# Internal threats are the hole in Cybersecurity's donut - Frank Vukovits - ESW #438 Page: https://stenobird.com/podcast/enterprise-security-weekly-video-787162/internal-threats-are-the-hole-in-cybersecurity-s-donut-frank-vukovits-esw-438 Text version: https://stenobird.com/podcast/enterprise-security-weekly-video-787162/internal-threats-are-the-hole-in-cybersecurity-s-donut-frank-vukovits-esw-438.md Podcast: [Enterprise Security Weekly (Video)](https://stenobird.com/podcast/enterprise-security-weekly-video-787162) Published: 2025-12-22T10:00:00+00:00 Episode link: https://eswvideo.libsyn.com/internal-threats-are-the-hole-in-cybersecuritys-donut-frank-vukovits-esw-438 Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/eswvideo/ESW_438_1--2de2e3ad-a1dd-4574-8ecc-05ee60a62149--sd-converted--55a9169f-1214-48cc-bc66-ea0f76f01817.mp4?dest-id=376667 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-video-787162/episodes/internal-threats-are-the-hole-in-cybersecurity-s-donut-frank-vukovits-esw-438 Duration seconds: 7025 ## Resource Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There's a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn't infringe on any individual organization's privacy. That's why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones. Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is required, the lawyers are going to minimize the amount of detail that gets out. I was chief incident handler for 5 years of my enterprise career, and never once had to deal with an external threat. I managed dozens of internal cases over those 5 years though. In this interview, we discuss the need for strong internal controls with Frank Vukovits from Delinea. As systems and users inside and outside organizations become increasingly connected, maintaining strong security controls is essential to protect data and systems from both internal and external threats. In this episode, we will explore the importance of strong internal controls around business application security and how they can best be integrated into a broader security program to ensure true enterprise security. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinea to learn more about them! Topic Segment: Personal Disaster Recovery Many of us depend on service providers for our personal email, file storage, and photo storage. The line between personal accounts and work accounts often blur, particularly when it comes to… ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-video-787162/episodes/internal-threats-are-the-hole-in-cybersecurity-s-donut-frank-vukovits-esw-438/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/enterprise-security-weekly-video-787162/internal-threats-are-the-hole-in-cybersecurity-s-donut-frank-vukovits-esw-438.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.