Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this week’s episode of The Future of Security Operations podcast, I'm joined by Travis Howerton, Co-founder and CEO of RegScale. Travis began his security career with roles at government and regulated organizations, including the National Nuclear Security Administration and Oak Ridge National Laboratory, before being inspired by inefficiencies in compliance processes to co-found RegScale.

For all the advancements in vulnerability remediation, one of the most fundamental challenges remains unsolved: knowing what to fix first. And according to the 2025 Remediation Operations Report, it’s still not where it needs to be. In fact, difficulty prioritizing vulnerabilities ranks as the third biggest challenge security teams face when managing vulnerabilities. That’s not just an operational inconvenience, it’s a signal that something core to the remediation process is broken.

Recent research by Comparitech reveals the shocking truth about ransomware attacks on government entities; they have a longer impact than anyone thought. Tracking over 1100 government-targeted ransomware attacks over a period of six years, researchers discovered that each day of downtime cost entities nearly $83,600, and that in each attack the downtime lasted for an average of 27.8 days.

The proliferation of Internet of Things (IoT) devices - more specifically, security cameras - has forced organizations to rethink how they protect their physical hardware. Security cameras represent some of the most common IoT devices installed in business and commercial environments. Recent estimates suggest the smart camera market is expected to grow at an astronomical rate, reaching a potential valuation of $12.71 billion by 2030, growing at a Compound Annual Growth Rate of 10%.

CVE-2025-27007 is a critical unauthenticated privilege escalation vulnerability affecting the OttoKit WordPress plugin (formerly SureTriggers), which is used by over 100,000 websites for workflow automation and third-party integration. The vulnerability exists in the plugin’s create_wp_connection() function, which fails to properly verify user authentication when application passwords are not configured.

When I speak to enterprise CISOs and GRC leaders, they often talk to me about 2 problems: Today we unlocked a huge milestone for TrustCloud that will help us scale operations to solve these 2 problems for enterprise CISOs and GRC leaders. We’ve raised $15M in strategic funding led by ServiceNow Ventures, with participation from Cisco Investments, Presidio Ventures, OpenView Venture Partners, Tola Capital, and other existing investors. (Read official press release)

Application security testing (AST) is the process of identifying and fixing security vulnerabilities in software applications. It ensures that applications are protected against threats such as unauthorized access, data breaches, and code manipulation. The application layer continues to be the most attacked and hardest to defend in the enterprise software stack.

Discover how SPICE, WIMSE, and SCITT are redefining workload identity, digital trust, and software supply chain integrity in modern machine-first environments.

Historically, smaller organizations or those outside highly targeted industries for distributed-denial-of-service (DDoS) attacks have thought of DDoS protection more akin to an insurance policy than proactive cyber defense, i.e. we’ll put some reactive processes in place “in case we get hit,” but not much more.