Cyber Smokehouse

Modern Cybersecurity Challenges: Explained- Mike Salem - Cyber Smokehouse - Episode #17

Cybersecurity is evolving faster than ever, and leaders are being forced to rethink how they approach risk, resilience, and modern defense strategies. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Mike Salem to discuss today’s rapidly changing cyber landscape and the growing influence of AI on both attackers and defenders. Throughout the conversation, Mike shares insights on emerging cyber threats, operational challenges facing security teams, and the importance of adaptability in modern cybersecurity leadership. The discussion also explores how organizations can better prepare for evolving risks while balancing innovation, visibility, and practical security execution. This episode offers valuable perspective for cybersecurity leaders, IT professionals, and organizations navigating constant technological change and increasing security complexity.  Takeaways: • AI is rapidly changing the cybersecurity landscape. The conversation explores how AI is accelerating both offensive and defensive cybersecurity capabilities and increasing the speed of change across the industry. • Security teams must continuously adapt. Mike discusses the operational challenges organizations face as threats evolve faster than traditional security processes. • Visibility and awareness remain critical.The episode highlights the importance of understanding environments, risks, and potential gaps before incidents occur. • Cybersecurity leadership requires flexibility. The discussion emphasizes the need for leaders to remain adaptable while balancing business priorities and security objectives. • Threat actors are evolving quickly. Mike shares perspectives on how modern attackers are becoming more sophisticated and accessible through emerging technologies. • Organizations must focus on practical execution. The conversation reinforces the importance of operationalizing security strategies rather than relying solely on theoretical frameworks. Quote of the Show: * “Threat actors are evolving faster than most organizations can react.” -  Mike Salem Links: * LinkedIn: https://www.linkedin.com/in/mikesalem2112/ [https://www.linkedin.com/in/mikesalem2112/] * Website: http://www.ihstowers.com [http://www.ihstowers.com/] * Mike’s Email: mss972@yahoo.com Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Security Fundamentals in an AI-Driven World - Zlatko Unger - Cyber Smokehouse - Episode #15

Tired of the buzzword bingo flooding the cybersecurity industry? So is Zlatko Unger. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Zlatko Unger, CISO Expert at Wiz, for a no-nonsense conversation that cuts straight through the AI noise and gets back to what actually matters in security. With over 18 years of experience spanning security, risk, privacy, and compliance, Zlatko brings the kind of hard-earned perspective that only comes from building and scaling security programs in the real world. From the growing complexity of identity and access management to the supply chain gaps that keep him up at night, Zlatko lays it all out plainly. You will walk away with a clearer picture of where AI is genuinely useful in security programs, where technical debt is quietly piling up while everyone chases the next shiny thing, and what it takes to lead remote security teams and communicate risk to a board that may not want to hear it. This one is packed with substance, humor, and the kind of candid insight you rarely get on a stage at RSA.  Takeaways: * AI hype is creating real operational risk. Organizations are rushing to adopt AI tools without the due diligence needed to understand what they are allowing or what risks are being introduced. * Foundational security is being deprioritized. Technical debt keeps accumulating and legacy threats are still getting through because teams are too distracted by what is new to fix what is old. * The AI agent space is where the near-term security value lives. Agentic tools that surface information faster and offer action suggestions are more meaningful than the AI-powered SOC marketing dominating the RSA floor. * Identity and access management is growing more complex, not less. There is no standard across SaaS platforms for how permissions and scoping work, leaving serious gaps in logs, accountability, and access control. * Supply chain and third-party risk still has massive gaps. Security teams often cannot trace where their data goes beyond the first layer of vendors, and AI black boxes embedded in vendor tools are making this harder. * Cloud security has matured, but smaller organizations are still the weak point. Larger organizations have developed stronger muscle memory for secure cloud configuration, while smaller businesses are still stumbling into basic misconfigurations. * Communicating risk to the board requires speaking their language. Translating technical risk into financial impact and tailoring the message to each stakeholder's function is what gets attention and drives action. * Building strong teams means distributing hiring judgment. A committee-based interview process that includes different perspectives and gives staff a real voice in the final decision helps catch what any one interviewer might miss. * Remote team culture requires intentional effort. In-person offsites, consistent communication, and encouraging team members to get outside and interact with people are all essential to keeping a remote team healthy. * A course correction is coming on AI. Zlatko predicts organizations will hit a wall trying to replace too many functions with AI and will ultimately swing back toward valuing people who know how to use it rather than replacing people with it. Quote of the Show: * “Using AI in every way, shape, or form creates a tremendous amount of risk across the organization.” - Zlakto Unger Links: * LinkedIn: https://www.linkedin.com/in/zlatkounger/ * Website: https://www.wiz.io [https://www.wiz.io/] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

