TechSpective Podcast

Cybersecurity has always been a race against time—but in the era of artificial intelligence, it’s become a race against the machine. In this episode of the TechSpective Podcast, I sit down with Ankur Singla, founder and CEO of Exaforce, to explore what it really means to build an AI-powered SOC. We talk about the shift from manual detection and response to automation at machine speed, and what happens when AI agents begin to take on specialized roles in security operations—an idea that sounds futuristic, but is already unfolding across the industry. Singla brings deep experience from years at companies like F5, Juniper, and Cisco, and he’s seen firsthand how much inefficiency still lingers inside security operations. His view is that AI isn’t just an enhancement—it’s a necessity. Attackers are already using automation to scale their efforts, and defending against them requires the same level of speed and precision. But as we discuss, the rise of AI in cybersecurity isn’t just about capability—it’s about control. What happens when your defensive AI gets hijacked? How do we maintain human oversight in an environment increasingly dominated by machine logic? And at what point does the pursuit of efficiency start to blur the line between autonomy and accountability? Our conversation stretches from the practical realities of AI-driven threat detection to the philosophical questions of trust, identity, and human relevance in the next generation of cybersecurity. It’s a candid look at both the promise and peril of a world where digital defenders never sleep—and where the same tools that protect us can also be turned against us. If you’re curious about how security operations will evolve over the next year—and what it really takes to fight machines with machines—this is one you won’t want to miss.

For years, phishing has been the king of cyberattacks. It’s simple, cheap, and it works. Most of us have learned to spot the obvious red flags in email—strange senders, misspelled domains, suspicious links. But the threat has started to evolve. And it’s moving to places where we’re far less prepared. Think about how you handle email versus text messages. With email, you might let a dozen questionable messages pile up before sorting through them. You scan headers, hover over links, and delete anything that feels off. With text messages, though, the reaction is different. You hear the notification, glance down, and reply almost instantly. That’s human nature. Attackers know it. And they’re exploiting it. In the latest episode of the TechSpective Podcast, I sat down with Jim Dolce, CEO of Lookout, to talk about what this shift means for cybersecurity. Lookout has spent years protecting mobile devices, but its newest focus takes aim at a very different attack surface: us. Instead of guarding the machine, the challenge now is guarding the human behind it. We explore why the human layer is such an irresistible target for attackers. Email filters and security gateways have raised the bar, but SMS, messaging apps, voice calls, and even QR codes remain wide open. And unlike email, where skepticism has become second nature, people are far more trusting when a text or call comes through on their phone. That trust—combined with distraction and urgency—makes mobile messaging a perfect delivery channel for scams. Jim explains how these “omnichannel” attacks are multiplying. Smishing (SMS phishing), vishing (voice phishing), and quishing (QR code phishing) may sound like buzzwords, but they’re real and growing fast. Each relies on the same core weakness: our willingness to believe and respond without hesitation. Of course, the obvious question is what to do about it. Traditional defenses aren’t built for this world. There’s no email gateway to filter your texts. Caller ID can be spoofed. QR codes can be swapped. It requires a different way of thinking about security—one that accounts for the psychology and behavior of people, not just the vulnerabilities of machines. That’s where AI enters the picture. Jim and I discuss how large language models can analyze the context and intent of a message, spotting subtle cues that humans might miss. It’s not just about catching malicious links anymore. It’s about recognizing when a message is crafted to spark an emotional response—whether that’s urgency, fear, or curiosity. The idea is to give people an early warning before they engage. We also touch on the balance between privacy and protection. For any AI system to work, it needs data to learn from. But nobody wants their personal messages sitting in some company’s training set. How that tension gets resolved could make or break adoption of these kinds of solutions. The bigger takeaway from the conversation is that we’re at an inflection point. Cybersecurity has always evolved alongside attackers, but the ground is shifting. As threats move beyond the inbox and onto the devices we rely on most, defenses have to follow. That means new technologies, yes, but it also means rethinking the role of people in their own security. I won’t spoil the details of how Lookout is approaching this challenge—you’ll have to listen to the episode for that. But I will say this: the days of thinking of phishing as an “email problem” are over. The frontlines have moved. And if you haven’t thought about what that means for you, your employees, or your business, now is the time. Listen to the full conversation on the TechSpective Podcast to hear where phishing is headed next—and how security needs to catch up.

