The Browser Blind Spot: Rethinking Enterprise Security

The browser has quietly become the most critical—and most overlooked—attack surface in cybersecurity. In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with John Carse, Field CISO at SquareX, about the company’s groundbreaking Browser Detection and Response (BDR) technology and why legacy tools like EDR and Secure Web Gateways can’t see today’s browser-native threats.John draws on his two decades of global cybersecurity experience—spanning the U.S. Navy, JPMorgan, Expedia, and Dyson—to explain emerging risks like Syncjacking, Polymorphic Extensions, and the coming wave of AI-powered browser agents. He also shares practical steps for CISOs to reduce risk from Shadow SaaS and unmanaged devices.If you think your browser is safe, this episode will make you think again.

In this episode of the Brilliance Security Magazine Podcast, Andrew Warren, Vice President of Sales and Marketing at Exclusive Networks North America, joins us to discuss why security-focused distribution matters in today’s cyber landscape. Andrew shares insights from his nearly two decades in the channel, explores how distribution has evolved beyond logistics, and explains how Exclusive Networks helps partners cut through vendor noise, address the cybersecurity skills gap, and adapt to the shift toward services and subscription models.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with Mark Stadtmueller, CTO at SUPERWISE, about the realities of AI governance in today’s enterprises. Mark explains why fear, confusion, and the use of “shadow AI” are fueling an AI governance crisis, and how organizations can move beyond experimentation to trusted, enterprise-grade adoption. The conversation covers regulatory patchworks, runtime safety, smaller language models, and practical safeguards that keep AI both innovative and secure. Mark also shares forward-looking advice for business leaders eager to embrace AI responsibly while maintaining trust, compliance, and visibility.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut speaks with Julian Hamood, Founder and Chief Visionary Officer of TrustedTech. Julian shares his journey from simplifying Microsoft licensing to leading a full-service technology partner recognized as a Microsoft Managed Partner—an achievement reserved for less than 1% of providers worldwide. The conversation explores how enterprises can modernize securely, integrate AI responsibly, navigate IT complexity, and prepare for emerging Microsoft-related risks.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with Tony Garcia, Chief Information and Security Officer at infineo, about what it takes to secure AI systems and safeguard intellectual property. Tony shares his perspective on the threats companies with their own AI may face, the unique challenges of securing blockchain-driven infrastructure, and why security should be seen as a strategic business advantage.

In this episode, we talk with Abhay Bhargav, co-founder of SecurityReviewAI and CEO of we45. Abhay shares how SecurityReviewAI transforms months-long security architecture reviews into actionable insights in just hours, helping teams improve security, compliance, and efficiency.

Summary:In this episode, we welcome Alex Brennan, Vice President of Global Enterprise Sales at Sign In Solutions, to explore the emerging role of visitor management in modern physical security strategies. Alex and host Steven Bowcut dive into how converged threat models are turning the front desk into a vital security checkpoint — and why managing risk doesn’t have to come at the expense of a positive visitor experience.

In Episode S7E13 of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with cybersecurity veteran Jim Alkove to discuss the evolving landscape of identity security. With over 25 years in the industry and leadership experience at Microsoft, Salesforce, and now as CEO of Oleria, Jim shares unique insights into the identity challenges facing modern enterprises. He explains why traditional identity frameworks fall short in today’s complex IT environments and how technologies like graph databases and autonomous access management are poised to transform the way organizations secure digital identities.SummaryThe conversation begins with Jim describing the experiences that led him to found Oleria. Having worked at major tech companies, he saw firsthand how fragmented and outdated identity security practices were becoming in the face of hybrid IT environments, cloud adoption, and the rise of AI. Security practitioners, he explains, are often stuck managing disparate systems that don’t integrate well, leaving dangerous gaps in visibility and control.Jim then shares how his background as an inventor, with over 50 U.S. patents, shapes his approach to solving these complex challenges. He highlights how advancements in graph databases now allow identity systems to model and analyze access relationships with much greater granularity, down to the individual file or ticket level.A major focus of the conversation is the concept of adaptive and autonomous access. Jim explains that true least privilege enforcement requires constant adjustment of access rights based on real-time usage and business context. Oleria’s platform addresses this by using AI to manage and automate access decisions, reducing the reliance on manual approvals and ticketing systems.Steven and Jim also explore how identity tools like Oleria can dramatically improve incident response. Instead of spending hours gathering logs and writing scripts, security teams can quickly view a compromised account’s access and activity during the threat window, reducing response time and impact.Trust and transparency are also essential, Jim notes. Organizations must understand and control what their identity platform is doing. Oleria ensures this by providing detailed visibility into every automated action and allowing users to configure the level of human oversight.Looking to the future, Jim stresses that AI is both a tremendous opportunity and a significant security challenge. As AI agents begin to act on behalf of users and businesses, identity systems will need to keep pace by securing access at a much finer level, and for entities far beyond human users. This includes understanding the authority and trustworthiness of AI agents acting on behalf of external partners.The episode closes with a compelling reminder that the complexity of today’s IT environments—and tomorrow’s AI-driven workflows—demands a new approach to identity. Enterprises that don’t evolve their identity infrastructure risk falling behind both in innovation and in protection.About Our GuestJim Alkove is the co-founder and Chief Executive Officer of Oleria, where he leads company strategy, vision, and growth. A tech industry veteran with over 25 years of experience, Jim has held senior security leadership positions at Microsoft, Salesforce, and other major technology firms. He holds over 50 U.S. patents and is a recognized innovator in identity security and access management. Jim also serves as a strategic advisor to numerous startups working on the future of cybersecurity.

