Forged For Growth

AI Offensive Security and Making Cybersecurity Less Scary with Mark Whitehead

27 min · 10. juli 2026
episode AI Offensive Security and Making Cybersecurity Less Scary with Mark Whitehead cover

Description

Episode Summary How NDAY Security is using AI to transform offensive security, automate testing, and make cybersecurity more accessible to businesses outside the industry echo chamber. Brian talks with Mark Whitehead about his path from video game cybersecurity to government contracting, Big Four consulting, offensive security leadership, and eventually founding NDAY Security. Mark explains how AI has changed what is possible for small teams, why offensive security is moving toward faster and more scalable testing, and how startups can now build powerful products without the same headcount or capital requirements as before. They also discuss why cybersecurity companies need to simplify their messaging, how MSPs and MSSPs can deliver enterprise-grade results through partners, and why relationships still matter in a crowded technical market. Key Takeaways AI is changing offensive security by making testing faster, more scalable, and more efficient than traditional manual-only approaches. Many cybersecurity incidents are opportunistic, with bots scanning thousands of websites and systems for known weaknesses. Small teams can now build and operate with far more leverage because AI can automate back-office work, coding support, marketing workflows, and testing processes. Experience still matters when using AI well because subject matter expertise helps users guide the tools, spot issues, and push past weak answers. Cybersecurity messaging often stays trapped inside an industry echo chamber, even though hospitals, dental offices, small businesses, and other mainstream organizations need the protection. NDAY Security is built around partners and resellers, aiming to help MSPs and MSSPs deliver enterprise-grade offensive security at a more accessible price point. In a crowded market, buyers may not understand the technical differences between vendors, so trust, relationships, and clear communication become major differentiators. Timeline Early 00:00:00 Mark’s background in Miami, cybersecurity, and getting started in video game security 00:01:00 Moving through government contracting, Big Four consulting, offensive security, and venture-backed companies 00:02:00 Founding NDAY Security and focusing on AI-driven offensive security 00:03:00 Why many attacks are opportunistic and driven by bots scanning for known vulnerabilities 00:04:00 How AI agents are changing what is possible in offensive security Middle 00:05:00 Using AI effectively, avoiding hallucinations, and automating startup operations 00:06:00 Why experienced entrepreneurs can use AI to reduce back-office workload 00:07:00 How technical experience helps users get better results from AI tools 00:08:00 Why technology is no longer the biggest barrier for many startups 00:10:00 Using AI to improve marketing lists, campaigns, and cost efficiency 00:11:00 Lowering cost per click and using AI to compete against larger organizations 00:13:00 Replacing bloated platforms with tailored AI-enabled workflows Late 00:15:00 Making cybersecurity less scary and more relatable for mainstream businesses 00:16:00 Why the cybersecurity industry often markets to itself instead of real buyers 00:18:00 Helping businesses understand their risk before something goes wrong 00:19:00 Building NDAY Security for partners, resellers, MSPs, and MSSPs 00:21:00 Why relationship, trust, and founder access still matter in technical sales 00:23:00 Choosing not to follow the traditional VC path and scaling with a lean team 00:24:00 What Mark is excited about as AI reshapes offensive security 00:26:00 Where listeners can connect with Mark and learn more about NDAY Security Links and Resources LinkedIn: https://www.linkedin.com/in/mark-whitehead-9997171/Company: https://ndaysecurity.com/

Comments

0

Be the first to comment

Sign up now and become a member of the Forged For Growth community!

Get Started

1 month for 9 kr.

Then 99 kr. / month · Cancel anytime.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

All episodes

50 episodes

episode AI Offensive Security and Making Cybersecurity Less Scary with Mark Whitehead artwork