Security teams know the pressure all too well: attackers move faster, the attack surface expands every year, and the tools meant to protect enterprises often create more friction than clarity. Traditional SOAR platforms promised efficiency but often delivered complexity, inflexibility, and frustration. Now, a new wave of AI-driven automation is reshaping the conversation—and the stakes couldn’t be higher. In the latest episode of the TechSpective Podcast, I sat down once again with Ajit Sancheti of CrowdStrike to dig into what this next chapter of automation really looks like. If you’ve listened to Ajit before, you know he has a talent for breaking down complex cybersecurity challenges into practical, human-focused insights. This time, our discussion centered on the intersection of agentic AI and the modern SOC—a space where innovation and risk run side by side. Why Old SOAR Models Fell Short We start off with a reality check on traditional SOAR solutions. Many organizations invested heavily, only to find themselves burdened by rigid workflows, brittle integrations, and tools that couldn’t keep up with evolving threats. The issue often revolves around whether security teams can adapt responses in real time without breaking the system. Ajit offers a perspective on why legacy approaches struggled to gain traction and how attackers’ increasing use of AI has made flexibility and speed non-negotiable. That tension—between what defenders need and what their tools can actually deliver—sets the stage for where agentic AI enters the picture. Agentic AI: Promise and Caution If generative AI brought us new ways of working with text and language, agentic AI goes a step further: it doesn’t just generate, it acts. That opens doors for SOCs to automate targeted, granular responses at machine speed. But it also introduces a new kind of trust problem. How much autonomy are you comfortable handing over to an AI agent? What happens when it makes the wrong call? Ajit and I explore the idea of “earned trust”—why human oversight will remain essential and why AI “performance reviews” might become as routine as employee evaluations. It’s a fascinating parallel: treating these agents not just as tools, but as teammates that require accountability. The Human Factor in Automation One theme we return to often in our discussion is simplicity. For too long, security technology has required deep expertise just to ask the right question or interpret the right output. That has to change. Future SOC tools need to feel less like command-line puzzles and more like natural conversations—where context, clarifying questions, and intuitive design make security accessible to more people across the organization. The democratization of security is one of the most exciting trends on the horizon. Smaller companies that never imagined deploying advanced detection or response tools are suddenly finding themselves able to do so—without a staff of experts on hand. Ajit points out how this shift could level the playing field for businesses of all sizes. Looking Ahead We don't go so far as to try to predict a perfect AI-secured future. Instead, we talk about what’s realistic over the next 12 to 24 months. Expect more narrowly focused AI agents, more orchestration challenges, and an evolving role for humans in the loop. There will be setbacks, and likely some very public failures, but also tremendous opportunities for organizations willing to adapt. As always, Ajit brings an optimistic yet grounded perspective. Security is a constant cat-and-mouse game, but this new generation of automation might just give defenders the flexibility and speed they’ve been missing. Why You Should Listen This episode is a candid exploration of where automation stands today, where it needs to go, and how organizations can prepare themselves for an AI-driven future without losing sight of human judgment. If you want a glimpse into the future of SOC operations,

Artificial intelligence is transforming nearly every industry, and cybersecurity is no exception. On the latest episode of the TechSpective Podcast, I spoke with Kevin Simzer, COO of Trend Micro, about how generative and agentic AI are reshaping development and defense strategies. Kevin shared why AI should be seen as neither magic nor snake oil, but as a powerful tool that can accelerate innovation while still requiring human expertise. From code generation to enterprise-scale deployment, the opportunities are immense—but so are the risks. That’s why security must be built in from the start, not bolted on after the fact. One of the most fascinating parts of our discussion centered on digital twin technology. Traditionally used in fields like manufacturing or engineering, digital twins are now emerging as a game-changer for cybersecurity. By creating a virtual replica of an organization’s environment, enterprises can continuously run simulations, red-team scenarios, and experiment with different defenses—without putting live systems at risk. Instead of waiting for quarterly tests, organizations can stress-test their infrastructure constantly, learning and adapting in real time. As Kevin explained, this shift could fundamentally change how enterprises think about resilience. Combined with the rapid rise of AI-driven agents, digital twins offer a way to stay ahead of evolving threats while navigating the complexity of modern IT environments. Cybersecurity has always been about anticipating the next move. With AI and digital twins in play, the game board itself is changing—and those who embrace these tools early will be far better prepared for what comes next.

Ransomware has been part of the cybersecurity conversation for years, but if you think it’s yesterday’s problem, think again. The headlines might be dominated by AI these days, yet behind the scenes, ransomware continues to disrupt organizations of every size — from small businesses to multinational enterprises. In this episode of the TechSpective Podcast, I sat down with Rob Harrison, Senior Vice President of Product Management at Sophos, for a wide-ranging conversation about findings from the recent Sophos State of Ransomware Report, ransomware’s persistent threat, the critical role of Managed Detection and Response (MDR), and how AI is reshaping the security landscape. Fortunately, it was not a typical “cyber doom” discussion. Rob brings a unique perspective, blending his experience leading Sophos’ MDR business with a career that’s spanned everything from defending national security to protecting critical cloud workloads. Our talk dives into the trends shaping both the technical and human sides of ransomware response — and why some organizations emerge stronger while others don’t survive at all. Why This Conversation Matters While ransomware hasn’t disappeared, the tactics have evolved. The game is no longer just about encrypting data and demanding payment. The threat landscape is shifting toward double extortion, data exfiltration, and in some cases, skipping encryption altogether. Rob and I explore how this evolution is forcing organizations to rethink their approach to prevention, detection, and response. We also discuss how MDR can be a game-changer, particularly for organizations without the resources or expertise to run a 24/7 security operation in-house. It’s not just a question of technology — it’s about having the right people, processes, and visibility to act decisively when every second counts. But what about AI? It’s easy to assume that “AI in security” is just another buzzword. We unpack how AI — especially in its more agentic and automation-focused forms — is already making a real impact in the SOC. From handling tedious, repetitive tasks to providing richer context for human analysts, AI is becoming a force multiplier for security teams. The Human Factor One of the most compelling parts of our conversation focuses on the human cost of ransomware — the stress, burnout, and organizational disruption it leaves behind. Rob offers insights on how to prepare for worst-case scenarios, not just from a systems and data standpoint, but from a leadership and team perspective. We also touch on the importance of preparation and practice. Just as pilots run flight simulations and first responders drill for emergencies, organizations need to rehearse their incident response. That way, when the heat is on, muscle memory kicks in, roles are clear, and decisions are made with confidence. Why You Should Listen If you’re a security leader, business owner, IT professional, or simply someone interested in how technology, strategy, and human decision-making intersect in the fight against ransomware, this episode is for you. We cover: The changing tactics of ransomware operators How MDR can extend or even replace in-house capabilities The role of AI in modern security operations Strategies for reducing the human toll of cyber incidents The importance of preparation, communication, and trust in response efforts This is not a doom-and-gloom story. It’s a conversation about resilience, about making smarter security decisions, and about ensuring that when — not if — an incident occurs, your organization is ready. Listen to the full episode now to hear the full discussion and take away actionable insights you can apply today.

