To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Entrepreneur Business Mehmet Gonullu
Content provided by Mehmet Gonullu. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Mehmet Gonullu or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

The CTO Show with Mehmet Gonullu « »
#482 The Browser Is the New Battleground: John Carse on Securing the Modern Endpoint

49:37
 
Play
Playing
Share
 

MP3Episode home
Manage episode 488316123 series 3506362
Content provided by Mehmet Gonullu. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Mehmet Gonullu or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

In this episode of The CTO Show with Mehmet, we’re joined by John Carse, Field CISO at SquareX, to explore a fast-emerging shift in cybersecurity: the browser as the new endpoint. John shares why traditional tools like EDR and CASB are no longer sufficient, how modern threats are bypassing enterprise defenses, and what CISOs need to prioritize in a SaaS-first, GenAI-driven world.

With decades of leadership across Dyson, Rakuten, Expedia, and the U.S. Navy, John brings both a practitioner’s lens and a future-forward vision to security.

💡 What You’ll Learn

• Why the browser is now the most targeted endpoint

• How unsanctioned SaaS apps increase attack surface

• The growing importance of browser-based detection and response

• Where AI is accelerating both attackers and defenders

• Practical advice for CISOs prioritizing browser security today

🔑 Key Takeaways

• Over 60% of cyberattacks now begin in the browser.

• Legacy tools like EDR, CASB, and DLP often miss context at the browser layer.

Browser extensions can now enforce enterprise-grade policies with minimal user friction.

AI is a dual-edged sword—accelerating threats but also helping defenders respond faster.

SquareX helps convert any browser into a secure enterprise environment with deep visibility, policy control, and threat mitigation.

👤 About the Guest

John Carse is Field CISO at SquareX, a browser security company redefining how enterprises protect their workforce. He previously served as Global CISO at Dyson and Rakuten, and led security operations at JP Morgan Chase and Expedia. John blends deep hands-on expertise with strategic insight into emerging threat landscapes and CISO priorities.

https://www.linkedin.com/in/johncarse/

https://www.securityweek.com/industry-moves/feb-24-2025/

https://sqrx.com/

Episode Highlights

[00:03:00] – What is a Field CISO and John’s role

[00:06:00] – Why the browser has quietly become the new endpoint

[00:10:00] – How detection and response works inside the browser

[00:18:00] – The real threats: browser-based social engineering, sync jacking, and polymorphic extensions

[00:24:00] – Why EDR and SASE tools are not enough

[00:32:00] – Balancing security and user experience in browser-based defense

[00:40:00] – What excites John about the future of browser security and GenAI

  continue reading

483 episodes

#Entrepreneur #Business #Mehmet Gonullu
Artwork

#482 The Browser Is the New Battleground: John Carse on Securing the Modern Endpoint

The CTO Show with Mehmet Gonullu

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 488316123 series 3506362
Content provided by Mehmet Gonullu. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Mehmet Gonullu or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

In this episode of The CTO Show with Mehmet, we’re joined by John Carse, Field CISO at SquareX, to explore a fast-emerging shift in cybersecurity: the browser as the new endpoint. John shares why traditional tools like EDR and CASB are no longer sufficient, how modern threats are bypassing enterprise defenses, and what CISOs need to prioritize in a SaaS-first, GenAI-driven world.

With decades of leadership across Dyson, Rakuten, Expedia, and the U.S. Navy, John brings both a practitioner’s lens and a future-forward vision to security.

💡 What You’ll Learn

• Why the browser is now the most targeted endpoint

• How unsanctioned SaaS apps increase attack surface

• The growing importance of browser-based detection and response

• Where AI is accelerating both attackers and defenders

• Practical advice for CISOs prioritizing browser security today

🔑 Key Takeaways

• Over 60% of cyberattacks now begin in the browser.

• Legacy tools like EDR, CASB, and DLP often miss context at the browser layer.

Browser extensions can now enforce enterprise-grade policies with minimal user friction.

AI is a dual-edged sword—accelerating threats but also helping defenders respond faster.

SquareX helps convert any browser into a secure enterprise environment with deep visibility, policy control, and threat mitigation.

👤 About the Guest

John Carse is Field CISO at SquareX, a browser security company redefining how enterprises protect their workforce. He previously served as Global CISO at Dyson and Rakuten, and led security operations at JP Morgan Chase and Expedia. John blends deep hands-on expertise with strategic insight into emerging threat landscapes and CISO priorities.

https://www.linkedin.com/in/johncarse/

https://www.securityweek.com/industry-moves/feb-24-2025/

https://sqrx.com/

Episode Highlights

[00:03:00] – What is a Field CISO and John’s role

[00:06:00] – Why the browser has quietly become the new endpoint

[00:10:00] – How detection and response works inside the browser

[00:18:00] – The real threats: browser-based social engineering, sync jacking, and polymorphic extensions

[00:24:00] – Why EDR and SASE tools are not enough

[00:32:00] – Balancing security and user experience in browser-based defense

[00:40:00] – What excites John about the future of browser security and GenAI

  continue reading

483 episodes

#Entrepreneur #Business #Mehmet Gonullu

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Tom Llamas
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play