Security teams have more data than ever -- and less confidence in it. Angelos Kottas, VP of Product and Corporate Marketing at Axonius, opens by sharing a striking finding from the Axonius Actionability Report: 55% of CISOs still run their environments off spreadsheets, and fewer than 20% have daily updates to their asset data. The result is a gap between what organizations think they know and what is actually happening across their digital real estate.

Axonius was founded in 2017 after its co-founders witnessed a Fortune 100 retailer go into crisis during a live security incident -- unable to identify which assets were impacted or who owned them. That founding story still frames the company's mission: give security teams a comprehensive, enriched, and current view of every asset so they can stop flying blind.

But Kottas argues that visibility alone is no longer the goal. Axonius launched its exposure management product at RSAC Conference 2025 -- its most successful product launch to date -- and the message from customers is consistent: what used to take weeks now takes hours or minutes. The platform now enables teams to move from discovery to coverage gap analysis to prioritized remediation, all in one place.

The business case is real. Texas A&M University used Axonius to gamify risk reduction across its decentralized schools and divisions, turning remediation into a leaderboard and dramatically accelerating time to closure. An entertainment company customer used Axonius during the 2024 CrowdStrike Blue Screen of Death incident to scope its impact and build a remediation plan in minutes -- delaying operations by just five minutes, while others faced days of disruption.

Kottas also addresses the AI question head-on. He frames it as AI squared: the foundation for artificial intelligence is asset intelligence. Agentic AI and autonomous SOC workflows are only as reliable as the data underneath them. Conflicting endpoint counts across EDR, CMDB, and other tools produce dirty data that undermines AI trust. Axonius solves this by delivering a deduplicated, enriched asset graph with business context layered in -- so AI systems can make recommendations organizations can actually act on.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Angelos Kottas, VP of Product and Corporate Marketing, Axonius
LinkedIn: https://www.linkedin.com/in/amkottas/

RESOURCES

Axonius website: https://www.axonius.com
Axonius Actionability Report: https://www.axonius.com (available on the Axonius website)
Adapt 2026 (annual customer conference, April 15, New York City): https://www.axonius.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Angelos Kottas, Axonius, Sean Martin, asset intelligence, exposure management, cyber asset attack surface management, CAASM, vulnerability management, actionability, CISO visibility, AI in cybersecurity, agentic AI, asset discovery, coverage gap analysis, incident response, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security teams have always struggled with the gap between finding vulnerabilities and fixing the right ones. DeCloss built PlexTrac after seeing that gap firsthand as a penetration tester -- watching critical findings disappear into static PDFs and manual spreadsheets with no real tracking, no accountability, and no way to demonstrate improvement. The platform was designed from the ground up to close that loop.

The conversation gets specific about what contextual risk scoring actually means. A CVE rated 10.0 in the National Vulnerability Database may be irrelevant to a given organization; a lower-severity finding may be critical given the systems that organization actually runs. PlexTrac's newly launched MCP server correlates vulnerability data against real-world environmental context, making that distinction automated and actionable -- not something an analyst has to puzzle out manually every time.

DeCloss walks through what the before state looks like for most teams: an annual pentest PDF, weekly scanner output, no unified view, and spreadsheet-based assignment that makes it nearly impossible to track who is working on what or whether anything is actually getting resolved. PlexTrac replaces that with a normalized, integrated platform that connects to Jira, ServiceNow, and Azure DevOps -- keeping workflows intact while adding the visibility that was always missing.

On AI's role in the industry, DeCloss is measured but direct. AI is a force multiplier, not a job eliminator. Security has always operated with a talent shortage, and automation fills that gap. But AI also expands the attack surface -- and organizations that adopt it without a security framework create new exposure. The human in the loop, with real subject matter expertise, remains essential.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Daniel DeCloss, Founder & CTO, PlexTrac
https://www.linkedin.com/in/ddecloss/

RESOURCES

PlexTrac: https://plextrac.com

KEYWORDS

Daniel DeCloss, PlexTrac, Sean Martin, vulnerability management, penetration testing, pentest reporting, risk prioritization, CVE scoring, MCP server, AI in cybersecurity, blue team, remediation tracking, CTEM, continuous threat exposure management, RSAC Conference 2026, brand spotlight, brand marketing, marketing podcast, brand story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2026, Eric Herzog, Chief Marketing Officer of Infinidat, sat down with Sean Martin for a booth-side Brand Highlight that reframes a familiar blind spot. Infinidat is a high-end enterprise storage company serving global Fortune 500 organizations and mid-range managed service providers -- and Herzog argues that leaving storage out of a corporate cybersecurity strategy means leaving the largest concentration of enterprise data exposed.