Cybersecurity strategy has evolved over the years—first focusing on keeping the bad guys out, then on detecting and responding to threats faster, and now on cyber resilience and the notion of ensuring business continuity no matter what happens. In the latest episode of the TechSpective Podcast, Druva Chief Security Officer Yogesh Badwe joined me to talk about why the next phase of security maturity must be built around a single, non-negotiable truth: data is the real crown jewel. The Shift to Data-Centric Security Historically, organizations poured resources into protecting networks and identities, often treating data as a secondary concern. “Breaches are inevitable,” Badwe explained. “Detection is a lagging indicator. Organizations need to be ready to respond and recover from bad scenarios—and that starts with the data itself.” With sprawling hybrid environments, complex supply chains, and AI agents introducing new attack vectors, prevention alone isn’t enough. Security teams need full visibility into what data exists, where it resides, and who can access it. Backups: From IT Tool to Security Backbone Most companies think of backups as an IT disaster recovery resource. Badwe argues they must be elevated to a frontline security capability. Recovering from ransomware isn’t as simple as restoring a snapshot—you need to identify clean copies, remove malicious artifacts, and, in some cases, blend files from different points in time to minimize business disruption. “Security recovery is completely different than IT recovery,” he noted. Attackers know this, too. Modern ransomware campaigns often target backup systems directly to remove a company’s safety net. Preparing for Emerging Risks The conversation also touched on two looming challenges: Double-extortion ransomware, where attackers both encrypt and exfiltrate data to increase leverage. Post-quantum cryptography, and the “harvest now, decrypt later” risk that stolen encrypted data could be cracked in the future. Organizations should begin mapping their encryption landscape now to prepare for a PQC transition within the next few years. The Visibility and Classification Challenge Centralizing all corporate data is unrealistic. Instead, companies need tools that can provide visibility where the data lives—whether that’s in SaaS apps, multi-cloud environments, or third-party systems. Badwe sees automated classification as essential, not just for prevention but for rapid incident response. Knowing which 20% of your data is truly sensitive allows you to focus security controls where they matter most. AI’s Real Role AI in security is often overhyped, but Badwe sees practical value in tier-one SOC triage, automating runbooks, and enhancing secure software development processes. AI can’t replace sound security architecture, but it can accelerate analysis and decision-making. Looking Ahead As AI agents and integrated corporate search platforms become more common, traditional authentication and authorization models will be tested. Security leaders will need to rethink access controls for human-to-agent and agent-to-agent interactions. For Badwe, resilience isn’t just about bouncing back—it’s about making data the centerpiece of prevention, detection, response, and recovery. Because in the end, it’s not the network or the identity we’re protecting—it’s the information that keeps the business running. Check out the full podcast for more:

When it comes to cybersecurity, it’s easy to fall into the trap of thinking in binaries—good guys and bad guys, black hats and white hats, defenders and attackers. But the reality is far more complex, especially in an age where artificial intelligence is changing the rules for everyone, whether they like it or not. In the latest episode of the TechSpective Podcast, I sat down with Myke Lyons, CISO of Cribl, for a conversation that spans a lot of ground. And I mean a lot of ground. From retail fraud and social engineering to ransomware economics and the future of AI-powered search, we explore how cybercriminals are using the same tools defenders have access to—but with very different goals in mind. We kick things off by unpacking Cribl’s unique role in the world of IT and security telemetry. At one point, I draw the comparison of Cribl as a sort of Rosetta Stone for log data—helping organizations normalize, route, and optimize data flows to the right places for the right reasons. Myke shares how this kind of architectural flexibility isn't just convenient—it’s becoming essential in a world where data is growing at breakneck speed and attackers are using AI to move just as fast. Then we shift into a broader discussion about why retail—especially during high-stakes periods like Prime Week or Black Friday—is such a tempting target for attackers. The emotional nature of shopping, the scale of operations, and the deeply trusted brand names all make retail a ripe hunting ground for bad actors. But it’s not just old-school fraud or phishing anymore. We get into how AI is helping attackers spoof websites, impersonate brands, and even fake their way through job interviews to infiltrate organizations from the inside. One particularly eye-opening thread: the evolving ransomware playbook. Threat actors are now using AI to research their victims more thoroughly—tailoring ransom demands based on insurance coverage, revenue cycles, and organizational pain points. It’s strategic, it’s efficient, and yes, it’s unsettling. But this conversation isn’t just doom and gloom. We also talk about how security teams can flip the script by using AI themselves—developing muscle memory with new tools, leveraging prompt engineering, and building infrastructure that adapts in real time. Myke makes the case for experimentation, curiosity, and staying a step ahead—not just with tech, but with mindset. If you’re a security leader, a practitioner, or even just a curious listener trying to make sense of this rapidly evolving landscape, you’ll find a lot to chew on here. And if you think the line between helpful AI assistant and risky attack vector is starting to blur… you’re not alone. Listen to the full episode now and hear why your AI should be more like JARVIS—and what happens when the bad guys figure that out first.

