エピソード

  • Why Security Teams Are Using EASM to Find Hidden Assets

    Why Security Teams Are Using EASM to Find Hidden Assets
    2026/06/07
    In this episode of Cybersecurity Business with Fexingo, Lucas and Luna dive into External Attack Surface Management (EASM) — a rapidly growing category in enterprise defense. They explore how companies like CrowdStrike and Tenable are acquiring EASM startups to help organizations discover exposed assets they didn't even know they had. Lucas shares a striking case: a Fortune 500 retailer whose acquisition of a smaller brand left thousands of forgotten subdomains and cloud instances unmanaged. Luna asks how these tools actually work under the hood — and whether they create new risks by scanning the internet. The hosts discuss how EASM fits into a broader shift from reactive patching to continuous discovery, and why the average enterprise has 30 percent more external assets than they track. If you're responsible for security strategy, this episode gives you the concrete angle on why asset discovery matters now. #EASM #ExternalAttackSurfaceManagement #CrowdStrike #Tenable #Cybersecurity #EnterpriseSecurity #AssetDiscovery #AttackSurface #CyberDefense #SecurityStrategy #CISO #CloudSecurity #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #CyberRisk #ThreatIntel #SecurityTools Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    8 分
  • Why Security Teams Are Using Cyber Deception Traps

    Why Security Teams Are Using Cyber Deception Traps
    2026/06/07
    Episode 36 dives into how cybersecurity teams deploy honeypots and deception grids to catch attackers early. Lucas explains how one mid-size healthcare company used a fake database filled with decoy patient records to detect a ransomware group before they encrypted real systems. Luna questions whether deception tools are legal in regulated industries, and the hosts discuss the rise of active defense strategies. They also explore a 2025 case where a European bank caught state-backed hackers using a decoy server. The episode covers practical deployment tips, the difference between low-interaction and high-interaction traps, and why CISOs are adding deception to their stack alongside EDR and SIEM. If you work in security operations or are curious how defenders go on the offensive, this episode offers a concrete look at a growing technique. #CyberDeception #Honeypots #ActiveDefense #SecurityOperations #ThreatDetection #RansomwareDefense #DeceptionTechnology #CISO #CyberTraps #DecoyData #EnterpriseSecurity #IncidentResponse #Business #Technology #FexingoBusiness #BusinessPodcast #Cybersecurity #DeceptionGrid Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    8 分
  • How Cybersecurity Teams Are Using Purple Teaming to Bridge Red and Blue

    How Cybersecurity Teams Are Using Purple Teaming to Bridge Red and Blue
    2026/06/06
    Episode 35 of Cybersecurity Business with Fexingo dives into purple teaming — the practice of combining red team offensive security testing with blue team defensive operations in a collaborative, continuous cycle. Lucas and Luna explore how companies like Capital One and JPMorgan Chase have adopted purple teaming to find and fix vulnerabilities faster, reduce mean time to detect, and break down silos between offensive and defensive security teams. They discuss the specific metrics that matter, the tools involved (like Atomic Red Team and Caldera), and the cultural shift required to make purple teaming work. Lucas explains why many CISOs now mandate at least one purple team exercise per quarter, and Luna questions whether smaller companies can afford the approach. The episode also covers a real-world example: how a healthcare organization used purple teaming to discover a critical Active Directory misconfiguration before attackers did. A focused, actionable look at a practice that's reshaping enterprise defense. #PurpleTeaming #RedTeam #BlueTeam #Cybersecurity #EnterpriseDefense #CISO #CapitalOne #JPMorganChase #AtomicRedTeam #Caldera #ActiveDirectory #SecurityOperations #MTTD #Business #Technology #FexingoBusiness #BusinessPodcast #CyberDefense Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    10 分
  • How Security Teams Are Using Digital Twins to Simulate Attacks

    How Security Teams Are Using Digital Twins to Simulate Attacks
    2026/06/06
    Episode 34 of Cybersecurity Business with Fexingo explores the emerging use of digital twins in enterprise security. Lucas and Luna break down how companies like Microsoft and Siemens are building virtual replicas of their networks to simulate advanced persistent threats—without risking production systems. They discuss a real case where a global bank saved $12 million by catching a ransomware payload in a twin before it hit live servers. The hosts also examine the technology's limitations, including fidelity gaps and compute costs. This is a practical look at a concept moving from industrial engineering into cyber defense rooms. No marketing fluff, just the operational reality for CISOs evaluating this tool. #Cybersecurity #DigitalTwin #AttackSimulation #EnterpriseSecurity #ThreatModeling #Microsoft #Siemens #Ransomware #CISO #NetworkSecurity #APTSimulation #TechStrategy #SecurityOperations #Business #Technology #FexingoBusiness #BusinessPodcast #CyberDefense Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    10 分
  • How Security Teams Are Using Ransomware Negotiations to Save Millions

