The Security Strategist
About
With cyber attacks more common than ever before and each attack becoming increasingly sophisticated, security teams need to be one step ahead of cybercrime at all times. “The Security Strategist” podcast delves into the depths of the cybercriminal underworld, revealing practical strategies to keep you one step ahead. We dissect the latest trends and threats in cybersecurity, providing insights and expect-backed solutions to protect your organisation effectively. Tune into this cybersecurity podcast as we dissect major threats, explore emerging trends, and share proven prevention strategies to fortify your defences.
Episodes
- How to Fix Microsoft 365 Security
Host Richard Stiennon and guest Rob Edmondson discuss Microsoft 365 security, covering challenges like configuration drift, excessive privileges, tenant hardening, and AI agents. The episode highlights the complexities of managing security…
- How AI Is Reshaping Financial Crime Prevention and Why Explainability Is the New Battleground
This episode of The Security Strategist explores how AI is reshaping financial crime prevention, discussing the shift from traditional machine learning to generative AI. It also covers the importance of explainability in AI models and the…
- Can Real-Time Identity Governance Replace Access Reviews for Good?
This episode of The Security Strategist discusses replacing traditional access reviews with real-time identity governance. It highlights the challenges of static access reviews with the rise of AI and machine identities, and explores how c…
- Non-Human Identities and Agentic AI: The New Frontier in Identity Security
This episode of The Security Strategist explores identity security, focusing on the State of Identity Governance 2026 report. It discusses non-human identities, AI, and fragmented systems, highlighting the gap between confidence in identit…
- How Can Enterprises Move from Cloud Security Visibility to Real Enforcement?
Amit Megiddo and Richard Stiennon discuss challenges in enterprise cloud security, focusing on the "execution gap." They explore moving from detection to proactive, policy-driven enforcement in complex multi-cloud environments.
- FedRAMP 20x: The Future of Compliance, Trends, and Best Practices
This episode of The Security Strategist podcast discusses FedRAMP 20x, a modernization of the Federal Risk and Authorization Management Program. It examines how these changes aim to streamline the authorization process for cloud service pr…
- Why Patch Management Remains the Most Annoying Problem in IT Security
This episode of The Security Strategist podcast explores the persistent challenges of patch management in IT security. It discusses the evolving nature of software, increased remote work, and the need for automation in patching strategies.
- The Growing Challenge of Protecting Sensitive Enterprise Data Across Browsers, SaaS and AI Tools
This episode discusses the growing cybersecurity challenges associated with browsers, SaaS platforms, and AI tools. It explores how organizations can adapt their enterprise security strategies as sensitive information increasingly flows th…
- Beyond the Firewall: Why Executive Risk Is Reshaping Cyber Strategy
This episode of The Security Strategist discusses executive risk and its impact on cyber strategy. Dr. Chris Pierson explains how attackers target executives' personal lives, creating new vulnerabilities beyond corporate networks.
- Speed vs. Privacy: Navigating Digital Threats in Modern Counter Terrorism
This episode of The Security Strategist explores how digital evidence is reshaping modern counter-terrorism. It discusses the challenges of analyzing vast amounts of data quickly while balancing speed and privacy concerns.
- Democratising Cybercrime: How AI is Changing Enterprise Security
This episode of The Security Strategist discusses how AI is democratizing cybercrime, making sophisticated cyberattacks more accessible. Darren Anstee from NETSCOUT explains how AI simplifies and automates attack execution, shifting the th…
- Cyber Resilience in Microsoft 365: What Security Leaders Must Know
This episode of The Security Strategist discusses cyber resilience in Microsoft 365. It covers the evolution of Microsoft 365 beyond its original scope, the implications for security, and the challenge of maintaining visibility into config…
- Why Do Most Cyber Breaches Stem from System Failures, Not Human Error?
This podcast episode explores the idea that most cyber breaches are due to system failures rather than human error. Guests discuss how traditional security awareness metrics may not accurately reflect risk reduction, and suggest a shift to…
- Are Security Teams Wasting Resources on 99% of Vulnerabilities That Don’t Matter?