The ever-expanding world of cybersecurity is full of big promises, bold claims, and—if we’re being honest—a lot of noise. As security leaders face mounting pressure to do more with less, it’s no longer enough to simply buy the newest tool or chase the latest trend. What organizations really need is a trusted advisor—someone who knows the landscape, understands the stakes, and can help make sense of it all. That’s exactly the theme of the latest episode of the TechSpective Podcast. John Hurley, Chief Revenue Officer at Optiv joins me in a wide-ranging, candid discussion of the real challenges facing CISOs today: managing tool sprawl, justifying investments, cutting through cybersecurity jargon, and understanding where artificial intelligence fits into the modern security stack. At the heart of our conversation is Optiv’s unique approach to helping organizations rationalize their security environments. John shares how Optiv leverages a decade’s worth of data and experience to guide clients through the decision-making process—moving from a transactional vendor model to a genuinely consultative partnership. The analogy I came up with for Optiv's role is that it essentially positions itself as a “pharmacist” in the cybersecurity ecosystem—helping organizations make sense of countless overlapping solutions and potential “side effects.” The episode also addresses some timely questions: What does it mean to be a true advisor in an industry obsessed with buzzwords? How can AI be leveraged to bring real value, rather than just more noise? And what steps should organizations take when rethinking their security architecture in the face of continuous change? Whether you’re a security leader looking for fresh perspective, a vendor navigating a crowded marketplace, or just a tech enthusiast fascinated by the challenges of enterprise security, this episode promises plenty of food for thought. Curious? Give it a listen (or watch it on YouTube)—and hear firsthand how the conversation is evolving from selling tools to solving real business problems.

Cloud security is one of the most talked-about issues in cybersecurity today—but are we talking about the right things? In the latest episode of the TechSpective Podcast, I sat down with Cristian Rodriguez, Field CTO for the Americas at CrowdStrike, to explore the evolving landscape of cloud threats and how defenders need to adapt. With over a decade at CrowdStrike and more than 20 years in the cybersecurity space, Cristian brings a seasoned perspective on how adversaries have shifted their tactics—and how security teams can respond effectively. The Comfort Trap of Posture Management A major theme of our conversation is the current overreliance on cloud security posture management (CSPM). While CSPM tools play a critical role in identifying misconfigurations, compliance gaps, and other baseline security issues, Cristian points out that they are inherently limited by their snapshot-in-time nature. They’re valuable for hygiene, but they don’t give you a dynamic view of what’s happening in your environment right now. And that’s a problem—because attackers aren’t waiting for your next scan. They’re actively probing, logging in with stolen credentials, and moving laterally through cloud environments in ways that traditional security tooling often fails to detect. Living Off the Land, Evolved for the Cloud We also touch on a concept many security professionals know well: “living off the land.” This is when attackers use legitimate tools and processes already present in an environment to evade detection. What’s changing, Cristian explains, is how these techniques are now being used within cloud-native services—hiding in plain sight within container workloads, serverless functions, and IAM policies. This shift demands a new level of runtime visibility. You can’t just know what resources exist and how they’re configured—you need to understand who is accessing them, when, from where, and why. Behavioral analysis, real-time anomaly detection, and identity-based insights are becoming table stakes in defending modern cloud architectures. AI as a Force Multiplier for the SOC Naturally, no conversation about modern cybersecurity would be complete without discussing AI. Cristian shares how CrowdStrike’s AI assistant, Charlotte, is changing the game for SOC analysts by helping them triage incidents faster, guide investigations, and even orchestrate responses across multiple systems using natural language commands. But AI isn’t just about automation—it’s about augmentation. AI doesn’t replace the analyst; it frees them up to focus on what really matters. In a world where adversaries can break out and cause damage in under an hour, that time savings is crucial. Preparing for What’s Next We also touch on what has become a focus for me. It is one of the biggest questions for the future of AI: What happens when the next generation of cybersecurity professionals enters the field having never worked without AI? If level-one SOC roles are increasingly automated, how do tomorrow’s defenders gain the experience needed to make critical decisions in high-stakes situations? It’s a thought-provoking discussion that blends current challenges with a forward-looking lens on where the industry is headed—and what that means for the people defending it. Tune In to Learn More If you're a security leader, cloud architect, SOC analyst, or anyone trying to keep pace with the changing threat landscape, this is a must-listen episode. We explore not just the threats themselves, but the mindset shift required to defend against them—and the technologies that can help tip the scales in our favor. Listen now on your favorite podcast platform or watch the full conversation on YouTube. Have thoughts on this episode or topics you'd like to see covered in future discussions? Let me know on LinkedIn—I’d love to hear what’s on your mind.

