Security Boulevard Podcast

What does a cybersecurity score of 76 really mean?
In this episode of Security Boulevard, Tom Hollingsworth, Fernando Montenegro, and Jay Cuthrell tackle one of the most persistent challenges in cybersecurity: reducing complex risk to a single number on a dashboard.
They unpack why so many security scores lack context, give a false sense of precision, and often mislead the very executives they’re meant to inform. The discussion dives into the pitfalls of oversimplified risk scoring models, the risks of relying on color-coded dashboards, and why metrics like CVSS often fail without proper business and environmental context.
The panel also contrasts proprietary “secret sauce” scoring systems with more defensible approaches to risk quantification, including frameworks like FAIR.
From misleading executive dashboards to the real challenge of communicating cyber risk in business terms, this episode provides a clear, critical look at why effective security metrics require much more than just a number.
#Cybersecurity #RiskManagement #CISO #CVSS #FAIR #SecurityBoulevard

NVIDIA is no longer just selling chips—it is becoming a central force in the future of AI infrastructure and security.
On this episode of the Security Boulevard podcast, Tom Hollingsworth, Alan Shimel, and Mitch Ashley break down NVIDIA’s growing security ecosystem and what it means for the enterprise.
The conversation explores NVIDIA’s partnerships with major players including CrowdStrike, HPE, and Cisco, and why the company’s role as an AI infrastructure provider puts it at the center of the next wave of cybersecurity strategy.
The trio also examines the urgent need to secure both AI development pipelines and AI-generated outcomes, as organizations race to deploy models, agents, and new AI-driven workflows. They also discuss the promise of NVIDIA OpenClaw and what toolkits like it could signal for the future of secure AI operations.
As AI adoption accelerates, one question becomes impossible to ignore: who will secure the infrastructure powering it all?
#Cybersecurity #AI #NVIDIA #AISecurity #EnterpriseAI #SecurityBoulevard

When a cyberattack moves from "pay us" to "destroy everything," the rules of digital warfare have officially changed.
In this episode of Security Boulevard, Tom Hollingsworth, Fernando Montenegro, and Jack Poller break down the devastating "wipe" attack on healthcare giant Stryker.
Unlike typical ransomware focused on financial gain, this attack saw laptops, phones, and entire systems systematically erased, signaling a chilling shift toward non-financially motivated nation-state aggression. The team explores why healthcare remains a "soft target," the critical importance of network segregation (which saved Stryker’s medical devices), and why identity security is the last line of defense in an era of destructive hacking.
From the "cybersecurity poverty line" to the dangers of weaponizing management tools like MDMs, this conversation is a must-watch for IT professionals and executives navigating today's perilous geopolitical landscape.
#CyberSecurity #StrykerHack #HealthcareIT #Infosec #SecurityBoulevard #NationStateActors #DigitalWarfare #IdentitySecurity #TechFieldDay #CISO #BusinessContinuity

Is the era of "wild west" AI development finally coming to an end, or are we just building taller fences?
In this episode of the Security Boulevard Podcast, Tom Hollingsworth, Mitch Ashley, and Fernando Montenegro dive into why AI regulation has shifted from a "nice-to-have" ethical debate to an urgent cybersecurity mandate.
As the industry prepares to descend on San Francisco, the trio breaks down the high-stakes collision between lightning-fast innovation and the tightening grip of global governance. They examine the growing need for explicit, enforceable rules in a world of autonomous agents and "Shadow AI."
Emerging standards like ISO 42001 and the NIST AI Framework are becoming the new blueprints for enterprise trust, and why traditional law continues to struggle with the velocity of tech. From the economic pressures of global compliance to the grassroots power of community-led safety, this discussion provides a definitive roadmap for navigating today’s most complex security landscape.
See why "trust but verify" has evolved from a simple catchphrase into the ultimate survival strategy for the intelligence era.
#SecurityBoulevard #Cybersecurity #AIRegulation #AIGovernance #EnterpriseAI #AIRisk #ResponsibleAI #RSAC #TechPolicy

If we can't see what AI is actually doing, how can we ever hope to secure it?
In this episode of the Security Boulevard Podcast, hosts Tom Hollingsworth, Mitch Ashley, and Fernando Montenegro break down the complex intersection of Artificial Intelligence and modern cybersecurity.
As AI continues to reshape software development, the team explores why observability has become the critical foundation for establishing accountability and trust in automated systems. They dive into the challenges of governing autonomous agents, the necessity of building "observability-native" architectures, and why transparency is often the missing link in current AI operations.
Whether you're a developer, a security practitioner, or a tech leader, this conversation provides essential insights into integrating security into the DNA of AI-driven environments to ensure that as we innovate, we remain in control.
For more cybersecurity content, visit the Security Boulevard website and subscribe on YouTube.
#SecurityBoulevard #Cybersecurity #ArtificialIntelligence #Observability #SecurityPodcast #InfoSec #TechGovernance #SoftwareDevelopment #AIPathways

