Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider?

Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share:

• Current vCISO trends
• What to look for in vCISO services
• Who fits/doesn't fit as a vCISO

vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview.

In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-410

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it?

Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including:

• Immediate visibility into system misconfigurations before they become vulnerabilities
• Compliance transparency, showing exactly where systems fall short of industry standards
• One unified view, with filters by criticality, system, and framework
• Actionable insights, updated weekly and delivered straight to customers’ inboxes

Segment Resources:

• https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps
• https://www.threatlocker.com/platform/defense-against-configurations

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-409

As brands grow more digital, the threats grow more personal. Attackers impersonate executives, spin up fake websites, and leak sensitive data — hurting business reputations and breaking customer trust. How do you defend your organization's reputation and customers' trust?

Santosh Nair, Co-Founder and CTO at Styx Intelligence, joins Business Security Weekly to discuss how to defend trust and reputation in the age of AI. Santosh will cover both the company and executive challenges of defending against the latest AI attacks, including:

• Impersonations and Deepfakes
• Employee Scams
• Financial Fraud

Segment Resources: - https://styxintel.com/blog/what-is-brand-protection/ - https://styxintel.com/blog/brand-impersonation-hurts-business/ - https://styxintel.com/blog/social-engineering-tactics/

In the leadership and communications section, Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture, Your AI Strategy Needs More Than a Single Leader, Avoid These Communication Breakdowns When Launching Strategic Initiatives, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-408

Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, and other AI resources are used. And with this expansion of third-party AI component and services use comes an expanded security threat often not included in traditional supply chain management processes. It's time to update our supply chain management process to include AI governance. Easier said than done.

In this Say Easy, Do Hard segment, we invite three CISOs to discuss the challenges of AI and the supply chain, including:

• Data privacy concerns
• Flaws and malicious code in AI dependencies
• Lack of security tools to test for AI
• Vibe coding risks

and more. But we also do the hard part, by discussing the changes needed to your supply chain management process to address these concerns.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-407