A Conversation With Harry Wetherald CO-Founder & CEO At Maze

➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud workspace security—especially how to prevent and contain attacks across platforms like Google Workspace and Microsoft 365. We talk about: • Proactive Security for Email and Cloud PlatformsHow Material goes beyond traditional detection by locking down high-risk documents and inboxes preemptively—using signals like time, access patterns, content sensitivity, and anomalous user behavior. • Real-World Threats and Lateral MovementWhat the team is seeing in the wild—from phishing and brute-force attacks to internal data oversharing—and how attackers are increasingly moving laterally through cloud ecosystems using a single set of compromised credentials. • Customizable, Context-Aware Response WorkflowsHow Material helps teams right-size their responses based on risk appetite, enabling fine-grained actions like MFA prompts, access revocation, or full session shutdowns—triggered by dynamic, multi-signal rule sets. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 - Welcome & High-Level Overview of Material Security02:04 - Common Threats: Phishing and Lateral Movement in Cloud Office05:30 - Access Control in Collaborative Workspaces (2FA, Just-in-Time, Aging Content)08:43 - Connecting Signals: From Login to Exfiltration via Rule Automation12:25 - Real-World Scenario: Suspicious Login and Automated Response15:08 - Rules, Templates, and Customer Customization at Onboarding18:46 - Accidental Risk: Sensitive Document Sharing and Exposure21:04 - Security Misconfigurations and Internal Abuse Cases23:43 - Full Control Points: IP, Behavior, Classification, Sharing Patterns27:50 - Integrations, Notifications, and Real-Time Security Team Coordination31:13 - Lateral Movement: How Attacks Spread Across the Workspace34:25 - Use Cases Involving Google Gemini and AI Exposure Risks36:36 - Upcoming Features: Deeper Remediation and Contextual Integration39:30 - Closing Thoughts and Where to Learn MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Apr 26min

AI is changing cybersecurity at a fundamental level—but how do we decide what to build, and when? In this episode, I outline a structured way to think about AI for security: from foundational ideas to a future-proof system that can scale with emerging threats. • Rethinking Human Workflows as Intelligence PipelinesBy mapping tasks into visual workflows, we can pinpoint exactly where human intelligence is still required—and where AI agents are most likely to replace or enhance us. • Using AI to Understand and Manage Organizational StateI introduce the concept of AI state management: building systems that track your current and desired security posture in real time, and using AI to bridge the gap—automating insights, decisions, and even actions across your environment. • Building a Cyber Defense Program Inspired by Attacker PlaybooksInstead of waiting for threats, I propose a new framework based on attacker capabilities—what they wish they could do now and in the near future—and how to proactively prepare by building a continuously adapting AI-powered defense system. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters:00:00 - Framing the Future: Two Key Questions on AI and Cybersecurity01:28 - Intelligence Pipelines: Visualizing Human Work as Replaceable Workflow06:10 - Theory of Constraints: How Attackers Are Bottlenecked by Human Labor10:42 - Defining Agents: What Makes AI Different From Traditional Automation12:08 - AI State Management: The Universal Use Case for Automated Intelligence16:53 - Real-World Demo: Unified Context AI for Security Program Management26:30 - Advanced Uses: Reassigning Projects, Updating KPIs, and Security Reports34:58 - Automating Security Questionnaires With AI Context Awareness38:43 - ACAD Framework: Predicting and Preparing for Future Attacker Capabilities47:40 - Defender Response: Building AI-Driven Red Teams and Internal UCCs52:25 - Final Answers: How Software and Security Change With AI AgentsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Apr 42min

The conversation around AGI and ASI is louder than ever—but the definitions are often abstract, technical, and disconnected from what actually matters. In this episode, I break down a human-centered way of thinking about these terms, why they’re important, and a system that could help us get there. I talk about: • A Better Definition of AGI and ASIInstead of technical abstractions, AGI is defined as the ability to perform most cognitive tasks as well as a 2022 U.S.-based knowledge worker. ASI is intelligence that surpasses that level. Framing it this way helps us immediately understand why it matters—and what it threatens. • Invention as the Core Output of IntelligenceThe real value of AGI and ASI is their ability to generate novel solutions. Drawing inspiration from the Enlightenment, we explore how humans innovate—and how we can replicate that process using AI, automation, and structured experimentation. • Scaling the Scientific Method with AIBy building systems that automate idea generation, recombination, and real-world testing, we can massively scale the rate of innovation. This framework—automated scientific iteration—could be the bridge from human intelligence to AGI and beyond. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerChapters: 00:00 - Why AGI and ASI Definitions Should Be Human-Centric01:55 - Defining AGI as a 2022-Era US Knowledge Worker03:04 - Defining ASI and Why It’s Harder to Conceptualize04:04 - The Real Reason to Care: AGI and ASI Enable Invention05:04 - How Human Innovation Happens: Idea Collisions and Enlightenment Lessons06:56 - Building a System That Mimics Human Idea Generation at Scale09:00 - The Challenge of Testing: From A/B Tests to Biotech Labs10:52 - Creating an Automated, Scalable Scientific Method With AI12:50 - A Timeline to AGI and ASI: Predictions for 2027–2030Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Apr 10min