How is AI changing both the threat landscape and the way security teams operate? Today’s guest is a seasoned cybersecurity leader navigating these changes at scale. Introducing David Cross, CISO at Atlassian. David joins Ernie Anderson and Graeme Payne to share how AI is reshaping cybersecurity, from attacker capabilities to internal defense strategies. He discusses how AI is lowering the barrier for attackers, why security teams must adapt to an increasingly fast-moving environment, and how organizations should think about managing risk as new technologies emerge. David also touches on the importance of understanding evolving threats, maintaining strong fundamentals, and ensuring teams are prepared to respond to continuous change.  Takeaways: * AI is lowering the barrier for attackers: David explains that AI makes it easier for more individuals to carry out attacks, increasing both the volume and accessibility of threats. * The pace of change is accelerating risk: He highlights that the speed at which AI is evolving is creating challenges for security teams trying to keep up. * Security teams must continuously adapt: David emphasizes that organizations cannot rely on static defenses and must evolve alongside the threat landscape. * Understanding threats is critical to defense:He discusses the importance of knowing how attackers operate in order to build effective security strategies. * Fundamentals still matter: Despite new technologies, core security practices remain essential in protecting organizations. * AI impacts both offense and defense: He notes that AI is not just a risk, but also a tool that can be used to strengthen security operations. Quote of the Show: * “The pace of change is only increasing.” - David Cross Links: * LinkedIn: https://www.linkedin.com/in/david-b-cross-b856657/ * Website: https://atlassian.com/ [https://atlassian.com/] * Personal Website: davidcrosstravels.com [http://davidcrosstravels.com] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Faster Innovation, Greater Risk - Jason Loomis - Cyber Smokehouse - Episode #13

How do you secure an environment when the technology is evolving faster than teams can keep up? Today’s guest is a cybersecurity leader operating at the intersection of AI, product security, and enterprise scale. Introducing Jason Loomis, CISO at Freshworks. Jason joins Ernie Anderson and Graeme Payne to share why the speed of AI innovation is becoming one of the biggest challenges in cybersecurity today. He dives into how AI is accelerating both development and risk, the growing difficulty of maintaining guardrails in AI-generated code, and why organizations are still struggling to implement governance at scale. Jason also shares a candid perspective on how AI may impact the future of cybersecurity talent, particularly at the entry level, and why continuous learning is becoming non-negotiable for security professionals.  Takeaways: * The biggest challenge is simply keeping up. Jason states directly that the pace of change, especially driven by AI, is the hardest problem organizations face today. * AI is accelerating both productivity and risk. From a development perspective, AI is increasing output and speed, but from a security perspective, it introduces new challenges around control and governance. * Guardrails for AI-generated code are not mature yet. He highlights that while AI can write code, implementing consistent security controls and governance across tools is still difficult and not easily standardized. * Entry-level cybersecurity roles are at risk. Jason explains that AI is already replacing lower-level roles like SOC analysts and GRC positions, which may impact long-term talent development. * AI could reduce the future talent pipeline. He raises concern that removing entry-level learning opportunities may lead to fewer experienced professionals advancing into senior roles over time. * Software supply chain risk is a growing concern. Beyond AI itself, Jason points to supply chain security as a major emerging challenge that organizations must address. * AI literacy is becoming mandatory. He makes it clear that security professionals who are not actively learning and using AI risk becoming obsolete in the near future.  Quote of the Show: * “Keeping up… it’s just fast, and AI is exponentially making it faster.” - Jason Loomis Links: * LinkedIn: https://www.linkedin.com/in/jasonloomis1/recent-activity/images/ * Website: https://www.freshworks.com/?tactic_id=6909181&utm_source=social&utm_medium=linkedin&utm_campaign=aboutpage&utm_ter [https://www.freshworks.com/?tactic_id=6909181&utm_source=social&utm_medium=linkedin&utm_campaign=aboutpage&utm_term=organic] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Foundations Still Define Cybersecurity Success - Merlin Namuth - Cyber Smokehouse - Episode #12

Why do organizations still struggle with cybersecurity despite more tools and innovation than ever before? Today’s guest is a seasoned cybersecurity executive with deep experience across enterprise and public sector environments. Introducing Merlin Namuth, CISO for the City and County of Denver. Merlin joins hosts Ernie Anderson and Graeme Payne to share why foundational security practices continue to be the biggest challenge for organizations today. He dives into why core disciplines like asset management and vulnerability management are often overlooked despite being critical, how AI is both a force multiplier and a growing threat, and why leadership, communication, and continuous learning are essential in cybersecurity. Merlin also shares practical insights on building high-performing teams, developing talent, and staying relevant in an industry that is constantly evolving.   Takeaways: * Foundational security practices remain the biggest gap. Merlin emphasizes that organizations still struggle with core areas like hardware asset management, software tracking, and vulnerability management, despite their importance to reducing risk. * “Basic” security is not actually easy. He reframes “basic” controls as “foundational” because they are difficult to implement consistently at any scale, regardless of organization size. * AI is both a force multiplier and a threat. AI improves detection and response capabilities, but adversaries are also using it to rapidly develop exploits, increasing the pace of threats. * Cybersecurity requires constant learning. The field changes rapidly, and professionals must continuously invest time in learning new technologies, compliance changes, and evolving threats. * Leadership requires trust, feedback, and self-reflection. Merlin highlights the importance of having a trusted inner circle that can provide honest feedback and help leaders improve over time. * Attracting talent requires a strong team culture. In public sector environments where compensation may be lower, promoting the quality of the team and mission helps attract strong candidates. * Security programs must align across the business. He discusses working closely with functions like legal and communicating risk in ways that resonate with broader organizational goals. Quote of the Show: * “I still see organizations just struggle with what I call the foundational elements of security.” - Merlin Namuth Links: * LinkedIn: https://www.linkedin.com/in/merlin-namuth/ * Website: SeeYourselfHere.org [https://seeyourselfhere.org/] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]