AI agents are accelerating discovery, automation, and operational change—but enterprise security teams are still operating on human-speed processes.
In this episode of Security Boulevard, Mitch Ashley joins Tom Hollingsworth and Fernando Montenegro to examine what happens when AI-driven systems begin operating at machine speed while traditional security workflows remain constrained by governance, patch cycles, and change management controls.
The conversation explores: 
How AI agents compress vulnerability discovery timelines 
Why automation without operational maturity increases risk 
Whether enterprise security programs are structurally prepared for AI-era velocity 
The growing tension between innovation and control
As AI capabilities expand, the real challenge isn’t just technical—it’s organizational. Security leaders must rethink processes, prioritization, and response frameworks to avoid widening exposure. AI is scaling. Is your security program?
Subscribe to Security Boulevard for weekly enterprise cybersecurity analysis.
#SecurityBoulevard #CyberSecurity #AI #ArtificialIntelligence #EnterpriseSecurity #SecurityLeadership #Automation #AIagents #CISO #SecurityStrategy #SecurityBoulevard #DigitalTransformation #RiskManagement #Infosec #TechPodcast #Governance

AI is no longer just assisting security teams — it’s actively finding vulnerabilities humans missed.
In this episode of Security Boulevard, Tom Hollingsworth, Alan Shimel, and Fernando Montenegro examine the real-world implications of AI-driven vulnerability discovery after Anthropic allowed Claude to conduct large-scale scanning across open-source projects.
The result? More than 600 vulnerabilities identified — including a long-standing issue in Ghostscript that traditional research had missed for years. The discussion goes beyond headlines.
The panel analyzes:
Whether AI can outperform human threat researchers • How iterative model reasoning changes vulnerability discovery
The risks of AI-powered offensive security • What this means for DevSecOps and open-source maintainers •
Whether AI shifts the balance between defenders and attackers
As AI systems begin to reason across version histories, patch gaps, and architectural inconsistencies, cybersecurity teams face a new reality: automation at machine scale. Is this a breakthrough for defenders — or the beginning of a new attack surface?
If AI can audit every version of your software in seconds, what does that mean for your security posture? Subscribe and join the conversation.
Read More: 
Son of Moltbot vs. Claude Opus
OpenClaw, Cows and Free Milk
Is Claude Opus 4.6 the Best Security Researcher Ever? 
#SecurityBoulevard #CyberSecurity #AIThreatHunting #AISecurity #Anthropic #ClaudeAI #VulnerabilityManagement #OpenSourceSecurity #ThreatIntelligence #CVE #AppSec #SecurityResearch #ResponsibleDisclosure #SecurityOperations #Ghostscript

Cybersecurity failures increasingly originate inside the software supply chain.
In this episode, Tom Hollingsworth, Event Lead at Tech Field Day and Networking Industry Analyst, joins Mitch Ashley, Vice President and Practice Lead, Software Lifecycle Engineering at Techstrong Research, along with Steve Puluka, Network & Security Engineer and Network Architect, Tech Field Day Delegate.
They examine supply chain compromises, including incidents involving Notepad++ and software update distribution mechanisms. The conversation highlights why secure code distribution must be treated as an architectural control, not an operational afterthought.
As software ecosystems grow more interconnected, accountability now spans developers, hosting providers, infrastructure operators, and security teams. The traditional shared responsibility model must evolve to address increasingly complex dependency chains and third-party exposure.
The discussion also explores how artificial intelligence is reshaping networking operations, why observability has become foundational to modern security strategy, and how transparency and proactive incident response reduce systemic risk.
Security today is lifecycle discipline across the entire software delivery chain.
#Cybersecurity #SupplyChainSecurity #DevSecOps #AIinNetworking #Observability #SecurityLeadership

In this episode of the Security Boulevard Podcast, Tom Hollingsworth, Mitch Ashley, and Zoe Rose, CSIRT SecOps Dev Manager at Canon EMEA, examine the growing challenges around data ownership, digital sovereignty, and privacy in modern cybersecurity.
 
The discussion breaks down the complexity of data privacy laws, particularly the differences between the United States and Europe, and what those regulatory gaps mean for organizations responsible for handling sensitive data. The panel also explores challenges around encryption, government access to data, and why transparency in privacy policies is critical to maintaining trust.
 
The conversation closes with a look at how AI is reshaping security and privacy practices, and why trust remains the foundation of any technology strategy in an increasingly regulated and data-driven world.
 
#Cybersecurity #DataPrivacy #DataOwnership #DigitalSovereignty #AISecurity #Trust #SecurityBoulevard #Podcast

Cybersecurity plays a critical role in disaster recovery planning, especially as threats and environments continue to change.
In this episode of the Security Boulevard Podcast, Mitch Ashley, Fernando Montenegro, and Tom Hollingsworth discuss why realistic threat models and regular testing are essential to uncovering hidden weaknesses. The conversation draws lessons from past weather-related disasters and cybersecurity near misses, showing how organizations can learn from incidents that almost went wrong.
The panel also explores how security practices must evolve to match modern environments, including the growing role of AI agents in security operations.
The episode closes with a reminder of the value of learning from history and staying engaged with the cybersecurity community through ongoing discussion, feedback, and shared experience.
#Cybersecurity #DisasterRecovery #ThreatModeling #IncidentResponse #BusinessResilience #AISecurity #SecurityTesting #SecurityBoulevard #Podcast