Shift Left, Real Moats, and Where Your Data Actually Goes, with Chris Bollerud

Shift Left, Real Moats, and Where Your Data Actually Goes, with Chris Bollerud

Most security leaders come up through IT or risk. Chris Bollerud came up through code, and it changes how he sees the entire field. Chris is the CISO at AppZen, an AI-driven finance platform, and a software engineer of more than twenty years before that. In this episode he explains why AI gives attackers and defenders the same speed boost, why shifting left only works when you automate the catch instead of training developers and hoping, and how a single dinner with two competing vendors reframed his view of application security. From there the conversation widens out. Chris makes the case that third party risk management is overdue for a reset, that frameworks like ISO 42001 and the NIST AI RMF have not earned enterprise trust, and that nearly every security questionnaire reduces to one question: where does my data go. He also shares the one line from an early career review that reshaped how he communicates, why he thinks AI slop is the next propaganda problem, and what makes a real moat when a buyer can rebuild most of your tool in weeks. A wide-ranging conversation for anyone in or around cybersecurity, from practitioners and vendors to investors and regulators. Listen and follow so you don't miss what's next.

Line Cook to CISO: Eric Freeman on AI, Access Control, and Why Security Is Just Dinner Prep

Eric Freeman is the CISO at Writer, an AI-native company that has built its own large language model. Before that, he worked across blockchain and emerging technology. Before any of that, he was a line cook pulling 16-hour shifts in a restaurant kitchen six days a week. That background shows up in everything about how he leads. In this episode, Eric draws a direct line between prepping for dinner service and implementing security controls, between reading a plate and reading a log, between surviving a Friday night rush and surviving a major incident. We get into how AI is changing both offense and defense in cybersecurity right now, with specific examples of how his team is using LLMs to automate vulnerability validation end-to-end. He explains why context is the only thing that makes AI useful and shares a learning framework where team members use personal analogies to internalize unfamiliar concepts through LLMs. Eric also doesn't hold back on what's broken. He makes the case that cybersecurity stress is a structural problem, not a personal one, and proposes a mandatory security credit score for businesses. He breaks down prompt injection as social engineering for machines, agents as scripts with more dynamicness, and reduces all of cybersecurity to a single mental model: access control. We close with his framework for the three camps of cybersecurity buyers, why two of those camps are the reason the industry still sells on fear, and how to build a security culture with engineers by making the secure path the fastest path. For practitioners, vendors, investors, and anyone trying to understand how the cybersecurity industry actually works underneath the noise. Connect with Eric Freeman on LinkedIn: https://www.linkedin.com/in/eric-m-freeman/

Data Governance, Board Buy-In, and the Thing You Can't Shut Off: A CISO's Cross-Industry Playbook

Janet Heins has led cybersecurity programs in pharma, manufacturing, cruise lines, broadcast media, and healthcare. Every industry felt unique from the inside, and they are. But the patterns she's found underneath are what make this conversation worth listening to. Every industry has a system that can't be shut off, even when security demands it. Every organization has legacy infrastructure that's too embedded to replace and too old to protect with modern tools. And almost no company has a dedicated leader responsible for governing the data that everything else depends on. In this episode, Janet walks through what she's learned moving across industries by design. She shares the four-category framework she uses to get board buy-in for cybersecurity investments: operational, financial, reputational, and regulatory. She explains why aligning security to the company's mission is the difference between being seen as the department that says no and being treated as a strategic partner. And she gets into why data governance is the gap that's making every other cybersecurity and AI challenge harder than it needs to be. We also talk about AI and what it means for practitioners right now, why university cybersecurity curricula are struggling to keep pace, what major security incidents actually feel like from the inside, and what Janet learned writing her book Go Ahead, Ask For It about making your value visible and advancing your career. This one is for CISOs who want a framework they can use in any industry, practitioners thinking about career growth, vendors who want to understand how security leaders actually make decisions, and investors trying to evaluate security maturity from the outside. Connect with Janet Heins on LinkedIn: https://www.linkedin.com/in/janetheins/ Get Go Ahead, Ask For It on Amazon: https://www.amazon.com/Go-Ahead-Ask-Value-Undeniable-ebook/dp/B0GLR2W4D5

OEM Partnerships: What Every Practitioner, Vendor, and Investor Needs to Understand

The threat intel in your SIEM, the scanning engine in your endpoint tool, the analysis powering your detection platform. There's a good chance those capabilities come from a company you've never directly evaluated. That's OEM. And it touches every corner of cybersecurity. Chad Loeven has spent 20 years building OEM partnerships on both sides of the table, licensing technology inbound as a buyer and outbound as a seller. In this episode, he breaks open one of the most misunderstood parts of the cybersecurity market and explains how it actually works. We get into what qualifies as OEM versus resale or MSSP, why OEM can be the smartest go-to-market path for startups, and the real stories behind deals that worked and deals that didn't. Chad shares the seven-figure Yahoo contract that nearly drained his company, the DLP product that proved some solutions just don't OEM well, and the time he walked into a company where 25% of revenue disappeared overnight because of a single OEM dependency. But this isn't just a conversation for partnership teams. If you're a practitioner, this episode explains why some capabilities in your stack feel native and others feel bolted on. It's about your vendors' partner ecosystems and why they matter to your security posture. If you're an investor, Chad breaks down why OEM revenue gets discounted, when that discount is justified, and the concentration risk questions you should be asking during due diligence. If you're a vendor, you'll walk away with a framework for which products OEM well, how to structure deals that don't erode your margins, and why technology integrations are the front door to your best OEM relationships. OEM is the invisible infrastructure underneath most of the cybersecurity products the industry depends on. This conversation makes it visible.

Code War: How Nations Hack, Spy & Shape the Digital Battlefield — Allie Mellen on Cybersecurity’s Geopolitical Evolution

Explore the ever-evolving digital battlefield on the Cybersecurity Ecosystem Show as we connect the dots between nations, history, and the future of cyber conflict. In this episode, Allie Mellen discusses her new book on how the United States, China, and Russia leverage hacking and information operations to shape global security and power. From the impact of multi-domain warfare in the Gulf War to Russia's cyber experimentation in Ukraine, Allie Mellen unpacks nation-state motivations, social contracts, and what every sector—from practitioners to investors, vendors, and regulators—needs to understand about the present and future of cyberwarfare. Join us as we bridge history, technology, and practical insights for the entire cybersecurity community.