Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424

Segment 1 - Interview with Jeff Pollard

Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security

For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best:

As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won’t be as simple or as straightforward as mobile and cloud — and that’s bad news for security leaders who in some cases still find themselves challenged by cloud security.

Segment 2 - Weekly News

Then, in the enterprise security news,

1. there’s funding and acquisitions, but we’re not going to talk about them
2. AI’s gonna call the cops on you
3. and everyone’s losing money on it
4. and Anthropic agreed to pay for all the copyright infringement they did when training models
5. and Otter.ai got sued for recording millions of conversations without consent
6. Burger King got embarrassed and their lawyers didn’t like it
7. NPM package mayhem
8. certificate authority hijinks
9. AI darwin awards

All that and more, on this episode of Enterprise Security Weekly.

Segment 3 - Executive Interviews from Black Hat 2025

Interview with Rohit Dhamankar from Fortra

Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape.

Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures.

Whether you’re building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence.

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more!

Interview with Michael Leland from Island

At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity’s most urgent realities: compromised credentials aren’t a possibility — they’re a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren’t “breaking in” anymore… they’re logging in.

Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island’s enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins.

Key takeaways:

• Why credential compromise is inevitable — and how to stop credential use
• How presentation la