Guests:

• Eric Foster, CEO of Tenex.AI
• Venkata Koppaka, CTO of Tenex.AI

Topics:

• Why is your AI-powered MDR special? Why start an MDR from scratch using AI?
• So why should users bet on an “AI-native” MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices?
• What’s the current breakdown in labor between your human SOC analysts vs your AI SOC agents? How do you expect this to evolve and how will that change your unit economics?
• What tasks are humans uniquely good at today’s SOC? How do you expect that to change in the next 5 years?
• We hear concerns about SOC AI missing things –but we know humans miss things all the time too. So how do you manage buyer concerns about the AI agents missing things?
• Let’s talk about how you’re helping customers measure your efficacy overall. What metrics should organizations prioritize when evaluating MDR?

Resources:

• Video
• EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 (quote from Eric in the title!)
• EP10 SIEM Modernization? Is That a Thing?
• Tenex.AI blog
• “RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check” blog
• The original ASO 10X SOC paper that started it all (2021)
• “Baby ASO: A Minimal Viable Transformation for Your SOC” blog
• “The Return of the Baby ASO: Why SOCs Still Suck?” blog
• "Learn Modern SOC and D&R Practices Using Autonomic Security Operations (ASO) Principles" blog

Guest:

• Christine Sizemore, Cloud Security Architect, Google Cloud

Topics:

• Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain?
• I hope folks listening have heard past episodes where we talked about poisoning training data. What are the other interesting and unexpected security challenges and threats associated with the AI software supply chain?
• We like to say that history might not repeat itself but it does rhyme – what are the rhyming patterns in security practices people need to be aware of when it comes to securing their AI supply chains?
• We’ve talked a lot about technology and process–what are the organizational pitfalls to avoid when developing AI software? What organizational "smells" are associated with irresponsible AI development?
• We are all hearing about agentic security – so can we just ask the AI to secure itself?
• Top 3 things to do to secure AI software supply chain for a typical org?

Resources:

• Video
• “Securing AI Supply Chain: Like Software, Only Not” blog (and paper)
• “Securing the AI software supply chain” webcast
• EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments
• Protect AI issue database
• “Staying on top of AI Developments”
• “Office of the CISO 2024 Year in Review: AI Trust and Security”
• “Your Roadmap to Secure AI: A Recap” (2024)
• "RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check" (references our "data as code" presentation)

Hosts:

• David Homovich, Customer Advocacy Lead, Office of the CISO, Google Cloud
• Alicja Cade, Director, Office of the CISO, Google Cloud

Guest:

• Christian Karam, Strategic Advisor and Investor

Resources:

• EP2 Christian Karam on the Use of AI (as aired originally)
• The Cyber-Savvy Boardroom podcast site
• The Cyber-Savvy Boardroom podcast on Spotify
• The Cyber-Savvy Boardroom podcast on Apple Podcasts
• The Cyber-Savvy Boardroom podcast on YouTube
• Now hear this: A new podcast to help boards get cyber savvy (without the jargon)
• Board of Directors Insights Hub
• Guidance for Boards of Directors on How to Address AI Risk