CyberOXtales

Clawdbot, Moltbot, OpenClaw, Oh My! Jim Manico on the Wild Ride of the Agentic Internet

In this episode of CyberOXtales, host Neatsun Ziv, CEO of OX Security, sits down with Jim Manico, Founder of Manicode Security and legendary AppSec educator, to explore the rapid transition from manual coding to AI-driven orchestration. As the industry moves toward "vibe coding" and autonomous agents, they discuss the radical shift in how software is built, secured, and potentially compromised. From a family legacy of teaching to the front lines of "OpenClaw," this conversation serves as a roadmap for leaders navigating the tension between hyper-productivity and the emerging risks of autonomous AI identities. About Our Guest Jim Manico is a third-generation educator and a foundational figure in the application security world. After realizing in the late 1990s that security was often an afterthought in web development, he dedicated his career to recording and teaching secure coding practices. Today, he is a professional educator and "PowerPoint jockey" who helps global organizations secure their development lifecycles while aggressively experimenting with the cutting edge of AI automation. Connect with Jim Manico: LinkedIn [https://www.linkedin.com/in/jmanico/] Key Takeaways * The Orchestration Shift – Software development is evolving from manual coding to "vibe coding," where developers build engineering harnesses and machine-readable requirements for AI to execute. * The Power of Autonomous Agents – Tools like Clawbot and Moltbot allow AI to automate entire projects and research tasks, including the ability for agents to establish private communication channels with one another. * "Designed for Compromise" Security – Testing autonomous agents requires a zero-trust approach: utilize isolated hardware, limited-access OAuth tokens, and operate under the assumption that the agent identity will be fully compromised. * Enterprise Readiness – CISOs should restrict broad company-wide use today while tasking security architects to develop the best practices needed to safely roll out agent fleets in the future. Listen to this episode to learn how to bridge the gap between bleeding-edge AI productivity and the rigorous security architectures required to survive the "Wild West" of autonomous software engineering.

When npm Breaks: Heather Hinton & Christopher Crummey’s Cybersecurity Playbook for Executives

In this episode of CyberOXtales, host Neatsun Ziv leads a dynamic role-play exercise with cybersecurity leaders Heather Hinton, a four-time CISO, and Christopher Crummey, Global Director at Sygnia. Together, they walk through a simulated npm supply-chain compromise, revealing how CISOs, IR teams, and executives should respond in the first critical hours of a dependency attack. The discussion dives into triage under pressure, defining crisis levels, onboarding IR partners in advance, the role of communication in limiting panic, and the importance of practice and culture in incident response. From establishing 'circles of trust' to managing business continuity tradeoffs, this episode is a blueprint for leaders who want to stay ahead of the next supply-chain shock.

Risk Rewired: Samir Sherif’s Cybersecurity Playbook for Executives

Risk Rewired: Samir Sherif’s Cybersecurity Playbook for Executives In this episode of CyberOXtales, Samir Sherif challenges executives to drop outdated boundaries and start thinking in systems. Drawing on years in both financial services and security operations, he outlines why integrating the Security Operations Center (SOC) and Network Operations Center (NOC) is no longer optional. It's essential for resilience. Samir maps out how AI is doing more than just reducing noise in SecOps. It’s already making Level 1 decisions, and soon it’ll take on Level 2 logic, pushing organizations to rethink their human capital strategies. But the tech alone isn’t enough. Culture matters. He breaks down how shifting from a vulnerability-based mindset to a risk-centric language can unlock alignment across engineering, IT, and business functions. This is a no-nonsense guide to breaking silos, choosing the right tools, and designing for continuity from the code layer to the C-suite. If you're leading a digital transformation, this episode belongs in your war room. About Our Guest Samir Sherif is a veteran Chief Information Security Officer with decades of experience across banking, enterprise software, and infrastructure. He has served as CISO at F5 Networks, Absolute Software, and Imperva, and previously spent over 20 years at Citigroup leading application security. Samir currently sits on multiple advisory boards including Mitiga, NetSPI, Secure Code Warrior, and others. His perspective blends technical expertise with board-level strategy to build integrated, resilient security programs. Connect with Samir LinkedIn Key Takeaways * SOC and NOC must merge both technologically and culturally to tackle today’s threats * Focus on risk instead of vulnerabilities to drive better decision making * AI is already reshaping Level 1 and Level 2 operations * Business resilience depends on shared visibility across tech and security * True integration requires cultural change, not just new tools Listen to this episode of CyberOXtales to hear how Samir Sherif is helping organizations rethink security from the inside out.