This episode of The Security Strategist features Nathan Rollings, CISO at Zafran. He discusses agentic exposure management, highlighting how automation and AI are transforming cybersecurity and the need for security teams to move beyond tr…
- Are You Testing Cyber Recovery or Just Hoping Your Backups Work
This episode of The Security Strategist podcast features Sam Woodcock, Senior Director of Solutions Architecture at 11:11 Systems. He discusses the gap between confidence and ability in cybersecurity readiness, highlighting that many organ…
- Unmasking the Invisible Threat: Defend Your APIs Before Attackers Do
This episode of The Security Strategist features Chip Witt, Principal Security Analyst at Radware, who discusses the critical issue of defending APIs. The conversation covers how attackers exploit APIs as part of the business logic, the mi…
- How CISOs Can Reduce Enterprise Data Risk Without Slowing the Business
This episode of The Security Strategist features Jonathan Care and Ariel Zamir discussing strategies for CISOs to reduce enterprise data risk. The conversation covers data security, risk management, and the importance of effective access c…
- Lessons from Offensive Security: How Organisations Can Improve Cyber Resilience
This episode of The Security Strategist discusses how UK organizations can improve cyber resilience by learning from offensive security. It covers current cyber threats, common misconceptions about cybersecurity tools, and the challenges i…
- From Passwords to Ransomware: What 597 Real-World Breaches Tell CISOs in 2026
This episode of The Security Strategist podcast examines the findings of the Active Adversary Report. The discussion focuses on how cyber threats are changing and what security leaders can do to adapt their strategies.
- Are CISOs Blind to the Biggest Cloud Attack Surface?
This episode of The Security Strategist features Doug Merritt, CEO of Aviatrix, and host Shubhangi Dua. They discuss how the expanding cloud attack surface creates security risks for businesses and explore why traditional security models s…
- The Human Factor in Cybersecurity: Behavioural Interventions That Work
This episode features Nicole Jiang-Gibson, CEO of Fable Security, who discusses the role of human behavior in cybersecurity. She explains why traditional training methods are often ineffective and how understanding human behavior can enhan…
- Securing AI-Driven Development in Modern Enterprises
Richard Stiennon and Gadi Bashvitz discuss securing applications in an AI-driven world. They explore how AI changes software development, including the increase in vulnerabilities from AI-generated code. The conversation covers how organiz…
- Is AI Quietly Breaking Email Security? Are False Positives Now the Real Breach?
This episode of The Security Strategist podcast explores how generative AI is reshaping email security. Host Richard Stiennon, along with guests Alan LeFort and Eric Sanchez, discuss how traditional defenses may be obsolete due to AI-gener…
- How Can Enterprises Secure AI When Data Moves Faster Than Humans Can Track?
This episode of The Security Strategist discusses securing AI in enterprises. Abhi Sharma, Co-Founder and CEO of Relyance, and host Richard Stiennon, Chief Research Analyst at IT-Harvest, explain how traditional security models are incompl…
- How Do Attackers Exploit Executives’ Personal Lives to Breach Companies?
Dr. Chris Pierson and Richard Stiennon discuss how attackers exploit executives’ personal lives to breach companies. They argue that the most significant vulnerabilities are outside the office perimeter due to AI-driven attacks and the com…
- Why Are AI Agents Forcing CISOs to Rethink Identity Security Architecture?
This episode of The Security Strategist podcast explores how AI agents are changing identity security architecture. It discusses the challenges CISOs face with the growing scale and complexity of identities in modern enterprises, particula…
- From Data to Insight: How Enterprises Are Making IoT Secure and Actionable
This episode of The Security Strategist covers how enterprises are securing and making IoT data actionable. It examines device management, fragmented architectures, and security challenges related to integrating IoT and Operational Technol…
- Human-Led, AI-Driven: The Next Chapter of Security Operations
Richard Stiennon and Daniel Martin discuss the evolution of Security Operations Centres (SOCs), the value of AI in cybersecurity, and the importance of outcome-based approaches. They highlight how modern SIEMs integrate various tools to as…
- Why Are Vulnerability Backlogs Still Growing Despite Better Detection?
In this episode of The Security Strategist, Chris Steffen and John Amaral discuss the persistent growth of vulnerability backlogs despite advancements in detection. They explore why shift-left security has not fully delivered on its promis…
- What Happens to API Security When AI Agents Go Autonomous?
This episode of The Security Strategist podcast explores the challenges of API security as AI agents become more autonomous. It emphasizes the need for API visibility and discovery in AI-driven businesses and discusses the role of governan…
- Why AI Agents Demand a New Approach to Identity Security
This episode of The Security Strategist podcast features Matt Fangman and Alejandro Leal discussing the implications of AI agents for identity security. They cover the rapid evolution of AI agents, challenges in visibility and governance,…
- Is Your Holiday Traffic Human—or AI-Driven and Under Attack?
Richard Stiennon and Pascal Geenens discuss the impact of AI on cyberattacks and web traffic. They cover the dual nature of AI in cybercrime, the emergence of new attack tools, and the importance of automated pen testing, highlighting vuln…
- From IoT to AIoT: Operational and Security Challenges for Modern Enterprises
This episode of The Security Strategist podcast features host Trisha Pillay and Bernd Gross, CEO of Cumulocity. They discuss operational and security challenges in industrial enterprises, emphasizing data strategy, cybersecurity, and lifec…
- Overcoming Regulatory, Infrastructure, and Operational Challenges When Scaling Tech Globally
This episode discusses the complexities of scaling technology globally, focusing on regulatory, infrastructure, and operational challenges. It highlights strategies for balancing these factors while delivering reliable, secure, and effecti…
- How Can MSPs Move From Defense to Full Cyber Resilience?
