Humans vs. AI, Who is The Bigger Business Risk?

Dr. Zero Trust Talks AI Threats, Fraud Detection, AI Entrepreneurship

Fraud doesn’t hide because it’s clever. It hides because our models keep looking for “normal” instead of interrogating “wrong.” That’s where this conversation with Dr. Chase Cunningham (known to many as “Dr. Zero Trust”) gets practical fast. We talk about his recent patent work using deterministic math to surface fraud inside huge systems, and why the usual data science playbook of finding enough “good” data to train on can be a trap when the real signal is buried in what shouldn’t be happening at all. From there, we zoom out to the AI toolchain most teams are using today. LLMs like Claude and ChatGPT can be powerful, but they’re often optimized to produce the next best-looking answer, not the most adversarial truth. We dig into how to “turn the system on its head” with better prompting, correlation thinking, and agentic AI swarms that behave like a room full of specialists attacking one problem from different angles. If you’re wondering what the next step is beyond using AI for emails, this is the blueprint: orchestration, role clarity, and tight feedback loops. Then we hit the elephant in the room: AI security. Shadow AI, sensitive data leakage, and agents that can accidentally expose HR documents or internal secrets all come back to fundamentals like identity and access management, least privilege, micro-segmentation, and non-human identities. Zero trust principles still apply, but the speed and scale of agentic systems make every gap matter more. We close with what keeps Chase up at night, including deepfakes and the erosion of shared reality, plus where to follow for more. Subscribe, share this with a teammate who’s rolling out AI, and leave a review if it helps. What’s the one AI use case you want, but you’re not deploying yet because security feels messy? Josh's LinkedIn [https://www.linkedin.com/in/joshbruyning/]

Humans vs. AI, Who is The Bigger Business Risk?

AI feels like a shortcut until it becomes a liability. We sit down with Nikki Robinson, STSM of AI and Platform at IBM and co author of Human Factors and Cybersecurity, plus security and risk executive Jennifer Baca, to get brutally practical about responsible AI use, data privacy, and what “secure” even means when the tooling changes weekly. We start with the basics that too many teams skip: due diligence, responsible disclosure, and why you should learn prompt engineering by experimenting in safe sandboxes. Then we dig into the real world problem of families and coworkers pasting sensitive data into chatbots. Nikki explains why LLMs are company owned systems, why terms of service matter, and why you cannot treat AI outputs as truth. Hallucinations, made up citations, and overconfidence are not edge cases, they are daily hazards that demand critical thinking and verification. From there, the conversation turns to work and careers. We talk about LLMs as interactive partners that can accelerate cloud learning, generate Terraform, and turn developers into “10x” builders when used thoughtfully. The employment takeaway is clear: you may not be replaced by AI, but you can be replaced by someone who knows how to use AI to improve workflows and communicate outcomes to leadership. Finally, we connect human factors, psychology, and cybersecurity culture. Instead of blaming people, we explore secure by default design, psychological safety, broken metrics in SOC environments, and how emerging frameworks like the NIST AI Risk Management Framework point toward future AI compliance. If you lead a small or mid sized business, we close with concrete steps using AI features already inside tools like Copilot and Slack AI without creating dangerous tool sprawl. Subscribe, share this with a teammate, and leave a review if it helps. What is one AI rule you want your organization to adopt this month? To get ready for the AI economy, visit Cybernomics.io [https://cybernomics.io/] Josh's LinkedIn [https://www.linkedin.com/in/joshbruyning/]

The Hiring Process Is Broken And We Have To Fix It

Ten months of job hunting can mess with your identity, even when you know you’re good at what you do. We sit down with Jennifer “Jen” T. Baca, a cybersecurity risk leader and single mom, to talk honestly about what it feels like to be qualified, visible, and still stuck in the silence of today’s hiring market. We get into the mental weight of layoffs, the endless loop of applications, and the weird reality that finding a job now demands its own set of skills: LinkedIn strategy, resume tactics, interviewing stamina, and relentless networking.   Jen also shares the silver linings she didn’t expect: conference exposure, community leadership, and the kind of communication and empathy that can turn a solid cybersecurity manager into a truly effective security leader. We talk imposter syndrome, culture fit, and why “overqualified” is often just a polite way of saying “not our person.” If you’re in governance, risk, and compliance (GRC) or cybersecurity leadership, you’ll recognize the tension between wanting meaningful work and needing stability now.   Then we shift into the work itself: real-world healthcare cybersecurity risks, the business cost of phishing and account compromise, and how to translate security risk into board-level language tied to revenue, trust, and HIPAA. We also dig into women in cybersecurity, minority experiences in male-dominated rooms, and why soft skills and emotional intelligence are not optional in modern security teams.   If you’ve ever been ghosted after a great interview, this one will hit. Subscribe to Cybernomics, share this with someone in the job hunt, and leave a review if you want more conversations that tell the truth and push the industry to do better. Josh's LinkedIn [https://www.linkedin.com/in/joshbruyning/]

Security Appreciation, The Human Firewall, and The Future of AI

Most scams don’t start with “bad technology” they start with a perfectly normal human impulse to trust. Josh Bruyning sits down with security speaker Robert Siciliano to get honest about why cybersecurity still doesn’t stick for everyday people, even when the stakes are obvious to CISOs and security teams. We dig into the uncomfortable truth: denial feels good, and compliance training often turns security into a chore instead of a skill that protects real lives. Robert explains his idea of the “human blind spot” the biological default to trust what seems familiar, even when the message arrives by email, text, phone call, or a convincing deepfake. From there, we get practical about the basics that still move the needle: unique passwords, password managers, and two-factor authentication for critical accounts, especially email. If attackers “own the email,” they can reset passwords, take over financial apps, and cause damage that looks a lot like you doing it. We also reframe security as something healthy, not paranoid. Think seatbelts, home locks, and proactive protection rather than fear. Robert lays out the shift from security awareness (knowing) to security appreciation (caring), plus the “strategic human firewall” mindset that turns people into an active layer of detection at work and at the kitchen table at home. Then we look ahead: AI fraud, voice cloning, deepfakes, and pig butchering scams are scaling fast, and the old red flags are disappearing. If you want to follow Robert, find him across social media and at protectnowlc.com. Subscribe to Cybernomics, share this with someone who still says “why would they target me,” and leave a review so more people learn how to verify before they trust. Josh's LinkedIn [https://www.linkedin.com/in/joshbruyning/]

Who's winning, the good guys or bad guys?

We dig into why security awareness fails even when the risks are obvious, and why the real challenge is human behavior rather than tools. Robert explains the “human blind spot” and how AI deepfakes and voice cloning make trust harder to manage at every level.  • CISOs and tech executives as unsung heroes protecting modern life  • why attackers target people instead of systems  • the human blind spot as biology overriding digital suspicion  • how social engineering uses trust and mental shortcuts  • AI deepfakes and voice cloning raising the stakes for fraud  • denial and convenience driving weak password habits  • low adoption of unique passcodes and two-factor authentication  • basic digital literacy questions like judging safe links  Josh's LinkedIn [https://www.linkedin.com/in/joshbruyning/]