences.

Anthony helps me separate marketing language from real architectural protection. We explore why a simple checkbox or software setting is not enough to make backup data truly safe, and why organizations need to think much more carefully about how backup storage is designed, isolated, and protected. He also explains why backup strategy can no longer sit quietly in the background as a routine IT function. It now sits right at the heart of cyber resilience.

One of the biggest takeaways from this conversation is how ransomware operators have changed their tactics. Backups used to be the fallback plan, the thing that gave businesses a path back after an attack. Now, attackers know that too, which is why backup systems themselves have become a priority target. Anthony explains how this shift has changed the role of backup admins, raised the stakes for recovery planning, and forced security leaders to rethink what “safe” really means.

We also get into the role of Zero Trust in backup storage, the risks of false confidence when immutability is poorly implemented, and the practical questions CIOs, CISOs, and infrastructure teams should be asking vendors before they trust them with business-critical recovery data. This is where the conversation gets especially useful, because Anthony does not stay at the theory level. He brings it back to what teams should be checking, testing, and validating right now.

Another part of the discussion looks at how AI is changing the threat picture. As attacks become more automated and more adaptive, organizations will need recovery strategies that are built for pressure, not just written for compliance. Anthony shares his perspective on why long-standing best practices still matter, and why businesses should be far more intentional about where their most important data lives and how quickly it can be recovered.

I also appreciated Anthony’s strong defense of backup professionals, the people who often carry enormous responsibility without much recognition until something goes wrong. This episode is a reminder that resilience is never just about technology. It is also about the people trusted to keep the business standing when everything else is under pressure.

So if your organization believes its backups are immutable, the real question is simple. Are they truly protected at the architecture level, or are you trusting a label that might not hold up when it matters most?

• Connect with Anthony Cusimano
• Learn more about Object First
• Absolute Immutability: The Ultimate Ransomware Defense
• YouTube

For two decades, the mantra in technology has been simple: connect everything. More APIs, more integrations, more remote access, more cloud. But what happens when that hyper-connectivity becomes the very thing that amplifies risk?

In this episode of Business of Cybersecurity, I sit down with Steven Brodie, Chief Revenue Officer at Goldilock Secure, a NATO-backed cybersecurity firm challenging the industry’s long-standing assumptions. Steven argues that in 2026 we are finally confronting the downside of overconnectivity, where sprawling networks and forgotten links create enormous blast radiuses when breaches occur. Instead of defaulting to constant connection, he introduces the idea of “right-sized connectivity,” where systems are connected only when required, no more and no less.

We explore why so many modern breaches spread so quickly, and how architectural decisions made in the name of speed and convenience have left organizations exposed. Steven explains how most attacks are software-driven, moving laterally at machine speed, often faster than teams can patch. In that arms race, patching alone is no longer enough. Goldilock Secure approaches the problem differently by adding a physical layer of segmentation that can remotely connect or disconnect assets without sending commands over the public internet. The goal is simple: buy time, contain incidents, and prevent a localized breach from becoming a company-wide crisis.

We also discuss the tension between security and operational continuity. How do you introduce deliberate firebreaks into a network without slowing down the business? Steven is clear that this is not about returning to air-gapped islands everywhere. It is about controlled connection and controlled disconnection. Boards, he argues, should rethink cybersecurity metrics away from checklist compliance and toward containment, resilience, and clear audit trails that demonstrate who accessed what, and when.

As AI accelerates attack automation and zero-day vulnerabilities shrink response windows, the question facing every CISO and board is whether their architecture has grown beyond what is defensible. Are you relying purely on logical controls that can be subverted in software, or are you prepared to add physical boundaries that act as real firebreaks?

I would love to hear your take. Has hyper-connectivity become a strategic liability in your organization, or is it still viewed as a competitive advantage?

How prepared are enterprises and government agencies for the next wave of AI-driven risk?

I sit down with Tim Freestone, Chief Strategy Officer at Kiteworks, to unpack the findings from the Kiteworks 2026 Data Security & Compliance Risk Forecast and what it reveals about the true state of data resilience today. As AI accelerates business processes and agentic systems gain more autonomy, Tim argues that the real challenge is no longer about adding another security tool. It is about gaining repeatable control over how sensitive data moves across organizations, partners, and automated systems.

We explore why third-party involvement in breaches has surged to nearly one in three incidents and what that means for board-level accountability. Tim explains how traditional third-party risk assessments struggle to scale in an AI-enabled world, and why data-layer controls and modern digital rights management approaches are being revisited in a more practical form. We also examine the shift from ransomware headlines to the rising dominance of social engineering, and why micro-learning and human error prevention may offer a more realistic path forward than annual compliance training.

Our conversation also tackles the regulatory pressure building across regions, from evolving GDPR requirements to the EU AI Act. Tim makes the case for unified, data-centric compliance models that provide file-level visibility and auditability, rather than fragmented controls across siloed systems. We discuss the growing relevance of data security posture management, the shrinking timeline for quantum risk, and the “harvest now, decrypt later” threat that leaders can no longer afford to dismiss as a distant concern.

Finally, we turn to identity as the new perimeter in a world where AI agents act with increasing autonomy. Tim shares why identity alone is insufficient and why combining identity with data location defines the modern security boundary. For leaders facing limited budgets and skill constraints, his advice is pragmatic: start with visibility, align with established frameworks like NIST, and use AI-enabled copilots to accelerate cyber maturity rather than fall behind.

If you are responsible for security, compliance, or risk outcomes, this episode offers a clear-eyed look at what is changing, accelerating, and must be addressed now. Are you truly in control of every send, share, receive, and save of sensitive data across your ecosystem?