Artificial intelligence may be the headline, but data is the story. In this episode of the TechSpective Podcast, I sat down with Todd Moore, VP of Data Security at Thales, to unpack the newly released 2025 Thales Data Threat Report. Our conversation explored the increasingly complicated intersection of data, AI, and cybersecurity—and why enterprises may be sprinting into transformation before securing their foundation. Spoiler: It’s all about the data. GenAI Is Booming—And So Are the Risks According to the report, one-third of organizations are already in the integration or transformation phase of GenAI adoption. And while that sounds like progress, Todd and I both agreed it mirrors past tech hype cycles—cloud, Wi-Fi, mobile—where enthusiasm far outpaced security planning. “The horse has left the barn,” Todd said. And that urgency to keep up with AI adoption is creating a familiar blind spot: data security. In fact, the fast-evolving GenAI ecosystem ranked as the top concern among respondents (69%), followed closely by risks to data integrity (64%) and trustworthiness (57%). Enterprises are waking up to the reality that AI isn’t just a new technology—it’s a new attack surface. Shadow AI, Prompt Injection, and Data Leakage One recurring theme from our conversation was the rise of "shadow AI"—where employees use public tools like ChatGPT without guardrails. While it might boost productivity, it also introduces serious risk if sensitive internal data gets fed into public models. We talk about how many organizations are adopting internal LLMs to mitigate this, but we acknowledge that enforcement is tough. The reality is that just like with shadow IT, if you don’t give people an approved tool that meets their needs, they’ll find workarounds. That’s where security posture management becomes crucial. Visibility into who’s using what data—and where it’s going—is no longer optional. Data Classification: Still a Work in Progress You can’t protect what you don’t know you have. Yet the report found that only one-third of organizations can fully classify their data, while 61% are juggling five or more data discovery tools. The inconsistency leads to fragmented policies, conflicting controls, and ultimately, more exposure. Todd and I agreed: classification has to be automated and context-aware. AI can help here—ironically—by understanding not just what a file says, but what it means based on surrounding data. Still, as Todd pointed out, AI is also the biggest creator of new data. “It’s a feedback loop,” he said. “AI is creating more unstructured data than ever before, which just makes the classification challenge even bigger.” Quantum Computing Is Closer Than You Think Another headline from the report—and our conversation—was the growing urgency around post-quantum cryptography (PQC). The threat of “harvest now, decrypt later” is very real, especially for regulated industries that store data long-term. Thales found that 63% of organizations are already concerned about future decryption of today’s data, and many are beginning to prototype PQC solutions. Todd emphasized that we now have a deadline: NIST and other global bodies are calling for a deprecation of classical algorithms by 2030. “This isn’t Y2K,” Todd warned. “We don’t know when Q-day will arrive. But when it does, if you haven’t prepared, it’s already too late.” Check It Out This episode dives deep into AI, PQC, classification, and the cultural challenges of balancing innovation with risk. If you're a CISO, security leader, or just trying to make sense of the data security landscape in 2025, you won’t want to miss it.

In a sea of sameness in the cybersecurity market, it’s easy to walk away feeling like every company says the exact same thing. “Autonomous.” “Agentic.” “AI-powered.” After a while, it all blends together. But every now and then, a brand cuts through the noise—not just because of a flashy event booth or viral stunt, but because it tells a compelling story with intention behind it. In the latest episode of the TechSpective Podcast, I sit down with Don Jeter, Chief Marketing Officer, and Leonid Belkind, CTO and Co-founder of Torq, to talk about what it takes to stand out in an industry that too often plays it safe. If you’ve seen Torq’s monster truck partnership or skeleton-themed branding at events like RSAC and wondered what’s behind the spectacle, this conversation peels back the curtain. But this isn’t just a story about branding. It’s a deeper discussion about authenticity, culture, and why cybersecurity marketing so often misses the mark. We explore how Torq built a company that reflects its people—irreverent, passionate, and unapologetically bold—and why that matters more than ever in today’s overcrowded cybersecurity landscape. We also talk about how automation is evolving beyond the limitations of legacy SOAR (Security Orchestration, Automation, and Response), and how AI—particularly agentic AI—is reshaping how security teams handle alerts, prioritize threats, and reclaim their time. The conversation touches on trust, risk, the future of security operations, and even gets into topics like self-driving cars, self-checkout lanes, and what it means for a new generation of analysts entering the field. If you’re interested in cybersecurity, brand differentiation, or how AI is transforming security operations, this episode is one you don’t want to miss. Check out the full episode now:

In the latest episode of the TechSpective Podcast, Errol Weiss, Chief Security Officer at Health-ISAC, joins me to dive into a timely and thought-provoking conversation on how cybersecurity collaboration is changing—especially when it comes to public and private sector relationships. For over a decade, Health-ISAC has played a vital role in helping healthcare organizations share threat intelligence and best practices. But in today’s environment, that collaboration is under pressure. The lines between private and public sector responsibility are becoming more blurred, and recent shifts in government participation are raising tough questions. Who is ultimately responsible for defending critical infrastructure? And what happens when the expected support simply isn’t there? Our discussion covers a wide range of themes—from the unique cybersecurity challenges facing hospitals and medical device manufacturers to the impact of political transitions on agency engagement. It also explores what it really means for organizations to be self-reliant in their defense efforts, and how global cooperation plays into the equation. This episode doesn’t offer easy answers—but it will make you think. If you’re in cybersecurity, healthcare, or just care about the systems we all depend on, this is one conversation you won’t want to miss. Tune in to hear how leaders like Weiss are adapting in real time and what the rest of us can learn from their approach. Listen now wherever you get your podcasts—or watch the full episode on YouTube.