Building a Risk Narrative: Gary Hayslip’s Cybersecurity Playbook for Executives

Building a Risk Narrative: Gary Hayslip’s Cybersecurity Playbook for Executives In this episode of CyberOXtales, host Neatsun Ziv, CEO of OX Security, sits down with Gary Hayslip, CISO at SoftBank Investment Advisors, to explore how CISOs can build risk narratives that influence business decisions. Gary shares lessons from his experience in five CISO roles and emphasizes why cybersecurity leaders must act as business executives first. He outlines how to align strategy with operations, engage with boards through compelling storytelling, and maintain peer-driven situational awareness in a fast-moving threat landscape. About Our Guest: Gary Hayslip is the Chief Information Security Officer at SoftBank Investment Advisors (the Vision Fund). With a career spanning more than two decades, including roles in both government and private sectors, Gary has led security teams at Webroot, the City of San Diego, and more. He’s a systems thinker with a strong operational background rooted in his military service and is known for his strategic approach to cybersecurity leadership. Connect with Gary: LinkedIn [https://www.linkedin.com/in/ghayslip/] Key Takeaways: * CISOs are Business Executives First – Gary emphasizes that cybersecurity leadership today is about managing risk, enabling operations, and supporting business goals. * Build a Tailored Risk Narrative – A one-size-fits-all story doesn’t work. Risk narratives must reflect the unique needs, operations, and regulatory context of the business. * Storytelling Drives Strategy – Gary uses risk/threat matrices, control frameworks like NIST CSF, and ongoing assessments to communicate a clear story to executive teams. * Peer Networks are Essential – Active engagement with fellow CISOs helps benchmark strategy and adds credibility in boardroom discussions. * Balance Ops and Strategy – Mornings are for operational awareness; the rest of the day is for strategic collaboration, reporting, and forward-looking planning. Listen to this episode of CyberOXtales to learn how Gary Hayslip builds risk narratives that resonate—from the boardroom to the security operations center.

The CISO's Role in an AI-Driven Enterprise: Damian Hasse’s Cybersecurity Playbook for Executives

In this episode of CyberOXtales, host Neatsun Ziv, CEO of Ox Security, explores the evolving role of CISOs in AI-driven companies with Damian Hasse. As artificial intelligence reshapes industries, security leaders must navigate new risks, balance innovation with protection, and ensure compliance with emerging regulations. Damian shares firsthand experience leading security in an AI company, offering insights into AI-specific threat landscapes, risk management strategies, and how CISOs can build resilient security programs in an environment where data is the most valuable asset. About Our Guest: Damian Hasse is an experienced cybersecurity leader with a deep focus on securing AI-driven environments. As the CISO of Moveworks, his expertise spans risk management, security architecture, and governance, ensuring that AI companies can scale while maintaining a strong security posture. Connect with Damian: LinkedIn [https://www.linkedin.com/in/damianhasse/] Key Takeaways: * AI Security is a Moving Target – AI models introduce unique risks, from adversarial attacks to data poisoning. CISOs must adapt quickly to emerging threats. * Balancing Innovation and Risk – Security leaders in AI companies can’t be the “Department of No.” Instead, they must integrate security into AI development without slowing innovation. * The Role of Regulation in AI Security – The regulatory landscape for AI is still evolving. CISOs must stay ahead of compliance challenges, from GDPR to AI-specific policies. * Operationalizing AI Security – Implementing robust access controls, model integrity checks, and continuous monitoring is essential for securing AI pipelines. * AI Threat Intelligence is Key – Security teams must develop proactive defense mechanisms to protect AI systems from adversarial threat.