➡ Build, run, and monitor workflows with Tines at: tines.com In this episode, I speak with Matt Muller, Field CSCO at Tines, about how automation and AI are transforming security operations at scale. We talk about: • Tines' Mission to Eliminate Manual Security Work Through Automation How Tines helps security teams streamline incident response and workflow automation without needing to write code, saving time and reducing burnout. • Applying AI to Security Operations and Analyst Workflows How AI is used in phishing analysis, threat intel reporting, and data transformation—integrated safely into workflows using tools like Workbench with private LLMs. • Tines Workbench and the Future of Agentic AI How Workbench combines chat with deterministic automation to help analysts take action securely, and how Tines is exploring agentic AI to take automation even further. Chapters: 00:00 - How Tines Automates Security to Solve SOC Burnout07:19 - The AI Arms Race: How Attackers and Defenders Are Evolving09:08 - Why Security Still Comes Down to Workflow, Logging, and Action13:41 - How CISOs Are Balancing AI Adoption and Enterprise Risk17:36 - Using AI in Tines to Transform and Automate Security Workflows20:40 - How AI Detects Business Email Compromise Better Than Rules25:26 - From Security to Data Pipelines: Tines as Workflow Orchestration28:59 - Inside Workbench: Secure AI-Powered Chat for Analysts36:00 - Automating Phishing Investigations with Trusted Tool Integrations39:19 - Where to Learn More and Try Tines for FreeBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

1 Apr 39min

STANDARD EDITION: Signal OPSEC, White-box Red-teaming LLMs, Unified Company Context (UCC), New Book Recommendations, Single Apple Note Technique, and much more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

31 Mar 18min

➡ Allow what you need, block everything else with ThreatLocker: threatlocker.com In this episode, I speak with Slava Konstantinov, ThreatLocker's MacOS Lead Architect, about their zero-trust approach to endpoint security and their latest cybersecurity innovations. We talk about: • ThreatLocker’s Zero Trust Approach to Cybersecurity:How ThreatLocker enforces a default deny security model, ensuring only explicitly allowed applications and actions can run, reducing attack surfaces and unauthorized access. • Key ThreatLocker Products and Features:How ThreatLocker’s solutions—Application Control, Storage Control, Ring Fencing, Network Control, and ThreatLocker Detect—help organizations enhance security through granular policy enforcement. • New & Upcoming ThreatLocker Features:How new solutions like Patch Management, Web Control, Insights, and Cloud Detect will provide even greater security, automation, and compliance for businesses managing complex IT environments. Chapters:00:00 - Intro to ThreatLocker and Zero Trust Security01:24 - How ThreatLocker’s Application Control Blocks Unauthorized Software06:52 - Storage Control: Preventing Unauthorized Data Access and USB Threats08:19 - Ring Fencing: Controlling App Permissions and Network Access12:37 - Elevation Control: Granting Admin Privileges Without Risk16:23 - Network Control: Restricting Internet and Internal Network Access19:26 - AI-Driven Security Policies: The Future of ThreatLocker Management24:07 - Mac vs. Windows Security: Key Differences and Challenges29:49 - ThreatLocker’s Expansion: New Products and Future Plans32:32 - Where to Learn More About ThreatLocker’s Security SolutionsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Mar 33min

STANDARD EDITION: 28 Open Cyber Jobs, Real-world AI Propaganda Poisoning, MCP Explained, Cline vs. Windsurf, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member for the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessleBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Mar 39min

In this episode, Daniel Miessler explores how to supercharge your macOS workflow with Raycast, transforming everyday tasks into lightning-fast, AI-powered actions. He talks about: Raycast as a Universal Launcher:Daniel explains how Raycast replaces traditional launchers like Spotlight and Alfred, offering an all-in-one shortcut to apps, files, and bookmarks for unparalleled efficiency. Quick Links and Custom Searches:He demonstrates how quick links streamline navigation by replacing outdated bookmarks and enabling custom search commands that let you bypass the browser for faster access. Integrated Utilities and Window Management:Discover how Raycast consolidates everyday tools—from color pickers and process killers to custom window arrangements—ensuring that all your essential utilities are just a keystroke away. Advanced AI Integration:Learn how Raycast’s innovative AI commands integrate with platforms like ChatGPT and Fabric, allowing you to interact with, summarize, and analyze web content directly from your command line. Custom Commands and Productivity Hacks:Daniel reveals his secrets for creating personalized hotkeys, snippets, and aliases that reduce friction in your digital workflow, making your daily tasks smoother and more intuitive. Subscribe to the newsletter at:https://danielmiessler.com/newsletter Watch the video on YouTube at:https://www.youtube.com/c/UnsupervisedLearning Follow on Twitter at:https://twitter.com/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Mar 45min