This episode of The Security Strategist discusses how MSPs can move from defense to full cyber resilience. Guests Jim Waggoner and Lewis Pope from N-able explain that this requires changes in operations, culture, and strategy, not just tec…
- What If We Could Fix Vulnerabilities Faster Than We Find Them?
Richard Stiennon and John Amaral discuss how automation, AI agents, and a "Shift Out" approach can improve vulnerability management. This new method aims to fix vulnerabilities faster than they are found by addressing issues in open-source…
- Can Identity Security Close the AI Governance Gap?
This episode of The Security Strategist podcast features Richard Stiennon and Art Gilliland discussing AI adoption, shadow AI, and the role of identity security in AI governance. They explore managing AI risks, securing machine identities,…
- EDR, XDR, or MDR - What’s the Real Difference and Why Does It Matter?
In this episode, Jim Waggoner and Joe Ferla speak with Chris Steffen about the distinctions between EDR, XDR, and MDR. They address common misconceptions and challenges in real-time cybersecurity threat response, including purchasing decis…
- Securing Assets in a Complex IT Landscape: Deterministic Automation in ITAM
In this episode, Syed Ali and Chris Steffen discuss securing assets in complex IT environments through IT asset management (ITAM) and deterministic automation. They explore how these strategies provide visibility and control, reduce cybers…
- How Can Businesses Address Guardrails for Autonomous AI Agents with Permissions?
Jeff Hickman and Richard Stiennon discuss the challenges for businesses adopting AI, focusing on managing permissions and identity for autonomous AI agents. They explore the need for fine-grained authorization and the importance of human o…
- Is Current DLP Failing Data Security in the Age of Generative AI?
Richard Stiennon and Gidi Cohen discuss the impact of generative AI on data security. They explain why traditional data loss prevention (DLP) systems are insufficient and explore the need for a new approach to secure AI-driven enterprises.
- The Zero Trust Conundrum: How Intelligent Friction Boosts Business Velocity
Jonathan Care and Sudhir Reddy discuss how to build trust in Zero Trust systems. They explore the paradox in Zero Trust systems where human trust is essential for the system to function effectively, and how intelligent friction can balance…
- Universal Privileged Access Authorization: Securing Humans, Machines, and Agentic AI
This episode of The Security Strategist discusses universal privileged access authorization. It explores how organizations can secure human users, machines, and agentic AI through identity-based controls, emphasizing identity as the centra…
- How Can MSPs Stay Competitive with Managed Detection and Response (MDR)?
This episode of The Security Strategist features Richard Stiennon, Stefanie Hammond, and Jim Waggoner discussing how MSPs can remain competitive with Managed Detection and Response (MDR). They explore the need for MSPs to adopt MDR, the im…
- Are Your Keys Safe? Why HSMs Are Now Essential for Cloud, Quantum, and AI Security
Robert Rogenmoser, CEO of Securosys, discusses the importance of Hardware Security Modules (HSMs) for securing encryption keys. He explains how HSMs protect data in cloud, quantum, and AI security scenarios, emphasizing key management and…
- Is Your CIAM Ready for Web-Scale and Agentic AI? Why Legacy Identity Can't Secure Agentic AI
Jeffrey Hickman and Alejandro Leal discuss the challenges of securing AI agents with traditional Customer Identity and Access Management (CIAM) solutions. They explore the need for new self-managed identity solutions and the importance of…
- AI-Powered Scam Factories: The Industrialisation of Fake Shops & Online Fraud
This episode of The Security Strategist podcast features Richard Steinnon and Lisa Deegan discussing how criminals use AI to create convincing fake online shops and the resulting impact on consumer trust. They explore the need for a compre…
- Why Are 94% of CISOs Worried About AI, and Is Zero Trust the Only Answer?
This episode of The Security Strategist podcast features Stephen McDermid and Alejandro Leal discussing AI in cybersecurity, identity fabric, and modern threats to identity security. They emphasize the importance of proactive identity gove…
- Fast, Safe, and Automated: Bridging DevOps and SecOps in the Age of Engineering Excellence
This episode of The Security Strategist discusses bridging DevOps and SecOps. It focuses on integrating security into development pipelines to achieve fast, safe, and automated processes, engineering processes.
- What Does the Rise of Agentic AI Mean for Traditional Security Models?
This episode of The Security Strategist features Sam Curry, CISO at Zscaler, and host Richard Stiennon. They discuss the implications of agentic AI for traditional security models, emphasizing effective AI usage, its role in security opera…