SINET

Join us on Friday, May 29, for the #SINETWebinar Agentic Runtime Security: Who Controls the Blast Radius? 8:30 AM – 9:30 AM PT Register Here: https://bit.ly/3P2HTMi Moderated by Robert Rodriguez, Chairman & Founder of SINET, this conversation brings together another round of seasoned Thought Leaders: Prakash Kalaiah, Head of Security, Enphase Energy Diana Kelley, CISO, Noma Security Richard Rushing, CISO, Motorola Mobility (a Lenovo Company) Pritam H Mungse, Head of Security, Poshmark Andrew Stone, Chief Technology Officer – Americas, Pure Storage As agentic AI systems move from experimentation to production, the security challenge is no longer just model risk, it’s runtime behavior. Autonomous agents introduce a dynamic control plane that can take actions, chain decisions, and interact across systems at machine speed. When something goes wrong, the blast radius can expand quickly and unpredictably. This roundtable will explore how CISOs are approaching containment in agentic environments, including governance of the agentic control plane, strategies for limiting unintended consequences, and new approaches to identity, policy enforcement, and observability. The discussion will focus on what it takes to safely operationalize autonomy without losing control. Don’t miss this timely discussion! Heather Rodriguez Evolution Equity Partners

We are grateful to our distinguished speakers, moderators, sponsors, and attendees who made last week's SINETSilicon Valley such a success. Your leadership and willingness to share real-world perspectives are what make the SINET community so valuable. We look forward to continuing these important conversations at future SINET events. Rich Baich, Upendra Mardikar, Taher Elgamal, Mark Rushing, Nick Reva, Lawrence Zelvin, Carey Frey, Jeff Lunglhofer, Hemanta Swain, Rick Orloff, CISSP, CAPI, Andrew Stone, Mrityunjay Gautam, Kurt John, Ken Ricketts, Timothy Torres, Jeremiah Salzberg, Michael L., Sandeep Nain, Heather Rodriguez, Robert Rodriguez

One panel from SINET Silicon Valley has stuck with me a week later. "Identity Renaissance: Capitalizing on the Agentic AI Security Gap" The central argument: supply chain attacks have exposed tokens and credentials not as a flawed implementation, but as a flawed foundation. The breach path is always the same — stolen token --> compromised identity --> everything else follows. What struck the room was what comes next. Agentic AI is being built on that same foundation. Agents authenticate with the same broken token model, will operate at machine speed, and will have access to everything the business wants them to touch. The blast radius of a single stolen token is about to get significantly larger. The panel converged on two things the industry needs: a real-time identity control plane with live visibility across every identity, and behavioral awareness embedded into security tooling — not as an afterthought. For me, this confirms that SlashID is building in the right direction. The access graph is that real-time control plane across human, non-human, and agentic identities, and behavioral detections evaluated against that graph context help our customers catch what static rules miss. Thank you Taher Elgamal, Rohan Singla, Mark Rushing, Nick Reva, and Carey Frey for sharing your insights! #IdentitySecurity #AgenticAI #ITDR #Cybersecurity #SINET

"Do you have an SBOM?" is the wrong question. "What are you doing with it?" is the right one. That was one of several through-lines from last week's SINET Silicon Valley panel, "Securing What You Don't Control: Software Supply Chain Risk," where I had the privilege of joining an exceptional group of security leaders: Mike LoSapio (Palantir Technologies), David Tsao (Notion), Richard Barretto (Progress), Deepali Bhoite (Quickbase), moderated by Nick Shevelyov. Three themes stood out: 1️⃣ We need to move past SBOMs as a compliance checkbox and start treating them as living operational tools. The question isn’t “do you have SBOM”, it’s “what are you doing with it?” 2️⃣ Zero trust for the supply chain sounds great in a slide deck. In practice, most organizations don’t even have full visibility into what’s in their own code. We need to close that gap before we can credibly extend trust boundaries outward. 3️⃣ Geopolitics has entered the supply chain conversation for good. Where your dependencies are maintained and by whom and how many is now a more important that ever. Grateful to SINET and Robert Rodriguez for convening the conversation. This is exactly the kind of forum our industry needs more of. #SINET #cybersecurity #supplychainsecurity #CISO #softwaresupplychain

"Do you have an SBOM?" is the wrong question. "What are you doing with it?" is the right one. That was one of several through-lines from last week's SINET Silicon Valley panel, "Securing What You Don't Control: Software Supply Chain Risk," where I had the privilege of joining an exceptional group of security leaders: Mike LoSapio (Palantir Technologies), David Tsao (Notion), Richard Barretto (Progress), Deepali Bhoite (Quickbase), moderated by Nick Shevelyov. Three themes stood out: 1️⃣ We need to move past SBOMs as a compliance checkbox and start treating them as living operational tools. The question isn’t “do you have SBOM”, it’s “what are you doing with it?” 2️⃣ Zero trust for the supply chain sounds great in a slide deck. In practice, most organizations don’t even have full visibility into what’s in their own code. We need to close that gap before we can credibly extend trust boundaries outward. 3️⃣ Geopolitics has entered the supply chain conversation for good. Where your dependencies are maintained and by whom and how many is now a more important that ever. Grateful to SINET and Robert Rodriguez for convening the conversation. This is exactly the kind of forum our industry needs more of. #SINET #cybersecurity #supplychainsecurity #CISO #softwaresupplychain

At the SINET conference on Tuesday, one of the panelists framed AI agents as a “digital workforce” in the context of IAM, something TBH I hadn't thought much about. He posed a scenario: a company with 1,000 employees could quickly find itself operating more like it has 100,000 “workers” once agents are introduced. Pretty crazy concept when you think about it. But the real challenge isn’t just scale. It’s how IAM evolves to support autonomous, non-human identities that act on behalf of users and systems. These identities can make decisions, take actions, and interact across environments. How is your company approaching IAM for agents in your environments?

We had a great time with the Build vs. Buy in AI Security panel at SINET Silicon Valley. While there is unbounded enthusiasm with the advancements in coding agents (particularly in the SF bubble), I’m not sensing a sea change in build vs. buy behavior just yet. There is a lot of experimentation, but we’re still constrained by means, capabilities, and budget (talent is expensive). Buying accelerates time to production, provides CYA with regulators, and keeps your top talent building/expanding core competencies. Shoutout to Prakash Kalaiah, Satish Laxminarayanan, Jake Seid, Timothy Torres, and Disha. Special thanks to Robert Rodriguez, Heather Rodriguez, and Lauren Smith for the opportunity. #cybersecurity #infosec #AI #Stifel #SINET #hashtag

Excited to be representing SlashID as an Early Stage Sponsor at SINET Silicon Valley! Spending the day at The Computer History Museum discussing modern identity security challenges and how teams are trying to close these gaps. If you’re here in Mountain View, let’s chat!