In Episode S7E12 of the Brilliance Security Magazine Podcast, host Steven Bowcut is joined by Steve Bassett, Senior Director of Security Consulting at GMR Security. With over three decades of experience in physical security operations, Steve shares insights on how organizations, particularly large, multi-site enterprises, can successfully modernize their physical security posture. The discussion uncovers the growing convergence of physical and cybersecurity, the importance of holistic risk assessments, and the role of technology and policy in creating effective security programs.SummaryThe conversation begins with Steve recounting his unconventional path into security consulting, beginning with his early interests in electronics and broadcasting, and culminating in leadership roles within large integration firms and global financial institutions like Salomon Smith Barney.Steve and Steven delve into the challenges facing complex organizations, including outdated technology, siloed operations between IT and security teams, and the widespread absence of formal standards and policies, particularly in companies undergoing mergers or acquisitions. Steve emphasizes that many organizations still lack updated documentation or unified security procedures, which creates vulnerabilities and inconsistencies across locations.He explains his risk assessment approach, which starts with stakeholder engagement to understand each group's perspective on threats and critical assets. Steve highlights how even seasoned organizations often overlook gaps in understanding or communication, especially between IT, facilities, and security teams. These assessments go beyond checklists; they result in actionable roadmaps with prioritized recommendations based on industry standards.The episode also touches on the difference between physical security and life safety, emphasizing the need for guard forces to play a more integrated role in emergency preparedness, not just surveillance and access control. Steve notes that security teams must collaborate with life safety stakeholders to ensure responsibilities are clearly defined and that early detection and response are effectively handled.When discussing technology’s impact on physical security, Steve explores the increasing role of AI-powered systems. From anomaly detection to intelligent camera analytics, he stresses that while technology is powerful, it must be applied appropriately and with clear operational goals. Not every high-tech solution is right for every organization, and understanding infrastructure readiness and legal constraints—like facial recognition laws—is essential.Steve also makes a compelling case for the value of engaging a consultant early in the planning process. While some organizations delay bringing in outside expertise until problems arise, Steve argues that early collaboration prevents costly mistakes, helps avoid bias from vendors, and ensures solutions are aligned with both current and future needs.As the conversation wraps, Steve offers insights into future-proofing security strategies, urging organizations to keep doors open for emerging technologies, such as drone detection or automated visitor management, without overcommitting to unproven solutions. He encourages security leaders to build flexibility into their infrastructure and to align technological capabilities with real-world operational needs.

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with John Sobczak, founder and CEO of NXT1, to explore how software development teams can accelerate time to market without compromising on security or compliance. John shares how his career shaped the vision behind NXT1 and discusses the structural pitfalls that often delay or derail promising SaaS startups. This engaging conversation is packed with actionable insights for developers, founders, and investors navigating the complex intersection of speed, scale, and security.SummaryJohn Sobczak brings decades of experience in enterprise technology and government cybersecurity to this discussion, offering a compelling argument for embedding security from the very first line of code. He outlines how modern SaaS development is hampered by excessive cognitive load on developers, who are often forced to juggle core product development with complex compliance frameworks. This leads to delays, technical debt, and avoidable risk.NXT1’s solution is LaunchIT, a turnkey platform designed to provide secure, compliant infrastructure out of the box. Sobczak explains how inheritance—not just guardrails—makes the difference. By giving developers access to hardened, policy-aligned environments that meet standards like SOC 2, HIPAA, and FedRAMP, NXT1 dramatically shortens the path from idea to revenue. This also reduces founder and investor risk while increasing the cost for adversaries targeting early-stage SaaS companies.Throughout the episode, Sobczak emphasizes the importance of building with scale and regulation in mind—even if those market demands aren’t immediate. He notes that most early-stage teams wait too long to consider security, mistakenly treating compliance as a checklist to be addressed after product development. Instead, NXT1 aims to "meet customers where they are," helping both startups and more mature companies seamlessly scale into new verticals like healthcare and public sector without rebuilding from scratch.He also touches on the cultural shifts required in development organizations: making security everyone’s responsibility, automating infrastructure to reduce human error, and resisting the temptation to reinvent the wheel when platforms already exist that can shoulder much of the compliance burden.Whether you're an entrepreneur launching a new SaaS product or a development leader in a growth-stage company, this episode is a must-listen for those looking to secure their software—and their future—from the ground up.