How do you navigate a cybersecurity landscape where the threats are constantly evolving—and so is the government’s role in defending against them? I sat down with Jeff Man, a respected voice in cybersecurity and someone with deep roots in both the public and private sectors, to talk about this (and a bunch of other stuff) for the latest episode of the TechSpective Podcast. Jeff’s career spans more than four decades, including time at the National Security Agency during a pivotal era of transformation. He’s also spent years in the trenches with PCI-DSS compliance and now consults with companies across industries on how to build better, more resilient security programs. We talk about the philosophical and practical intersections between cybersecurity, trust, and governance in a rapidly changing world. Jeff and I discuss how cybersecurity has evolved since the Cold War, how the mythology around institutions like the NSA and Unit 8200 influences perception, and how recent political decisions are reshaping the roles of CISA, NSA, and other federal cyber agencies. But this episode isn’t just a retrospective or a policy rant. It’s a raw, candid, and sometimes uncomfortable look at where we are today. We question whether the growing skepticism of public institutions is warranted—and what it means when tech companies, not governments, are trusted as de facto arbiters of truth. And we grapple with the uncomfortable reality that while the cybersecurity stakes are higher than ever, the public’s confidence in traditional sources of authority may be at an all-time low. If you’re looking for a surface-level chat about tech trends, this isn’t it. But if you want to hear a thoughtful, unscripted discussion about the deeper issues impacting cybersecurity and society, this episode is a must-listen.

Cybersecurity isn’t what it used to be—and that’s a good thing. In the latest episode of the TechSpective Podcast, I sat down with Sunil Muralidhar, Vice President of Marketing and Partnerships at ColorTokens, to explore how organizations are rethinking traditional security approaches and what it means to be “breach ready” in today’s threat landscape. For years, enterprise security revolved around the concept of perimeter defense—building bigger walls and stronger gates to keep attackers out. But the game has changed. With cloud adoption, remote work, IT/OT convergence, and the rise of identity-based threats, the idea of a clearly defined perimeter no longer holds water. Sunil brings a wealth of experience to the table and makes a compelling case for why microsegmentation and Zero Trust architecture are no longer optional—they’re essential. The Shift from Reactive Defense to Proactive Containment Let’s face it: attackers are going to get in. Whether it’s through stolen credentials, social engineering, or misconfigured cloud resources, initial access is easier to achieve than ever. What matters now is what happens next. That’s where the concept of lateral movement becomes critical. Once inside, attackers often spend days, weeks, or even months quietly exploring internal networks, moving from one system to another in search of valuable assets. Breach readiness means being prepared to contain that movement, limit the blast radius, and prevent a minor incident from becoming a full-blown crisis. Sunil emphasizes that this isn't just a technical challenge—it's a business imperative. Cyber resilience is about ensuring that even when something goes wrong, operations continue with minimal disruption. It’s about keeping the business running while the security team does its job. Why Microsegmentation Matters At the heart of breach readiness is microsegmentation—a strategic approach that enforces strict access controls between workloads, devices, and users. It’s the digital equivalent of closing fire doors in a building: if one area is compromised, the threat can’t easily spread. But while the concept isn’t new, adoption has lagged due to complexity and fear of disruption. Sunil shares how ColorTokens is helping organizations overcome these barriers with simplified, agentless deployment models and greater visibility into interdependencies. The goal isn’t to create friction—it’s to build confidence that the right protections are in place without bringing operations to a halt. IT/OT Convergence: A New Frontier for Risk Another major topic we cover in the episode is the increasingly blurred line between IT and OT environments. Industrial systems that were once isolated are now networked, monitored, and managed remotely. While this drives efficiency and innovation, it also expands the attack surface. Sunil explains how the same principles of Zero Trust and microsegmentation apply here, too—just with additional considerations around legacy devices and protocols. Protecting these environments requires visibility, adaptability, and context-aware policy enforcement, especially when traditional agents can’t be installed. AI, Cloud, and the Evolving Threat Landscape We also touch on how AI is reshaping both attack and defense strategies, from identity spoofing to fully autonomous threats. With AI workloads increasingly built and deployed in the cloud, Sunil discusses why cloud-native security and identity-first protection are more important than ever. Breach readiness isn’t just about preventing attacks. It’s about designing systems that expect compromise, contain threats by default, and allow the business to stay resilient and responsive. Breach Ready This conversation is a must-listen for CISOs, security architects, and anyone navigating the modern cybersecurity landscape. Sunil brings thoughtful insights and practical advice to the table—and whether you’re already exploring Zero Trust or just starting ...

