Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

Rethinking Security Risk - Mea Clift - Cyber Smokehouse - Episode #18

Cybersecurity careers are rarely linear, and building effective security leadership requires more than technical expertise alone. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Mea Clift, CISO at Cengage, for a conversation about cybersecurity career growth, leadership, curiosity, and risk management. Mea shares insights on how professionals can find their place within the cybersecurity industry, why curiosity is essential for long-term success, and how passion drives deeper expertise. The discussion also explores misconceptions about the CISO role, business impact assessments, security risk, and the realities of operating modern security programs. Outside of cybersecurity, the conversation shifts into Mea’s approach to smoking and grilling, including charcoal setups, smoking techniques, and favorite recipes.  Takeaways: * Cybersecurity professionals should find a specialty they’re passionate about. Mea explains that broad interest alone is not enough to build a successful cybersecurity career and encourages people to identify the specific area that excites them most. * Curiosity is critical for long-term success in security. The conversation highlights the importance of continuous learning because cybersecurity constantly evolves. * Passion helps professionals stand out in competitive hiring environments. Mea discusses how enthusiasm, projects, networking, and deep subject knowledge differentiate candidates during interviews. * Business impact assessments are an underrated security control. During the lightning round, Mea identifies business impact assessments as a security control that deserves more attention. * Risk remains a major challenge within the security industry. Mea gives a concise answer of “Risk” when asked what the industry is getting completely wrong. * There are misconceptions about what CISOs actually do. The discussion touches on common assumptions around the day-to-day work of CISOs and the operational realities behind security leadership roles. * Smoking and grilling are part of Mea’s creative outlet outside work. Mea shares details about her charcoal and wood smoking setup, favorite smoking techniques, and favorite  recipes. Quote of the Show: * “Life’s too short. You gotta follow your passion.” - Mea Clift Links: * LinkedIn: https://www.linkedin.com/in/mea-clift/ * Website: https://www.cengagegroup.com/ [https://www.cengagegroup.com/] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Cybersecurity Beyond Compliance - Matthew Mudry - Cyber Smokehouse - Episode #17

What happens when organizations scale rapidly through acquisition while simultaneously navigating AI adoption and evolving cyber risk? In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Matthew Mudry, CISO at Alera Group, to discuss the operational realities of securing large-scale acquisitions, integrating fragmented environments, and managing cybersecurity risk during periods of aggressive growth. Matthew shares firsthand experiences standardizing security across acquired organizations, balancing business pressure with security due diligence, and navigating the growing complexity introduced by AI technologies. The conversation explores M&A integration challenges, data loss prevention, access control, AI governance, leadership communication, security roadmaps, and the future of the CISO role.  Takeaways: * M&A creates significant operational security complexity. Matthew discusses the challenge of integrating acquired businesses into standardized security platforms and processes. * Security teams need earlier involvement in acquisitions. The conversation explores how organizations sometimes prioritize business growth before fully understanding integration and security risks. * AI introduces both opportunity and risk. Matthew shares concerns around AI misuse, access control, data loss prevention, and adversarial use cases while also discussing opportunities to improve security operations using AI. * Access control and DLP remain foundational. The episode repeatedly emphasizes the importance of strong access controls and data protection strategies when adopting AI technologies. * Security leaders must communicate effectively with executives. Matthew discusses translating technical risk into measurable business reporting through roadmaps, metrics, and leadership engagement. * Strong technical foundations matter for future leaders. Matthew advises aspiring cybersecurity leaders not to rush into management too early and stresses the importance of technical and risk management experience. * Quantum computing is becoming a long-term concern. The conversation explores future risks around encryption, legacy data exposure, and long-term data retention. Quote of the Show: * “What’s better than fighting AI with AI?” - Matthew Mudry Links: * LinkedIn: https://www.linkedin.com/in/matthewmudry/ * Website: http://www.aleragroup.com [http://www.aleragroup.com/] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Modern Cybersecurity Challenges: Explained- Mike Salem - Cyber Smokehouse - Episode #16

Cybersecurity is evolving faster than ever, and leaders are being forced to rethink how they approach risk, resilience, and modern defense strategies. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Mike Salem to discuss today’s rapidly changing cyber landscape and the growing influence of AI on both attackers and defenders. Throughout the conversation, Mike shares insights on emerging cyber threats, operational challenges facing security teams, and the importance of adaptability in modern cybersecurity leadership. The discussion also explores how organizations can better prepare for evolving risks while balancing innovation, visibility, and practical security execution. This episode offers valuable perspective for cybersecurity leaders, IT professionals, and organizations navigating constant technological change and increasing security complexity.  Takeaways: • AI is rapidly changing the cybersecurity landscape. The conversation explores how AI is accelerating both offensive and defensive cybersecurity capabilities and increasing the speed of change across the industry. • Security teams must continuously adapt. Mike discusses the operational challenges organizations face as threats evolve faster than traditional security processes. • Visibility and awareness remain critical.The episode highlights the importance of understanding environments, risks, and potential gaps before incidents occur. • Cybersecurity leadership requires flexibility. The discussion emphasizes the need for leaders to remain adaptable while balancing business priorities and security objectives. • Threat actors are evolving quickly. Mike shares perspectives on how modern attackers are becoming more sophisticated and accessible through emerging technologies. • Organizations must focus on practical execution. The conversation reinforces the importance of operationalizing security strategies rather than relying solely on theoretical frameworks. Quote of the Show: * “Threat actors are evolving faster than most organizations can react.” -  Mike Salem Links: * LinkedIn: https://www.linkedin.com/in/mikesalem2112/ [https://www.linkedin.com/in/mikesalem2112/] * Website: http://www.ihstowers.com [http://www.ihstowers.com/] * Mike’s Email: mss972@yahoo.com Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Security Fundamentals in an AI-Driven World - Zlatko Unger - Cyber Smokehouse - Episode #15