Infinidat embeds cybersecurity directly into its storage platform through InfiniSafe, a software suite that has earned recognition from both storage and cybersecurity analysts. The centerpiece of the offering is a written guarantee: any dataset, regardless of size, will be recovered in one minute or less. Herzog explains that this is backed by immutable snapshots that cannot be altered or deleted, a management plane separated from the data plane, and AI/ML-powered scanning through InfiniSafe Cyber Detection that validates a snapshot is clean before it is restored.

The goal is a "known good copy" -- a forensically clean snapshot that can be brought back with confidence. Herzog notes that security teams often focus on confidentiality and availability while underweighting integrity. Infinidat's approach addresses all three: snapshots are verified clean, recovery is fast, and the process is demonstrable in live proof-of-concept environments. At the beginning of April 2026, Infinidat recovered six petabytes in three seconds in a live demo.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Eric Herzog, Chief Marketing Officer, Infinidat
LinkedIn: https://www.linkedin.com/in/erherzog

RESOURCES

Infinidat Website: https://www.infinidat.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Eric Herzog, Infinidat, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, enterprise storage, cybersecurity, ransomware recovery, data protection, InfiniSafe, immutable snapshots, cyber resilience, RSAC Conference 2026, next generation data protection, MSP security, storage security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Vijit Nair, VP of Product Management at Corelight, joins Sean Martin on the floor of RSAC Conference 2026 for a conversation about what it takes to move security operations from AI-assisted to AI-autonomous. Corelight is the fastest-growing company in the network detection and response (NDR) space, and Nair has spent six years helping build the platform from early network monitoring to its current position as a Gartner Magic Quadrant Leader. The company's open NDR platform transforms raw network traffic into high-fidelity, unopinionated evidence -- and that evidence is now powering the next leap: agentic triage.

Corelight's newly launched Agentic Triage product moves beyond the "level one" AI assistant model -- where a system answers questions but takes no action -- to a "level two" agent that actually investigates and triages alerts. It identifies the riskiest entities in an environment, collects all associated context and data, runs a full investigation cycle, and delivers a verdict with full evidence attached. Nair calls it "bringing the receipts": analysts see not just the conclusion but every step of the reasoning. Early results show a 10x increase in investigation speed and 60-70% of alerts being automatically triaged.

The network is having a resurgence as an essential visibility layer, and Nair explains why: attackers have adapted to EDR. Nation-state-style campaigns like Volt Typhoon and Salt Typhoon operate in the network layer, targeting unmanaged devices, routers, firewalls, and VPNs that endpoint tools cannot see. Corelight almost always finds something in the first 30 days of a pilot deployment -- from shadow IT and shadow VPNs to active red team attacks using tools like Sliver-based C2 frameworks.

On the question of SOC adoption, Nair pushes back on the assumption that hesitation comes from the top. The hunger for AI-powered tools runs from CISOs all the way down to the analysts dealing with alert overload and understaffed teams. A recent customer put it simply: "This is amazing. Please don't take it away from me." Nair frames the path to full autonomy as a spectrum -- from human-controlled to fully agentic -- and draws the comparison to Waymo: the journey is measured and incremental, but the destination is inevitable.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Vijit Nair, VP of Product Management, Corelight
https://www.linkedin.com/in/vijitn

RESOURCES

Corelight: https://corelight.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Vijit Nair, Corelight, Sean Martin, network detection and response, NDR, agentic triage, AI SOC, autonomous security operations, SOC automation, network security monitoring, threat detection, AI-powered security, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ISACA has stepped into a defining role in the CMMC ecosystem, taking over as the CMMC Assessor and Instructor Certification Organization -- the CAICO -- for the U.S. Department of War's Cybersecurity Maturity Model Certification program. Recorded live at RSAC Conference 2026, this conversation with Todd Gagnon, the Director of the CAICO at ISACA, gets right to the heart of what that means for cybersecurity professionals, defense contractors, and anyone thinking about where their career intersects with the defense industrial base.

