Security You Should Know

• Transforming Asset Visibility with Trend Micro

  All links and images can be found on CISO Series. Asset visibility remains a persistent challenges in cybersecurity. Despite working on this challenge for decades, CISOs continue to struggle with knowing what assets exist in their environments, where they’re located, and what risks they present. The problem has only intensified with dynamic cloud resources spinning up and down in seconds, APIs proliferating across environments, and third-party integrations creating complex dependency chain. Traditional scanning tools simply can’t keep pace. In this episode, Franz Fiorim, Field CTO at Trend Micro, explains how their Cyber Risk Exposure Management (CREME) solution addresses these challenges through continuous asset discovery and risk prioritization across the entire attack surface. Joining him are Krista Arndt, Associate CISO at St. Luke’s University Health Network, and Brett Conlon, CISO at American Century Investments. They discuss how CREME consolidates external attack surface management, cloud security posture management, and vulnerability remediation into a unified platform that discovers hidden assets through multiple methods including agentless cloud integrations, network discovery sensors, and third-party API connections. Huge thanks to our sponsor, Trend Micro Reduce cost, complexity, and tool sprawl by consolidating critical security and risk disciplines like External Attack Surface Management (EASM), Cloud Security Posture Management (CSPM), Vulnerability Risk Management (VRM), Identity Security Posture, Security Awareness and more into one cyber risk exposure management solution. CREM simplifies security and business operations to enable faster, more strategic risk reduction by replacing fragmented point solutions across these domains.

  --------  

  16:54

  --------

  16:54
• Harnessing AI-Native PAM with Formal

  All links and images can be found on CISO Series. Most data breaches don't happen because attackers are geniuses. They happen because organizations give too much access to too many people for far too long. Despite decades of security frameworks and best practices, enforcing least privilege remains one of cybersecurity's most persistent challenges. The culprit isn't technology: it's politics. In this episode, Mokhtar Bacha, CEO of Formal, discusses how their granular privilege access management solution operates at the packet level to enforce least privilege across databases and APIs. Joining him are Howard Holton, COO and industry analyst at GigaOm, and Arvin Bansal, a Fortune 100 veteran CSO. The conversation tackles the truth about why access management fails, explores how AI agents are exploding the identity landscape, and examines whether automated policy enforcement can finally solve the political friction that has plagued privilege management for years. Huge thanks to our sponsor, Formal Formal secures humans, AI agent’s access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.  

  --------  

  19:26

  --------

  19:26
• Enhancing Humans in Your SOC with RedCarbon

  All links and images can be found on CISO Series. In this episode, Simone Rapizzi, CSO at RedCarbon, explains how their AI-powered platform uses specialized models to automate threat detection and response while learning from each customer's unique environment. Joining him are Jonathan Waldrop, former CISO, and John Scrimsher, CISO at Kontoor Brands. Huge thanks to our sponsor, RedCarbon RedCarbon platform enables AI SOC: automates threat detection, incident analysis, and intelligence monitoring across SOCs. Operating 24/7, our AI Agents reduce analyst fatigue and accelerate response times. Seamlessly integrating with SIEM, EDR, and XDR platforms, RedCarbon enables scalable, cost-effective security, adding infinite AI Agents.

  --------  

  14:56

  --------

  14:56
• Proving Trust with Drata

  In this episode, Matt Hillary, CISO at Drata, explains how their AI-native trust management platform addresses these challenges by automating evidence collection from integrated systems and reducing manual effort by over 90%. Joining him are Mike Lockhart, CISO at EagleView, and Johna Till Johnson, CEO at Nemertes. We talk about how Drata’s platform bridges the policy-execution gap through hundreds of out-of-the-box integrations, AI-assisted questionnaire responses that handle 90% of vendor due diligence automatically, and real-time control monitoring that enables GRC teams to operate more like security operations centers, responding quickly to control failures rather than simply passing audits. Huge thanks to our sponsor, Drata  AI at Drata is embedded across every layer, transforming GRC from a defensive necessity into a proactive business driver. With new Agentic AI innovations, MCP releases, and a long-term vision for AI-native trust management, Drata empowers security teams to work faster, reduce manual tasks, and deliver meaningful, scalable business impact. Learn more at Drata.com

  --------  

  19:58

  --------

  19:58
• Reducing SIEM Costs with Scanner

  SIEM costs are spiraling out of control for organizations. Increasing log volumes, longer compliance-driven retention requirements, and the habit of collecting everything "just in case," the list goes on. Traditional SIEM architecture forces painful choices between cost control and security visibility, with teams constantly fighting to keep log volumes down while still maintaining adequate coverage for investigations. In this episode, Cliff Crosland, co-founder and CEO of Scanner, explains how their data lake approach can reduce SIEM costs by 80-90% while giving organizations full custody of their data in their own cloud storage. Joining him are Nick Espinosa, host of the Deep Dive Radio Show, and Howard Holton, COO and industry analyst at GigaOm. In this episode: Data retention policies The fundamental challenge of managing growing log volumes over time How AI copilots are bridging the gap between security analysts and software engineers in detection workflows. Huge thanks to our sponsor, Scanner Traditional SIEMs are a tax on your security team—bloated, brittle, and budget-killing. Scanner.dev fixes this. Use it as your SIEM, or to supercharge the one you already have. Our AI co-pilot summarizes alerts, suggests next steps, and reduces noise—making analysts faster and smarter. See it in action at Scanner.dev.

  --------  

  13:28

  --------

  13:28

More News podcasts

Trending News podcasts

About Security You Should Know

Security You Should Know: Podcasts in Family