Tired of the buzzword bingo flooding the cybersecurity industry? So is Zlatko Unger. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Zlatko Unger, CISO Expert at Wiz, for a no-nonsense conversation that cuts straight through the AI noise and gets back to what actually matters in security. With over 18 years of experience spanning security, risk, privacy, and compliance, Zlatko brings the kind of hard-earned perspective that only comes from building and scaling security programs in the real world. From the growing complexity of identity and access management to the supply chain gaps that keep him up at night, Zlatko lays it all out plainly. You will walk away with a clearer picture of where AI is genuinely useful in security programs, where technical debt is quietly piling up while everyone chases the next shiny thing, and what it takes to lead remote security teams and communicate risk to a board that may not want to hear it. This one is packed with substance, humor, and the kind of candid insight you rarely get on a stage at RSA.  Takeaways: * AI hype is creating real operational risk. Organizations are rushing to adopt AI tools without the due diligence needed to understand what they are allowing or what risks are being introduced. * Foundational security is being deprioritized. Technical debt keeps accumulating and legacy threats are still getting through because teams are too distracted by what is new to fix what is old. * The AI agent space is where the near-term security value lives. Agentic tools that surface information faster and offer action suggestions are more meaningful than the AI-powered SOC marketing dominating the RSA floor. * Identity and access management is growing more complex, not less. There is no standard across SaaS platforms for how permissions and scoping work, leaving serious gaps in logs, accountability, and access control. * Supply chain and third-party risk still has massive gaps. Security teams often cannot trace where their data goes beyond the first layer of vendors, and AI black boxes embedded in vendor tools are making this harder. * Cloud security has matured, but smaller organizations are still the weak point. Larger organizations have developed stronger muscle memory for secure cloud configuration, while smaller businesses are still stumbling into basic misconfigurations. * Communicating risk to the board requires speaking their language. Translating technical risk into financial impact and tailoring the message to each stakeholder's function is what gets attention and drives action. * Building strong teams means distributing hiring judgment. A committee-based interview process that includes different perspectives and gives staff a real voice in the final decision helps catch what any one interviewer might miss. * Remote team culture requires intentional effort. In-person offsites, consistent communication, and encouraging team members to get outside and interact with people are all essential to keeping a remote team healthy. * A course correction is coming on AI. Zlatko predicts organizations will hit a wall trying to replace too many functions with AI and will ultimately swing back toward valuing people who know how to use it rather than replacing people with it. Quote of the Show: * “Using AI in every way, shape, or form creates a tremendous amount of risk across the organization.” - Zlakto Unger Links: * LinkedIn: https://www.linkedin.com/in/zlatkounger/ * Website: https://www.wiz.io [https://www.wiz.io/] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

How is AI changing both the threat landscape and the way security teams operate? Today’s guest is a seasoned cybersecurity leader navigating these changes at scale. Introducing David Cross, CISO at Atlassian. David joins Ernie Anderson and Graeme Payne to share how AI is reshaping cybersecurity, from attacker capabilities to internal defense strategies. He discusses how AI is lowering the barrier for attackers, why security teams must adapt to an increasingly fast-moving environment, and how organizations should think about managing risk as new technologies emerge. David also touches on the importance of understanding evolving threats, maintaining strong fundamentals, and ensuring teams are prepared to respond to continuous change.  Takeaways: * AI is lowering the barrier for attackers: David explains that AI makes it easier for more individuals to carry out attacks, increasing both the volume and accessibility of threats. * The pace of change is accelerating risk: He highlights that the speed at which AI is evolving is creating challenges for security teams trying to keep up. * Security teams must continuously adapt: David emphasizes that organizations cannot rely on static defenses and must evolve alongside the threat landscape. * Understanding threats is critical to defense:He discusses the importance of knowing how attackers operate in order to build effective security strategies. * Fundamentals still matter: Despite new technologies, core security practices remain essential in protecting organizations. * AI impacts both offense and defense: He notes that AI is not just a risk, but also a tool that can be used to strengthen security operations. Quote of the Show: * “The pace of change is only increasing.” - David Cross Links: * LinkedIn: https://www.linkedin.com/in/david-b-cross-b856657/ * Website: https://atlassian.com/ [https://atlassian.com/] * Personal Website: davidcrosstravels.com [http://davidcrosstravels.com] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]