The CMMC program exists to solve a persistent problem: too many companies doing business with the federal government had failed to properly implement required cybersecurity controls. Built around NIST 800-171's 110 security requirements, CMMC demands third-party, independent verification -- and that means a large, trained, credentialed assessor workforce. ISACA's role is to build and certify exactly that. Todd Gagnon walks through the two foundational credentials at the center of this effort: the CMMC Certified Professional (CCP) as the entry point, and the CMMC Certified Assessor (CCA) as the operational core. With roughly 800 credentialed professionals in the current ecosystem against a need measured in thousands, the stakes and the urgency are clear.

What makes this conversation practically useful is the range of people it speaks to. Gagnon lays out who should be thinking about a CCP -- including professionals early in their careers and organizations that want internal staff who truly understand the CMMC framework, not just outside consultants. He explains the C3PAO model, how subcontractor compliance flows through the ecosystem, and why NIST 800-171 is a strong cybersecurity foundation regardless of whether an organization ever touches a government contract. The certification pathway is open to non-ISACA members, the CCP is designed to be accessible, and the knowledge transfers well beyond the federal contracting context.

ISACA is also moving ahead of the curve: with NIST having released Revision 3 of 800-171, ISACA is already developing training content for the transition -- targeting late 2025 delivery so that a wave of Revision 3-ready professionals will be in place when the Department of War makes the regulatory shift. Todd Gagnon closes with a candid ask for patience as the April 1st transition from Cyber AB to ISACA takes effect, along with a clear statement of intent: the credentials issued under ISACA's watch should stand for something.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Todd Gagnon, Director, CMMC Assessor & Instructor Certification Organization (CAICO) at ISACA
LinkedIn: https://www.linkedin.com/in/todd-gagnon-90b8a6264/

RESOURCES

ISACA CMMC Certification Hub: https://www.isaca.org/cmmc
ISACA Official Website: https://www.isaca.org

KEYWORDS

Todd Gagnon, ISACA, Sean Martin, Marco Ciappelli, CMMC, Cybersecurity Maturity Model Certification, CAICO, CCP, CCA, NIST 800-171, Defense Industrial Base, cybersecurity certification, DoD compliance, government contractors, brand spotlight, brand story, brand marketing, marketing podcast, RSAC Conference 2026

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

On the RSAC Conference show floor, Tony Anscombe shared how ESET has expanded its threat intelligence offering with ECR reports -- designed to give commercial organizations both machine-readable feeds and human-readable analysis. The reason: threat actors are increasingly hard to attribute, they share tools, run coordinated campaigns, and reinvest profits into more sophisticated operations. Having someone do the research and surface actionable intelligence is no longer a luxury.

Anscombe pointed to a telling campaign pattern from last year: threat actors refined attack methods against UK retailers, then rapidly adapted those same techniques against US retailers. The implication is clear -- your business may be unique in its infrastructure, but it is not unique in its sector. Understanding how your sector is being targeted is the foundation of a prevention-first posture.

Automation came up as equally non-negotiable. If it takes three days to collect all the information needed to make a determination about an incident, the post-attack phase has already begun. ESET Inspect is designed to flip that equation: when an analyst opens an incident, the forensic analysis is done, the evidence is visualized, and the determination can be made on facts rather than gathered through investigation.

Anscombe was careful to draw a line between automation as speed and automation as replacement. ESET's position is that AI should operate alongside human expertise -- trust and verify applies to AI-assisted analysis just as it does to any intelligence feed. Oversight remains essential, even as the tooling gets faster.

A preview of upcoming survey data offered one of the more striking moments in the conversation. Roughly 35% of SMBs using MDR are sourcing that service directly from their cyber insurer. Anscombe flagged the monoculture risk: when a large share of businesses in the same sector run identical security stacks, a single point of failure becomes a sector-wide vulnerability. His advice after 30 years in the industry -- different organizations should deliberately choose different platforms to maintain diversity.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Tony Anscombe, Chief Security Evangelist, ESET
LinkedIn: https://www.linkedin.com/in/tonyanscombe/

RESOURCES

ESET: https://www.eset.com
ESET Threat Intelligence: https://www.eset.com/int/business/services/threat-intelligence/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Tony Anscombe, ESET, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, threat intelligence, cyber resilience, MDR, EDR, XDR, managed detection and response, SMB security, cybersecurity automation, RSAC Conference 2026, prevention-first security, cyber insurance, monoculture risk, ESET Inspect, APT research

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.