Cybersecurity Beyond Compliance - Matthew Mudry - Cyber Smokehouse - Episode #17

Cybersecurity Beyond Compliance - Matthew Mudry - Cyber Smokehouse - Episode #17

What happens when organizations scale rapidly through acquisition while simultaneously navigating AI adoption and evolving cyber risk? In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Matthew Mudry, CISO at Alera Group, to discuss the operational realities of securing large-scale acquisitions, integrating fragmented environments, and managing cybersecurity risk during periods of aggressive growth. Matthew shares firsthand experiences standardizing security across acquired organizations, balancing business pressure with security due diligence, and navigating the growing complexity introduced by AI technologies. The conversation explores M&A integration challenges, data loss prevention, access control, AI governance, leadership communication, security roadmaps, and the future of the CISO role.  Takeaways: * M&A creates significant operational security complexity. Matthew discusses the challenge of integrating acquired businesses into standardized security platforms and processes. * Security teams need earlier involvement in acquisitions. The conversation explores how organizations sometimes prioritize business growth before fully understanding integration and security risks. * AI introduces both opportunity and risk. Matthew shares concerns around AI misuse, access control, data loss prevention, and adversarial use cases while also discussing opportunities to improve security operations using AI. * Access control and DLP remain foundational. The episode repeatedly emphasizes the importance of strong access controls and data protection strategies when adopting AI technologies. * Security leaders must communicate effectively with executives. Matthew discusses translating technical risk into measurable business reporting through roadmaps, metrics, and leadership engagement. * Strong technical foundations matter for future leaders. Matthew advises aspiring cybersecurity leaders not to rush into management too early and stresses the importance of technical and risk management experience. * Quantum computing is becoming a long-term concern. The conversation explores future risks around encryption, legacy data exposure, and long-term data retention. Quote of the Show: * “What’s better than fighting AI with AI?” - Matthew Mudry Links: * LinkedIn: https://www.linkedin.com/in/matthewmudry/ * Website: http://www.aleragroup.com [http://www.aleragroup.com/] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Modern Cybersecurity Challenges: Explained- Mike Salem - Cyber Smokehouse - Episode #16

Cybersecurity is evolving faster than ever, and leaders are being forced to rethink how they approach risk, resilience, and modern defense strategies. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Mike Salem to discuss today’s rapidly changing cyber landscape and the growing influence of AI on both attackers and defenders. Throughout the conversation, Mike shares insights on emerging cyber threats, operational challenges facing security teams, and the importance of adaptability in modern cybersecurity leadership. The discussion also explores how organizations can better prepare for evolving risks while balancing innovation, visibility, and practical security execution. This episode offers valuable perspective for cybersecurity leaders, IT professionals, and organizations navigating constant technological change and increasing security complexity.  Takeaways: • AI is rapidly changing the cybersecurity landscape. The conversation explores how AI is accelerating both offensive and defensive cybersecurity capabilities and increasing the speed of change across the industry. • Security teams must continuously adapt. Mike discusses the operational challenges organizations face as threats evolve faster than traditional security processes. • Visibility and awareness remain critical.The episode highlights the importance of understanding environments, risks, and potential gaps before incidents occur. • Cybersecurity leadership requires flexibility. The discussion emphasizes the need for leaders to remain adaptable while balancing business priorities and security objectives. • Threat actors are evolving quickly. Mike shares perspectives on how modern attackers are becoming more sophisticated and accessible through emerging technologies. • Organizations must focus on practical execution. The conversation reinforces the importance of operationalizing security strategies rather than relying solely on theoretical frameworks. Quote of the Show: * “Threat actors are evolving faster than most organizations can react.” -  Mike Salem Links: * LinkedIn: https://www.linkedin.com/in/mikesalem2112/ [https://www.linkedin.com/in/mikesalem2112/] * Website: http://www.ihstowers.com [http://www.ihstowers.com/] * Mike’s Email: mss972@yahoo.com Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Security Fundamentals in an AI-Driven World - Zlatko Unger - Cyber Smokehouse - Episode #15

Tired of the buzzword bingo flooding the cybersecurity industry? So is Zlatko Unger. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Zlatko Unger, CISO Expert at Wiz, for a no-nonsense conversation that cuts straight through the AI noise and gets back to what actually matters in security. With over 18 years of experience spanning security, risk, privacy, and compliance, Zlatko brings the kind of hard-earned perspective that only comes from building and scaling security programs in the real world. From the growing complexity of identity and access management to the supply chain gaps that keep him up at night, Zlatko lays it all out plainly. You will walk away with a clearer picture of where AI is genuinely useful in security programs, where technical debt is quietly piling up while everyone chases the next shiny thing, and what it takes to lead remote security teams and communicate risk to a board that may not want to hear it. This one is packed with substance, humor, and the kind of candid insight you rarely get on a stage at RSA.  Takeaways: * AI hype is creating real operational risk. Organizations are rushing to adopt AI tools without the due diligence needed to understand what they are allowing or what risks are being introduced. * Foundational security is being deprioritized. Technical debt keeps accumulating and legacy threats are still getting through because teams are too distracted by what is new to fix what is old. * The AI agent space is where the near-term security value lives. Agentic tools that surface information faster and offer action suggestions are more meaningful than the AI-powered SOC marketing dominating the RSA floor. * Identity and access management is growing more complex, not less. There is no standard across SaaS platforms for how permissions and scoping work, leaving serious gaps in logs, accountability, and access control. * Supply chain and third-party risk still has massive gaps. Security teams often cannot trace where their data goes beyond the first layer of vendors, and AI black boxes embedded in vendor tools are making this harder. * Cloud security has matured, but smaller organizations are still the weak point. Larger organizations have developed stronger muscle memory for secure cloud configuration, while smaller businesses are still stumbling into basic misconfigurations. * Communicating risk to the board requires speaking their language. Translating technical risk into financial impact and tailoring the message to each stakeholder's function is what gets attention and drives action. * Building strong teams means distributing hiring judgment. A committee-based interview process that includes different perspectives and gives staff a real voice in the final decision helps catch what any one interviewer might miss. * Remote team culture requires intentional effort. In-person offsites, consistent communication, and encouraging team members to get outside and interact with people are all essential to keeping a remote team healthy. * A course correction is coming on AI. Zlatko predicts organizations will hit a wall trying to replace too many functions with AI and will ultimately swing back toward valuing people who know how to use it rather than replacing people with it. Quote of the Show: * “Using AI in every way, shape, or form creates a tremendous amount of risk across the organization.” - Zlakto Unger Links: * LinkedIn: https://www.linkedin.com/in/zlatkounger/ * Website: https://www.wiz.io [https://www.wiz.io/] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