    How Security Teams Are Using Ransomware Negotiations to Save Millions
    2026/06/05
    When ransomware hits, the conventional wisdom says 'never pay.' But in Episode 33 of Cybersecurity Business, Lucas and Luna explore the growing practice of professional ransomware negotiation — where specially trained third-party negotiators engage with attackers on behalf of victim companies. They break down the real numbers from a 2025 ransomware case involving a midsize healthcare network that saved $4.2 million by negotiating down a $5.8 million demand to $1.6 million. Lucas explains how negotiators use psychological framing, proof-of-life verification, and leverage from threat intelligence to drive down ransoms. Luna pushes back on the ethical and regulatory risks, including OFAC sanctions exposure and the debate over whether paying funds future attacks. The episode also covers the rise of insurance-mandated negotiation clauses and the emergence of boutique firms specializing in this high-stakes craft. A focused, numbers-driven look at one of the most controversial corners of modern cybersecurity. #RansomwareNegotiation #CybersecurityBusiness #CrisisManagement #IncidentResponse #Ransomware #EnterpriseSecurity #CyberInsurance #ThreatIntelligence #SecurityOperations #BusinessContinuity #CyberRisk #NegotiationStrategy #HealthcareCybersecurity #OFAC #ThirdPartyRisk #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    10 分
  • How Security Teams Are Using Breach Simulation to Find Gaps

    How Security Teams Are Using Breach Simulation to Find Gaps
    2026/06/05
    Episode 32 of Cybersecurity Business with Fexingo dives into breach and attack simulation (BAS) tools. Lucas and Luna explore how companies like Cymulate, AttackIQ, and SafeBreach are helping enterprise security teams continuously test defenses by automating attacks. They discuss a real-world case: a mid-sized financial firm that used BAS to identify a critical gap in its email security before a phishing campaign hit. The hosts break down how BAS differs from traditional penetration testing, why it's gaining traction among CISOs in 2026, and where the technology still falls short. They also touch on the business models behind these vendors, including how Cymulate raised $70 million in Series C funding in 2025. A concise, analyst-grade look at a rapidly evolving segment of cybersecurity. #BreachAndAttackSimulation #BAS #Cymulate #AttackIQ #SafeBreach #CybersecurityTesting #ContinuousSecurity #PurpleTeaming #SecurityValidation #EnterpriseDefense #CISO #PenetrationTesting #EmailSecurity #CyberResilience #SecurityAutomation #BusinessAndTechnology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    7 分
  • Why CISOs Are Mandating Unified Log Management

    Why CISOs Are Mandating Unified Log Management
    2026/06/04
    Episode 31 of Cybersecurity Business with Fexingo digs into why enterprise security teams are consolidating log management under a single platform. Lucas and Luna examine the rise of observability giants like Splunk, Datadog, and Elastic, and how the shift from siloed SIEM tools to unified observability is reshaping CISO strategy and vendor relations. The episode focuses on a critical pain point: log data fragmentation. A 2023 survey found the average enterprise uses 16 different security monitoring tools, creating blind spots and slowing incident response. The hosts discuss how unified logging reduces mean time to detect from weeks to minutes, citing examples from a major financial services firm that cut detection time by 80 percent after consolidating. They also cover the trade-offs: vendor lock-in, data retention costs, and the tension between centralization and team autonomy. No marketing fluff—just a clear look at a trend that's quietly redefining enterprise defense. #UnifiedLogManagement #CISO #Splunk #Datadog #Elastic #SIEM #Observability #EnterpriseSecurity #LogAggregation #MeanTimeToDetect #SecurityMonitoring #DataFragmentation #IncidentResponse #CyberDefense #BusinessAndTechnology #FexingoBusiness #BusinessPodcast #Cybersecurity Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    7 分
  • How Security Teams Use Zero Trust to Stop Supply Chain Attacks

    How Security Teams Use Zero Trust to Stop Supply Chain Attacks
    2026/06/04
    Episode 30 of Cybersecurity Business with Fexingo dives into how enterprises are adopting zero-trust architectures to defend against software supply chain attacks. Lucas and Luna examine the SolarWinds breach as a case study, then explore how companies like Google and Microsoft are implementing zero-trust principles — from verifying every identity to micro-segmenting networks. They discuss the role of identity security, continuous monitoring, and how zero trust is reshaping vendor risk management. Specific numbers: Google's BeyondCorp implementation reduced surface area by 80 percent. The episode closes with a forward look at zero-trust adoption trends through 2027. A perfect conversation for CISOs, IT leaders, and anyone responsible for enterprise defense. #ZeroTrust #SupplyChainAttack #SolarWinds #IdentitySecurity #Microsegmentation #BeyondCorp #Google #Microsoft #CISO #VendorRisk #EnterpriseSecurity #CyberDefense #NetworkSecurity #BusinessAndTechnology #Podcast #FexingoBusiness #BusinessPodcast #Cybersecurity Keep every episode free: buymeacoffee.com/fexingo
    続きを読む 一部表示
    8 分