AI Offensive Security and Making Cybersecurity Less Scary with Mark Whitehead

Episode Summary How NDAY Security is using AI to transform offensive security, automate testing, and make cybersecurity more accessible to businesses outside the industry echo chamber. Brian talks with Mark Whitehead about his path from video game cybersecurity to government contracting, Big Four consulting, offensive security leadership, and eventually founding NDAY Security. Mark explains how AI has changed what is possible for small teams, why offensive security is moving toward faster and more scalable testing, and how startups can now build powerful products without the same headcount or capital requirements as before. They also discuss why cybersecurity companies need to simplify their messaging, how MSPs and MSSPs can deliver enterprise-grade results through partners, and why relationships still matter in a crowded technical market. Key Takeaways AI is changing offensive security by making testing faster, more scalable, and more efficient than traditional manual-only approaches. Many cybersecurity incidents are opportunistic, with bots scanning thousands of websites and systems for known weaknesses. Small teams can now build and operate with far more leverage because AI can automate back-office work, coding support, marketing workflows, and testing processes. Experience still matters when using AI well because subject matter expertise helps users guide the tools, spot issues, and push past weak answers. Cybersecurity messaging often stays trapped inside an industry echo chamber, even though hospitals, dental offices, small businesses, and other mainstream organizations need the protection. NDAY Security is built around partners and resellers, aiming to help MSPs and MSSPs deliver enterprise-grade offensive security at a more accessible price point. In a crowded market, buyers may not understand the technical differences between vendors, so trust, relationships, and clear communication become major differentiators. Timeline Early 00:00:00 Mark’s background in Miami, cybersecurity, and getting started in video game security 00:01:00 Moving through government contracting, Big Four consulting, offensive security, and venture-backed companies 00:02:00 Founding NDAY Security and focusing on AI-driven offensive security 00:03:00 Why many attacks are opportunistic and driven by bots scanning for known vulnerabilities 00:04:00 How AI agents are changing what is possible in offensive security Middle 00:05:00 Using AI effectively, avoiding hallucinations, and automating startup operations 00:06:00 Why experienced entrepreneurs can use AI to reduce back-office workload 00:07:00 How technical experience helps users get better results from AI tools 00:08:00 Why technology is no longer the biggest barrier for many startups 00:10:00 Using AI to improve marketing lists, campaigns, and cost efficiency 00:11:00 Lowering cost per click and using AI to compete against larger organizations 00:13:00 Replacing bloated platforms with tailored AI-enabled workflows Late 00:15:00 Making cybersecurity less scary and more relatable for mainstream businesses 00:16:00 Why the cybersecurity industry often markets to itself instead of real buyers 00:18:00 Helping businesses understand their risk before something goes wrong 00:19:00 Building NDAY Security for partners, resellers, MSPs, and MSSPs 00:21:00 Why relationship, trust, and founder access still matter in technical sales 00:23:00 Choosing not to follow the traditional VC path and scaling with a lean team 00:24:00 What Mark is excited about as AI reshapes offensive security 00:26:00 Where listeners can connect with Mark and learn more about NDAY Security Links and Resources LinkedIn: https://www.linkedin.com/in/mark-whitehead-9997171/Company: https://ndaysecurity.com/

10. juli 202627 min
episode Handling Sales Disruptors and Winning Better Deals with Paul Chapman artwork

Handling Sales Disruptors and Winning Better Deals with Paul Chapman

Episode Summary How technical sales teams can handle difficult personalities, protect their time, and improve win rates. Brian talks with Paul Chapman about his background in IT, pre-sales leadership, and building 4Disruptors around the four personalities that derail sales conversations: the techie, the distractor, the saboteur, and the inquisitor. Paul explains the role of pre-sales as the translator between technical teams and buyers, why selling at all costs damages long-term relationships, and how better qualification helps teams avoid bad-fit deals. They also discuss how to regain control of a room, when to walk away from an opportunity, why practice matters, and how preparation helps sales teams respond when a meeting does not go according to plan. Key Takeaways Pre-sales professionals help translate complex technical capabilities into buyer-focused business value. Selling at all costs can hurt both the customer and the company, especially when the solution is not a true fit. The four disruptors Paul focuses on are the techie, the distractor, the saboteur, and the inquisitor. Difficult personalities in sales meetings are often barriers to communication, not proof that the product is wrong. Strong qualification helps teams avoid wasting time on opportunities that are unlikely to close or unlikely to become healthy customers. Sales teams need to be prepared to reset the room, redirect the conversation, and sometimes walk away. Practice, role play, and shared expectations between account executives and solution consultants create stronger sales execution. Timeline Early 00:00:00 Paul’s background in IT, helping people use technology, and moving into pre-sales 00:01:00 The Chapman family connection to selling and Paul’s path into technical sales 00:02:00 What pre-sales means and how solution consultants support the sales process 00:03:00 Translating technical complexity for buyers and validating true product fit 00:05:00 Why forcing a sale damages trust and long-term customer relationships Middle 00:06:00 Launching 4Disruptors and identifying patterns in lost and won sales 00:07:00 The four disruptors: techie, distractor, saboteur, and inquisitor 00:09:00 Why sales teams need tools for handling difficult meeting dynamics 00:10:00 Managing the techie and avoiding “stump the chump” derailments 00:13:00 Knowing when an opportunity is not worth chasing 00:14:00 Avoiding overpromising and resisting bad-fit customer requests 00:17:00 Handling the distractor, whether intentional or unintentional Late 00:21:00 Recognizing the saboteur and knowing when an RFP may already be wired 00:23:00 Reading the room, identifying the real buyer, and engaging the right stakeholders 00:25:00 Managing the inquisitor and using silence to reset the conversation 00:28:00 Avoiding unnecessary enemies while still regaining control of the meeting 00:30:00 Why the right fit matters more than price, even when competing against free 00:32:00 Training teams through experience, mistakes, and better deal qualification 00:35:00 Why sales teams need deliberate practice before high-stakes customer meetings 00:36:00 Where listeners can connect with Paul and learn more about 4Disruptors Links and Resources LinkedIn: https://www.linkedin.com/in/paulechapman/ Company: https://4disruptors.com/

