Episode #2

RSA 2025 was full of AI claims - but what were security leaders really worried about?

Eliot is joined by ⁠Noora Ahmed-Moshe⁠ (VP of Strategy, Hoxhunt) for a no-spin debrief on RSA 2025. With AI hype at full volume and booth gimmicks ranging from goats to deepfake demos, it’s easy to miss the real signals in the noise. Eliot and Noora cut through the chaos to unpack what security leaders were actually focused on - and what it means for your strategy.

Drawing from hundreds of in-person conversations across the conference floor, they surface the real fears, needs, and shifts happening in the security community. This isn't a recap of vendor taglines - it's a pulse check on how defenders are thinking, what they're struggling with, and where the field is heading next.

Here’s what you’ll learn in this episode:

• How agentic AI is shifting from abstract risk to tactical threat - fast
• Why vishing and deepfake audio are already operational threats, not future hypotheticals
• What CISOs are really saying about the limitations of checkbox security awareness
• How governments are quietly moving beyond compliance toward measurable risk reduction
• Why “AI-powered” marketing claims are falling flat—and how real buyers are filtering signal from fluff
  

Timestamps:

• (00:24) Overview of RSA 2025

• (00:51) Hoxhunt Cyber News Roundup

• (02:02) Verizon DBIR 2025 Insights

• (03:12) Generative AI Risks and Third-Party Vulnerabilities

• (03:52) NIST 2 Directive in the EU

• (04:57) Experiences at RSA 2025

• (05:48) The Human Element at RSA

• (06:50) AI Dominates RSA Conversations

• (09:04) Challenges and Themes in Cybersecurity

• (12:44) Agentic AI and Its Implications

• (15:13) Deepfakes and Vishing Concerns

• (16:38) Omnichannel Phishing Threats

• (17:21) Positive Conversations at RSA

• (18:46) Surprising Trends and Insights

• (27:04) Conclusion and Final Thoughts

To get future episodes and the latest threats sent straight to your inbox, join the All Things Human Risk Management Newsletter:⁠⁠ https://hoxhunt.com/all-things-human-risk⁠⁠

Resources:

• Our research on AI phishing vs human red teams: https://hoxhunt.com/blog/ai-powered-phishing-vs-humans

• Guide to deepfake phishing: https://hoxhunt.com/blog/deepfake-attacks

Host links:

Eliot Baker: ⁠https://www.linkedin.com/in/eliotebaker/⁠

Noora Ahmed-Moshe: ⁠https://linkedin.com/in/noora-ahmed-moshe

****

All Things Human Risk Management is a Hoxhunt Original Podcast.

Hoxhunt⁠ is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.

Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte. 

Episode #1

Are your security awareness metrics actually measuring risk reduction? Or just checking boxes?

Eliot is joined by Maxime Cartier (Head of Human Risk, Hoxhunt) to break down what truly works it when it comes to reducing human cyber risk. Maxime has spent close to 10 years helping organizations elevate security awareness into human-centered risk management and led security culture initiatives for a major global retailer. In this episode, he shares the metrics that actually matter when evaluating your human defense layer and practical frameworks for quantifying risk reduction across your organization.

Here's what you'll learn in this episode:

• Why traditional metrics fail to capture real risk reduction
• The measurement framework that finally proves ROI to leadership
• Behavioral science secrets that transform knowledge into habits
• How top-performing organizations quantify their human defense layer

Timestamps:

• (00:00) Introduction to the Podcast
• (01:08) Understanding Security Awareness
• (02:54)The Evolution of Security Awareness
• (04:51) Compliance and Security Awareness
• (06:49) From Awareness to Behavior Change
• (08:40) Measuring Security Behaviors
• (11:14) Real-World Examples and Anecdotes
• (21:44) The Importance of Reporting Rates
• (24:15) Positive Security Culture
• (38:30) Adapting to New Threats
• (45:13) Conclusion and Final Thoughts

To get future episodes and the latest threats sent straight to your inbox, join the All Things Human Risk Management Newsletter:⁠ https://hoxhunt.com/all-things-human-risk⁠

Resources:

• Guide to behavior-based training: https://hoxhunt.com/blog/behavior-based-cyber-security-training
• 4 essential metrics to start tracking: https://hoxhunt.com/blog/4-essential-phishing-metrics

Host links:

Eliot Baker: https://www.linkedin.com/in/eliotebaker/

Maxime Cartier: https://www.linkedin.com/in/maximecartier/

****

All Things Human Risk Management is a Hoxhunt Original Podcast.

Hoxhunt is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.

Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.