The Hidden Threat Inside Every Enterprise: What CISOs Are Missing in the Software Supply Chain, with Koi’s Amit Assaraf

Impersonation Is Out of Control. How Doppel Finds It Before You Even Know It’s Happening

Fake LinkedIn profiles. Deepfake audio. WhatsApp scams. Your CEO being impersonated on BlueSky. Most security tools never even see it. In this episode, Kevin Tian (CEO & co-founder of Doppel) joins me to break down how modern impersonation campaigns actually work — and why traditional takedown tools aren’t enough. We dig into: * Real-world impersonation campaigns targeting F500 execs * How Doppel maps entire threat infrastructures from a single phone number * Why your SOC team is blind without cross-channel visibility * The new threat vector keeping Kevin up at night: fake job candidates This is one of the most eye-opening conversations I’ve had about modern social engineering. Watch it now. — Timestamps: 00:00 – Intro 01:17 – Doppel’s origin story and growth 02:45 – What makes the platform different 04:32 – One thread → full threat graph 05:17 – Real customer story: phone number → LinkedIn → inbox 07:37 – Traditional tools vs emerging attack channels 09:30 – Why takedown speed and success still matter 12:18 – How Doppel takes threats down in minutes 14:05 – Building evidence across multiple platforms 15:04 – Executive protection: proactive vs reactive 17:33 – Detecting threats before the enterprise knows 19:05 – Fake political content from execs on BlueSky 20:41 – Finding encrypted channel links (WhatsApp, Telegram) 23:08 – Where impersonation is headed next: insider threats 25:05 – Doppel’s newest product: deepfake simulation 27:09 – Security awareness meets detection 28:42 – Doppel’s vision: detect, disrupt, simulate 29:14 – How to get in touch with Kevin

How Delta Airlines Reimagined Cybersecurity Awareness for 100,000+ Employees, with CISO Deborah Wheeler

What if security awareness training was something your employees looked forward to? In this episode of Vigilance, Delta Airlines CISO Deborah Wheeler joins Pam Brodt to share how she turned one of the most overlooked areas of cybersecurity—employee awareness—into a cultural movement inside a global enterprise. With a workforce of over 100,000, Deborah had to ditch fear-based training, design for a diverse range of roles (including flight crews), and build a program that empowers people at home and at work. What she and her team built is remarkable: * A gamified phishing derby with 50,000+ entries and company-wide excitement * Security training that starts with personal safety, not corporate policy * Tailored, role-specific delivery formats to meet people where they are * A measurable drop in phishing click-through rates and a surge in reporting * Awareness campaigns run by a team of just three people Whether you’re a CISO, awareness program owner, or enterprise leader—this conversation is a masterclass in human-first security strategy.🎧 Watch the full episode to learn: * How to scale employee engagement across a massive enterprise * Why storytelling and incentives work better than fear * How to measure behavior change beyond compliance checkboxes * Why your awareness team shouldn’t come from cybersecurity

The Hidden Threat Inside Every Enterprise: What CISOs Are Missing in the Software Supply Chain, with Koi’s Amit Assaraf

CISOs, are you watching the front door while attackers slip in through the side? In this episode of Vigilance, Pam Brodt sits down with Amit Assaraf, co-founder and CEO of Koi, to expose a massive blind spot in modern enterprise security: the unmonitored sprawl of extensions, registries, app stores, and marketplaces powering your software supply chain. Amit recounts how a simple experiment—uploading a lookalike VS Code extension—landed them inside Fortune 500 environments in under 7 days, undetected. The same path is being used by nation-state actors like Lazarus Group to breach global enterprises. We cover: * Why auto-updates and ownership transfers are critical (and overlooked) attack vectors * How trusted platforms like Chrome, NPM, PyPi, and Hugging Face are being exploited * Why EDRs and AppSec tools fail to detect these threats * How Koi is using AI-driven risk engines to monitor and secure 30+ marketplaces—without deploying a single new agent If you’re a security leader balancing productivity and protection, this conversation will change how you think about supply chain risk. 🔒 Don’t miss this one—it’s the conversation every enterprise CISO needs to hear. Chapters: 0:00 Intro 2:00 The origin of Koi: a marketplace experiment gone viral 8:00 Why marketplaces are the next major attack surface 13:00 The auto-update problem (Cyberhaven breach case study) 18:00 Most abused platforms: IDEs, browsers, registries 22:00 How Koi scales with automation and AI 27:00 No agents, no friction: how Koi integrates 30:00 Final thoughts for CISOs on balancing risk and velocity

Why 98% of Your Vulnerability Management is a Waste, with Nadir Izrael

In the latest episode of the Vigilance podcast, Nadir Izrael, CTO and Co-Founder of Armis, talks about the following: Threat intelligence Groundbreaking insights on the evolution of honeypots in the age of generative AI Challenges faced by CISOs and security organizations when it comes to threat intelligence How Armis' Actional Threat Intelligence (ATI) is changing the game

How Enterprise Browsers Are Streamlining Security, with Mike Fey from Island

Mike Fey, co-founder and CEO of Island, joins Vigilance to explore how enterprise browsers are reshaping cybersecurity, IT modernization, and the future of work. In this clip, Mike shares a pivotal market signal - four of the top five banks adopting enterprise browsers in a single quarter. It's a rare example where CISOs and CIOs find perfect alignment, as initial deployments quickly expand from tactical solutions to strategic platforms. Watch as Mike discusses this turning point in enterprise technology as well as topics like zero trust implementation, VDI reduction, and managing emerging technologies like GenAI.