The rise of artificial intelligence has opened up exciting possibilities, but it’s also creating new challenges--particularly for cybersecurity. I sat down with my friend Sam Curry, Global VP and CISO in residence at Zscaler, for an in-depth conversation about the ways AI is transforming cybersecurity, how it’s being adopted across industries, and what organizations need to do to keep pace with these rapid changes. Throughout the discussion, Sam emphasizes that AI is no longer a question of "if," but "how." As generative AI tools like ChatGPT continue to grow in popularity, they are being used in everything from content creation to customer service. However, with the tremendous opportunities come significant risks. We take a closer look at how AI is reshaping cyberattacks, particularly the rise of AI-powered phishing scams and deepfakes, which are increasingly difficult to detect and can have devastating consequences for individuals and businesses alike. One of the most fascinating points of discussion in this episode of the TechSpective Podcast is the generational divide in AI adoption. While many tech-savvy individuals, particularly from older generations, have embraced AI tools, there’s a noticeable resistance from younger generations, who are more concerned about the environmental impact of these technologies. We explore these differing perspectives and discuss the complex ethical considerations around AI, including concerns about data privacy, security, and the power these tools give to cybercriminals. The episode also dives into the practical side of cybersecurity, with Sam outlining the importance of implementing zero trust and least privilege principles in organizational infrastructure. With AI and other emerging technologies continuously altering the attack surface, these concepts are becoming even more critical for businesses looking to safeguard their sensitive data and ensure they are prepared for the next wave of cyber threats. This episode is packed with valuable insights for anyone concerned with the future of AI, cybersecurity, and the evolving threat landscape. If you’re looking to understand how to navigate these changes and secure your organization against the growing risks of AI-powered attacks, you won’t want to miss this conversation. So, whether you're an IT professional, a business leader, or simply someone interested in the intersection of technology and security, this episode offers a must-listen perspective on the future of AI in cybersecurity. Tune in to learn how we can all better prepare for the AI-driven future of cybersecurity.

How do you balance business priorities and AI trends with truly effective cybersecurity practices—and make sure you’re still doing right by employees and customers? My friend Matt Alderman, Chief Product Officer at CyberSaint and host of the Business Security Weekly podast, joins me to talk about this and more for this TechSpective Podcast episode. Matt’s career spans decades in cybersecurity, from early consulting days to product leadership at several well-known companies. Beyond his own hands-on experience, he’s got a deep appreciation for how fast technology and security threats evolve—and how leaders must adapt. In this episode, Matt and I touch on: The buzz around AI and what it actually means for cybersecurity teams How automation and platform consolidation are reshaping budgets and tools The tricky intersection of ethics, risk management, and real-world security Observations on leadership and moral responsibility in an increasingly complex digital world One of the most compelling parts of my conversation with Matt Alderman was about the human side of business decisions—especially when it comes to hiring and layoffs. In an industry driven by growth metrics and investor expectations, it’s easy to lose sight of the fact that behind every headcount number is a real person with a life and family. Matt shared some personal stories and reflections that bring this reality into sharp focus. We talked about how leaders can—and should—factor empathy and ethics into their decision-making, even when the financial pressure is high. Letting people go might be a business necessity at times, but doing so with compassion and transparency matters. On the flip side, companies also need to be careful about overhiring in the first place, which often leads to the inevitable cycle of cutbacks. Doing the right thing and running a smart business aren’t mutually exclusive. It was great catching up with Matt, sharing stories of what worked, what didn’t, and where cybersecurity is headed next. Get a unique perspective on how AI can simultaneously empower attackers and defenders, and how boardroom decisions (and moral compasses) factor into cybersecurity strategies. You won’t want to miss this episode.

Cybersecurity is constantly evolving, and staying ahead of threats requires more than just tools—it demands strategy, leadership, and expertise. The unfortunate reality is that the threat landscape affects all companies regardless of industry or size, but many companies simply do not have the expertise or budget to defend effectively. On the latest episode of the TechSpective Podcast, I sat down with my good friend Den Jones, Founder and CEO of 909Cyber, to talk about his latest venture and why it’s helping to fill that void and hitting the mark for companies of all sizes. If you know Den, you know he’s not someone who stands still for long. From leading security initiatives at Adobe and Cisco to helping Banyan Security scale up before its acquisition, his career has been defined by forward motion. Now, with 909Cyber, he’s taking everything he’s learned and offering it as a service—literally. In this episode, Den shares the inspiration behind 909Cyber, his take on the current cybersecurity landscape, and why organizations today need flexible, pragmatic solutions more than ever. We talk about the challenges facing small and mid-sized businesses, the growing demand for virtual CISOs, and how a "strategy and execution" approach can fill critical security gaps. We also get into the mindset shift that's happening across the industry: it's no longer about buying the shiniest tool, but about understanding your business, your risks, and deploying the right solutions—sometimes with what you already have. Whether you’re a CISO, a business leader, or just interested in how cybersecurity consulting is evolving, this conversation is full of insights you won’t want to miss. Watch or listen to the full episode now and learn how 909Cyber is helping organizations rethink security from the ground up. You should also check out the Cyber909 podcast—which I recently guested on with Den.

