Andres Andreu, CEO of Constella Intelligence and four-time CISO, explains why two simple prompts can generate a complete ransomware campaign, how breaches are monetized for six months before companies even know they're compromised, and what CISOs should demand from security vendors that almost no one is asking for.
Andres has been CISO at four different organizations and defended enterprises from government wiretaps to Fortune 500 attacks. Today, he leads Constella Intelligence—sitting on 230 billion identity records, the world's largest breach dataset—where his team hunts breaches 24/7 and provides real-time risk intelligence to organizations that can't afford to be six months behind attackers.
He reveals:
◼ Why "vibe hacking" is social engineering on steroids—AI bots now analyze your emotional state in real-time to manipulate you into actions you'd never normally take
◼ How machine-speed attacks force a fundamental shift from "protective" to "resilient" security postures—you can't withstand certain attacks anymore, but you must continue business operations
◼ The questions CISOs aren't asking about their attack surface—like the CISO who had no idea maintenance teams were remotely accessing HVAC systems right under his nose
◼Why merging POCs with red team exercises (not pen tests) changes vendor evaluation—"I'm not calling a cop to tell me where to put my alarm system, I'm calling a burglar"
◼What makes non-skilled attackers disturbingly dangerous now—campaign automation that used to take skilled hackers months to plan is now "disturbingly simple, disturbingly quick"
◼ The breach reality nobody talks about—when you hear about a breach, it happened six months ago, and bad actors have been monetizing it this entire time before deciding to let you know
🎧 Listen on Spotify · Apple Podcasts
🔗 Follow
Chirag Khanijau