Super Cyber Fridays!
Join us TOMORROW, Friday [11-21-25], for "Hacking the Budget Battle"

Join us Friday, November 21, 2025, for “Hacking the Budget Battle: An hour of critical thinking about how to communicate the value of your cybersecurity program.”

It all begins at 1 PM ET/10 AM PT TOMORROW with guests Ross Young, co-host, CISO Tradecraft, and Sam Jacques, vp, clinical engineering, McLaren Health Care. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register now

Defense in Depth
In the Age of Identity, is Network Security Dead?

Network security used to be the name of the game. But many see asset management and identity as the new perimeters. Does this mean network security is now dead?

Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt.

Listen to the full episode here.

Network security isn't dying—it's evolving

What's dying isn't network security, but the idea that it's a security professional's sole focus. "Network security is still foundational," said Jon King of SmithRX. "What's dying is people thinking it's acceptable to treat network security as a standalone function. Instead, network security needs to complement identity- and data-focused security capabilities and facilitate active defense." Attack vectors like DNS hijacking and AitM (adversary in the middle) remain valid threats, and identity security itself relies on network security as a foundation. Shashwat Sehgal of P0 Security offered a pragmatic view: "There are a lot of use cases for which network security is good enough, and you do not need to go into identity... Network controls are good enough, especially for an enterprise that has already invested in firewalls."

The observability layer that can't be replaced

Network security provides unique visibility that other layers can't replicate. "It's the only layer that can observe and decrypt transient behavior to and from your assets. We have just broadened 'assets' to include identities and accounts now," said Thomas Jones of Inotiv. He explained that the behavior patterns of these identities create traffic signatures unique to each organization, establishing useful baselines. Murat Balaban of Zenarmor put it more succinctly, saying, "As long as we have packets flowing, we'll have network security. It's not going anywhere. Identity is an important piece of 'context.'"

What's old is new again

As an industry, we love to declare old problems solved while they persist beneath new frameworks. "Everyone loves to rebrand stuff as if it's 'the new X', as if the old stuff somehow disappeared," said Adrian Sanabria of Enterprise Security Weekly. "In reality, data centers never went away, XP is still running, and we never solved BYOD and other 10-year-old challenges." Sudarshan Pisupati of Zscaler acknowledged the shift in threat patterns and found network security as relevant as ever: "I don't know if Identity is the new perimeter, but what nearly every red team report will show is that identity compromise and subsequent lateral movement is integral to any attack story. When zero trust network access is coupled with identity threat and posture context, the attack surface has the potential to drop precipitously."

The innovation gap

The real problem isn't that network security has become obsolete; it's that innovation with tooling has stalled. "The tooling for a lot of network security never made the architectural leaps that it needed in order to remain relevant," said Martin Roesch of Netography. "The incumbents didn't have the free cash flow to be able to innovate and got stuck, a case of the sunk cost fallacy on the vendor's side of the world." He argued that organizations need solutions delivering uniform capabilities across clouds and on-premises environments, capable of addressing modern challenges.

Thanks also to Tyson Supasatit of Dropzone AI for being our unwitting contributor.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to this episode’s security tip sponsor, Tenable

Thanks to our podcast sponsor, HackerOne

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Robb Dunewood, host, Daily Tech News Show, and Howard Holton, CEO, GigaOm. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cyber Security Headlines sponsor, KnowBe4

Cyber chatter from around the web...
Jump in on these conversations

“China just used Claude to hack 30 companies. The AI did 90% of the work. Anthropic caught them and is telling everyone how they did it.” (More here)

“PIP'd less than 3 months in” (More here)

“FFmpeg: Hire people full time and/or send security patches. We are volunteers.” (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [11-21-25] “Hacking the Budget Battle”

• [12-05-25] “Hacking AI Data Readiness”

 Save your spot and register for them all now!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.