I recently sat down with my long-time friend and cybersecurity expert, Michael Farnum, to discuss his journey in the industry, his role as an advisory CISO at Trace3, and the evolution of the Houston Security Conference—more commonly referred to as HOU.SEC.CON. Farnum has a deep-rooted passion for cybersecurity and his commitment to community-building shines through as he shares the story behind the creation of HOU.SEC.CON—a regional event that has grown into something much larger. We delve into how HOU.SEC.CON started as a local cybersecurity conference but quickly gained traction with a unique twist: a strong community focus and a deep commitment to providing valuable, non-vendor-centric content. As the conference expanded, so did its scope, with specialized tracks like OT.SEC.CON EXEC.SEC.CON, and recently YOUTH.SEC.CON catering to niche segments like operational technology, executive-level discussions, and providing guidance and education for students. One of the standout themes in our conversation is how HOU.SEC.CON has managed to create an environment that's distinct from the larger industry conferences like RSAC and Black Hat. Farnum reflected on the importance of keeping the event accessible and affordable, with tickets priced around $100 to ensure broad participation. It’s all about fostering a community of cybersecurity practitioners, not just showcasing the latest vendor offerings. In addition to talking about the event itself, we explore broader trends in cybersecurity, including the potential for AI to disrupt the job market. Farnum offers a candid perspective on how generative AI could affect entry-level cybersecurity roles and the skills required for the next generation of security professionals. While the conversation touches on some of the challenges ahead, it’s clear that Farnum is excited about the future of cybersecurity and the opportunities to pivot into new areas within the field. Whether you’re a seasoned cybersecurity professional or just starting out, this episode offers valuable insights into the changing landscape of the industry and the importance of community-driven events like HOU.SEC.CON. Tune in to hear more about Farnum’s experiences and his vision for the future of cybersecurity conferences. You’ll also hear about some exciting updates for HOU.SEC.CON in 2025, so check it out. Also, make sure you take a look at the upcoming events and register to attend: OT.SEC.CON – April 17 EXEC.SEC.CON – April 22 YOUTH.SEC.CON – September 30 HOU.SEC.CON – September 30 – October 1

In the latest episode of the TechSpective Podcast, I sit down with Anthony Freed, Director of Research Communications at Halcyon, to dive deep into the ever-evolving ransomware landscape. We explore how ransomware has transformed from a financial cybercrime tool into a powerful weapon with geopolitical implications. We had more technical difficulties than I prefer and the audio is rough in parts, but a great conversation nonetheless, so here it is. Anthony and I have been in this industry long enough to witness ransomware’s evolution firsthand. From the early days of financially motivated attacks to today’s sophisticated ransomware-as-a-service (RaaS) ecosystems, we break down the layers of this thriving criminal enterprise. We discuss the rise of initial access brokers, affiliate attackers, and even the IT support structures that cybercriminals use to scale their operations—almost mirroring legitimate businesses. But the conversation takes an even more unsettling turn as we examine the intersection of ransomware and nation-state operations. Many cybercriminal groups enjoy safe harbor in countries like Russia and China, and there’s increasing evidence that some attacks—particularly those targeting critical infrastructure, healthcare, and supply chains—are serving dual purposes: profiting from ransom payments while also advancing geopolitical agendas. Is ransomware just a financial nuisance, or is it a national security crisis? Why has the response from governments remained largely reactive, and what should be done to disrupt this growing threat? We tackle these hard questions while also exploring the blurred lines between cybercrime, espionage, and information warfare. If you’re concerned about the future of cybersecurity—and the role ransomware plays in the global power struggle—this is an episode you won’t want to miss. Tune in now to hear the full conversation.

TechSpective Podcast Episode 148 Security Information and Event Management (SIEM) solutions were once hailed as the cornerstone of modern cybersecurity, promising centralized visibility, streamlined threat detection, and efficient response. Over time, though, many organizations have struggled with SIEM’s complexities, high costs, and an overwhelming volume of alerts—often leading to what’s known as "swivel chair syndrome" as analysts jump between multiple tools to investigate and respond to incidents. Next-gen SIEM is working to change that, though, and redefine the role of security operations centers (SOCs), bringing AI-powered automation and intelligent threat detection into the equation. Ajit Sancheti, GM of Next-Gen SIEM at CrowdStrike, joins the TechSpective Podcast to explore how SIEM solutions are evolving and what security leaders should expect in the coming years. We discuss: The legacy SIEM dilemma – Why traditional SIEMs struggled with scalability, data overload, and false positives AI-driven analytics – How AI is transforming SOC workflows, making security operations more efficient The rise of predictive security – How AI-powered models are shifting cybersecurity from reactive to proactive Data complexity and visibility – Why organizations need a single source of truth for security data The future of automated response – How security teams can move beyond rule-based playbooks to more dynamic AI-driven decision-making Organizations are now looking beyond traditional security stacks to solutions that seamlessly integrate threat detection, automated response, and predictive intelligence—all without the manual tuning and endless configuration that plagued legacy systems. Where is SIEM headed, and what does it mean for your security strategy? If you’re a CISO, SOC analyst, or security leader, you should check out the conversation.