How is AI changing both the threat landscape and the way security teams operate? Today’s guest is a seasoned cybersecurity leader navigating these changes at scale. Introducing David Cross, CISO at Atlassian. David joins Ernie Anderson and Graeme Payne to share how AI is reshaping cybersecurity, from attacker capabilities to internal defense strategies. He discusses how AI is lowering the barrier for attackers, why security teams must adapt to an increasingly fast-moving environment, and how organizations should think about managing risk as new technologies emerge. David also touches on the importance of understanding evolving threats, maintaining strong fundamentals, and ensuring teams are prepared to respond to continuous change.  Takeaways: * AI is lowering the barrier for attackers: David explains that AI makes it easier for more individuals to carry out attacks, increasing both the volume and accessibility of threats. * The pace of change is accelerating risk: He highlights that the speed at which AI is evolving is creating challenges for security teams trying to keep up. * Security teams must continuously adapt: David emphasizes that organizations cannot rely on static defenses and must evolve alongside the threat landscape. * Understanding threats is critical to defense:He discusses the importance of knowing how attackers operate in order to build effective security strategies. * Fundamentals still matter: Despite new technologies, core security practices remain essential in protecting organizations. * AI impacts both offense and defense: He notes that AI is not just a risk, but also a tool that can be used to strengthen security operations. Quote of the Show: * “The pace of change is only increasing.” - David Cross Links: * LinkedIn: https://www.linkedin.com/in/david-b-cross-b856657/ * Website: https://atlassian.com/ [https://atlassian.com/] * Personal Website: davidcrosstravels.com [http://davidcrosstravels.com] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]

Faster Innovation, Greater Risk - Jason Loomis - Cyber Smokehouse - Episode #13

How do you secure an environment when the technology is evolving faster than teams can keep up? Today’s guest is a cybersecurity leader operating at the intersection of AI, product security, and enterprise scale. Introducing Jason Loomis, CISO at Freshworks. Jason joins Ernie Anderson and Graeme Payne to share why the speed of AI innovation is becoming one of the biggest challenges in cybersecurity today. He dives into how AI is accelerating both development and risk, the growing difficulty of maintaining guardrails in AI-generated code, and why organizations are still struggling to implement governance at scale. Jason also shares a candid perspective on how AI may impact the future of cybersecurity talent, particularly at the entry level, and why continuous learning is becoming non-negotiable for security professionals.  Takeaways: * The biggest challenge is simply keeping up. Jason states directly that the pace of change, especially driven by AI, is the hardest problem organizations face today. * AI is accelerating both productivity and risk. From a development perspective, AI is increasing output and speed, but from a security perspective, it introduces new challenges around control and governance. * Guardrails for AI-generated code are not mature yet. He highlights that while AI can write code, implementing consistent security controls and governance across tools is still difficult and not easily standardized. * Entry-level cybersecurity roles are at risk. Jason explains that AI is already replacing lower-level roles like SOC analysts and GRC positions, which may impact long-term talent development. * AI could reduce the future talent pipeline. He raises concern that removing entry-level learning opportunities may lead to fewer experienced professionals advancing into senior roles over time. * Software supply chain risk is a growing concern. Beyond AI itself, Jason points to supply chain security as a major emerging challenge that organizations must address. * AI literacy is becoming mandatory. He makes it clear that security professionals who are not actively learning and using AI risk becoming obsolete in the near future.  Quote of the Show: * “Keeping up… it’s just fast, and AI is exponentially making it faster.” - Jason Loomis Links: * LinkedIn: https://www.linkedin.com/in/jasonloomis1/recent-activity/images/ * Website: https://www.freshworks.com/?tactic_id=6909181&utm_source=social&utm_medium=linkedin&utm_campaign=aboutpage&utm_ter [https://www.freshworks.com/?tactic_id=6909181&utm_source=social&utm_medium=linkedin&utm_campaign=aboutpage&utm_term=organic] Ways to Tune In: * Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 [https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0]  * Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 [https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297]  * Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 [https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47]  * iHeart Radio: https://iheart.com/podcast/319629841/ [https://iheart.com/podcast/319629841/]  * Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 [https://www.podchaser.com/podcasts/cyber-smokehouse-6356550]