10. juli 202639 min
episode Ethical Hacking, Penetration Testing, and Building Trust with Matthew Miles artwork

Ethical Hacking, Penetration Testing, and Building Trust with Matthew Miles

Episode Summary How Cybermat Technologies helps companies find security gaps before attackers do. Brian talks with Matthew Miles about his path from radiology and IT into ethical hacking, why he started his own cybersecurity business after a major life change, and what penetration testing actually involves. Matt explains the difference between automated vulnerability scans and hands-on penetration testing, where AI fits into security testing, and why human judgment still matters. They also discuss real-world security mistakes, balancing usability with protection, using YouTube and conferences for growth, and why trust is everything when someone is asking for access to your network. Key Takeaways Ethical hacking is legal, permission-based security testing that helps organizations find and fix weaknesses before attackers exploit them. Penetration testing goes beyond automated vulnerability scans by manually validating and exploiting vulnerabilities to show real business risk. AI can support cybersecurity testing, but it still needs human oversight to confirm findings, avoid false positives, and think creatively. Many security issues come from forgotten systems, outdated devices, weak passwords, exposed cameras, unsecured VPNs, and convenience-driven decisions. Security and usability are often in tension, and leaders have to decide how much friction they are willing to accept to reduce risk. For cybersecurity providers, trust is critical because clients need to know exactly who they are letting into their systems. Partnerships, referrals, in-person networking, conferences, and educational content can be more effective growth channels than paid ads in a trust-heavy B2B field. Timeline Early 00:00:00 Matt’s background in radiology, PACS administration, IT, and ethical hacking 00:01:00 Losing his father, rethinking work-life priorities, and starting Cybermat Technologies 00:02:00 Who Cybermat Technologies serves and why companies need security testing 00:03:00 Vulnerability scans versus full penetration testing Middle 00:04:00 How AI is being used to support security testing, and where it still falls short 00:05:00 Website design, WordPress, and other services Matt provides 00:07:00 Why some companies underestimate security risks or prioritize convenience 00:08:00 A real example of exposed cameras leading to sensitive personal information 00:09:00 Common security gaps like weak passwords, forgotten assets, exposed VPNs, and default credentials Late 00:10:00 Balancing security controls with real-world usability 00:12:00 Contracts, confidentiality, and the trust required in cybersecurity work 00:13:00 Growing through LinkedIn, hacker conferences, BSides Nashville, and YouTube 00:14:00 Using conferences, speaking, and authority-building to create business opportunities 00:17:00 Building partner relationships with IT firms and third-party testing opportunities 00:19:00 Why B2B growth still depends on people, trust, and face-to-face relationships 00:21:00 Where listeners can connect with Matt Links and Resources LinkedIn: https://www.linkedin.com/in/matthew-miles-563824246/Company: https://cybermatt.tech

3. juli 202621 min
episode Building local legends through dental marketing with Lex Orzalli artwork

