Mar 9, 2026
Threat intelligence too often arrives as a steady stream of alerts that don’t translate into clear, timely decisions. This episode explores how public-sector intel flows today through channels like CISA, MS-ISAC, and CIS—and why changes in funding and distribution can reshape what organizations actually receive...
Feb 9, 2026
CISO Jadee Hanson shares how Vanta “drinks its own champagne,” running on NIST CSF with quarterly baseline reviews and using Vanta’s GRC platform to turn every release into live UAT for privacy, governance, and compliance. We rethink third-party management—why point-in-time risk scores are fading and how...
Jan 12, 2026
Title: Keys Without People” — John Heasman on Cleaning Up Non-Human Access
Summary: John breaks today’s non-human identity mess into three buckets: core tools your business runs on, old/one-off integrations that linger, and engineer tokens left behind. His playbook is simple: decide what’s truly critical, assign...
Dec 8, 2025
This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs...
Nov 10, 2025
CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action.
Segment Resources:...