Do You Need a CISO - Or Do You Need Security Leadership?

Do You Need a CISO - Or Do You Need Security Leadership?

NIS2 and DORA have changed who is accountable for cybersecurity. Boards are asking questions. Regulators want evidence. But hiring a full-time CISO is not the only answer. In this episode of The Cyber Insights Podcast (powered by Edge7 Networks), hosts Ronan Murray and Ian Finlayson explore the vCISO model - what it actually involves, how it differs from a full-time CISO, and why it has become the practical answer for organisations navigating NIS2, DORA, and growing board-level accountability without a dedicated security executive. Drawing on experience across multiple verticals and customer environments, Ian explains how a vCISO embeds as a trusted member of the organisation, not just an external consultant, and why that distinction matters for accountability, governance, and incident response. Together, they unpack how regulation is pushing security responsibility to the board, why bolt-on security roles inside IT teams are no longer enough, and how organisations at any maturity level can start building structured governance today. You'll learn: * Why NIS2 and DORA have changed who is accountable for cybersecurity * How a vCISO differs from a full-time CISO and when the model makes sense * What a cybersecurity risk register looks like and why boards need to see it * How maturity gap analysis maps out where to focus first * Why momentum matters more than perfection when building a security programme * What role the vCISO plays when a cyber incident hits Whether you're an IT manager pushing compliance upward to the board, a business leader who knows the gaps exist, or a CIO looking for structured security leadership without a full-time hire, this episode lays out a clear, practical path forward. Listen now for an honest look at what security leadership means for organisations that need it most.

ESG, Sustainability and Why IT Has a Bigger Role Than You Think | Michael O'Hara, Co-Founder, Techies Go Green

Is sustainability still on your organisation's radar, or has it quietly slipped down the priority list? And why are IT teams already influencing sustainability outcomes without even realising it? In this episode of The Cyber Insights Podcast (powered by Edge7 Networks), hosts Ronan Murray and Ian Finlayson are joined by Michael O'Hara, co-founder of Techies Go Green, to explore why ESG is shifting from values-led to value-led. With Earth Month as the backdrop, the conversation covers the origins of Techies Go Green and its growth to over a thousand member businesses across the UK and Ireland, why every meaningful sustainability metric now flows through digital systems, how CSRD and Scope 3 reporting are filtering down through supply chains to IT providers, the commercial case for action from solar ROI to cloud right-sizing, and what IT companies should do now to stay ahead of procurement requirements and certifications like ISO 14001. Whether you're an IT leader, MSP, or technology vendor, this episode lays out why sustainability isn't just a compliance exercise - it's a competitive differentiator.

Agentic AI, Zero Trust, and the Next Security Frontier

Agentic AI is changing how artificial intelligence operates inside enterprise environments. Unlike generative AI, agentic AI systems can take actions across systems, creating new challenges for AI security, Zero Trust architecture, and enterprise governance. In this episode of Cyber Insights, Ronan Murray and Ian Finlayson are joined by security leader and author Josh Woodruff to explore what agentic AI really means for organisations and why it introduces entirely new security and governance challenges. Josh explains how agentic AI systems operate, why they should be treated like junior employees with system access, and how organisations can safely introduce them into their environments. The discussion covers real-world use cases across supply chain, logistics, and operations, as well as the risks that come with autonomous systems acting at machine speed. The conversation also dives into the security implications. From prompt injection attacks and data poisoning to the need for kill switches and behavioural monitoring, organisations must rethink how they apply identity, access, and governance controls in an AI-driven world. Drawing from his book Agentic AI and Zero Trust, Josh outlines a practical framework for securing AI agents and explains why Zero Trust principles are becoming essential as AI moves from experimentation to operational deployment. In this episode: * What agentic AI is and how it differs from generative AI * Real-world use cases and where organisations are already deploying it * Why agentic AI should be treated like an intern with system access * The biggest security risks including prompt injection and rogue behaviour * How Zero Trust can help secure autonomous AI systems If your organisation is exploring AI beyond chatbots and copilots, this episode provides a clear and practical look at the opportunities and the security challenges ahead.

Jaye Tillson: The Evolution of Zero Trust | SASE, SSE & Universal ZTNA

SASE and SSE are everywhere. But for many organisations, they're still poorly understood, badly explained, or introduced far too late in the conversation. In this episode of The Cyber Insights Podcast (powered by Edge7 Networks), hosts Ronan Murray and Ian Finlayson are joined by Jaye Tillson, Security CTO and Distinguished Technologist at HPE, to bring clarity to SASE, SSE, and the evolution of Zero Trust. Drawing on decades of experience across both customer and vendor environments, Jaye explains why these architectures emerged, how they've evolved since the early days of SD-WAN, and why "Universal ZTNA" is becoming the missing link between on-prem and remote access. Together, they explore how security and networking are converging again, why legacy VPNs are no longer fit for purpose, and how organisations should approach SASE and SSE as a journey driven by real business risk, not buzzwords. You'll learn: · Why SASE and SSE work best when aligned to specific business problems · How Universal ZTNA brings consistent Zero Trust on-prem and remote · Why embedding security in the network changes everything · How to avoid failed SASE projects caused by buying before understanding · Where AI is already influencing access, visibility, and data protection · What the next phase of Zero Trust is likely to look like Whether you're responsible for security strategy, network architecture, or translating cyber risk to the business, this episode provides a clear, practical perspective on where access and security are heading. Listen now for a grounded view of SASE, SSE, and Zero Trust without the hype.

Andre Lynch: AI in Cybersecurity - Separating Hype from Reality

Are AI-powered cyberattacks really the existential threat vendors claim? Or are we being sold fear to fuel product sales? In this episode of The Cyber Insights Podcast (powered by Edge7 Networks), hosts Ronan Murray and Ian Finlayson are joined by Andre Lynch, Senior Sales Engineer at ConnectWise, to cut through the AI marketing noise and reveal what's actually happening in the cybersecurity landscape. Together, they explore how threat actors are really using AI today, where defensive AI genuinely adds value, and why that viral MIT study claiming 80% of ransomware uses AI was completely debunked. You'll learn: · Why AI threats are overhyped but still worth watching closely · How threat actors use AI to make existing attacks 20% more convincing · Where AI actually helps security teams (hint: it's about speed, not replacement) · Why 100-200 million monthly logs require AI assistance to analyse effectively · What polymorphic malware means for the future of endpoint security · Why security professionals need to understand "vibe coding" and prompt validation Whether you're a security leader evaluating AI tools or simply trying to understand what's real versus marketing spin, this episode delivers honest insights on AI's current role in cybersecurity. Listen now and make informed decisions about AI security investments.