Building local legends through dental marketing with Lex Orzalli

Episode Summary How Vision Dental Partners uses brand, community, and content to help dentists stand out in competitive local markets. Brian talks with Lex Orzalli about her path from running a dental office to leading marketing for a fast-growing, multi-location dental group. Lex explains why dental marketing is about more than acquiring new patients, how retention and reactivation campaigns should speak the same language as new patient marketing, and why every practice needs a localized strategy. They also discuss making doctors and teams comfortable on camera, creating authentic social content, using community cues in marketing, and building a culture where location teams feel safe bringing ideas forward. Key Takeaways Dental marketing works best when it reflects the real patient experience and communicates why a practice feels different, not just what services it offers. For Vision Dental Partners, the goal is to make each dentist and team a “local legend” within their community by marketing who they are, not only what they do. Authentic video content often performs better than over-polished content because patients want to feel like the person on camera is speaking directly to them. Multi-location marketing requires local nuance; what resonates with older patients in coastal Florida may not work for families in rural Indiana. Retention marketing can be more personal, educational, and relationship-driven because existing patients already know and trust the practice. The best marketing ideas often come from the people closest to the patients, so Lex encourages teams to share ideas and then helps execute them at a higher level. Timeline Early 00:00:00 Lex’s path from food service into dental office operations and marketing 00:01:00 Learning dental marketing through practice experience and mentorship 00:02:00 Why patient experience, retention, and new patient acquisition need aligned messaging 00:03:00 Vision Dental Partners’ growth, locations, and brand-first approach Middle 00:05:00 Why dentists need to market personality, culture, and patient care 00:06:00 Helping doctors and teams get comfortable creating video content 00:08:00 Why authentic, conversational content can outperform over-polished social media 00:10:00 Tailoring marketing to local communities across Indiana, South Carolina, and Florida Late 00:12:00 Using recognizable community footage and local events in practice marketing 00:15:00 Managing marketing across 12 locations through overlap, recycling, and constant refreshes 00:17:00 Encouraging practice teams to bring ideas and building campaigns around them 00:21:00 How retention campaigns differ from new patient marketing 00:23:00 Building the marketing department and expanding the “local legend” vision 00:24:00 Where listeners can connect with Lex Links and Resources LinkedIn: https://www.linkedin.com/in/lex-orzalli-a7a32b210/ Company: https://www.visiondentalpartners.com/

1. juli 202624 min
episode Fix CRM Adoption and Tech Stack Chaos with Samuel Moore artwork

Fix CRM Adoption and Tech Stack Chaos with Samuel Moore

Episode Summary Samuel Moore breaks down why CRM and process clarity matter long before a company feels “big enough” to need them. He shares his path into tech through an apprenticeship-style boot camp, early automation work, and building internal IT structure, then explains how The Marks Group helps businesses translate goals into a coherent CRM-first tech stack, including ERP-style consolidation when needed. Brian and Sam dig into what actually drives CRM ROI, why user adoption makes or breaks implementations, and how stakeholder workshops surface the real workflows that software has to support. They also discuss hypercare after go-live, the realities of retainer delivery, and how to spot client fit before a project turns into churn. Key Takeaways Getting a CRM in place early helps standardize work, create visibility, and prevent the future pain of retrofitting systems after scaling. A CRM saves time when it drives consistent follow-up and reporting, because automation and out-of-the-box dashboards depend on clean usage. Bad adoption often comes from friction and unclear expectations, and a simple rule like keeping common actions within three clicks improves real usage. Implementation requires mapping real workflows, because many teams have data but lack documented front-to-back processes that software can reflect. Stakeholder workshops reduce resistance and improve outcomes, because the people doing the work often understand operational reality better than leadership. Post-launch hypercare prevents failures, because what looks good on paper can break under day-to-day use and needs guided adjustment. Retainer work demands visibility into effort and revisions, because some accounts consume far more time even when scope looks identical. Timeline Early 00:00:00 Brian introduces Sam Moore and The Marks Group 00:01:00 Sam’s early career lesson about staying open-minded 00:01:30 Boot camp background and the pivot into tech and automation 00:02:30 Building internal IT structure through trial by fire Middle 00:03:30 What The Marks Group does and who they serve, including the “messy middle” 00:04:30 Why CRM is the starting point for most systems and consolidation work 00:05:10 When CRM becomes useful and why earlier is better 00:06:00 How CRM saves time through standardization, notifications, and reporting 00:07:00 Common starting states, from spreadsheets to legacy tools like GoldMine 00:08:00 How sales-to-service processes can extend into contracts and invoicing Late 00:10:00 Adoption challenges, training handoff, and avoiding retrofits that break reporting 00:11:30 Discovery and stakeholder workshops to capture real workflows 00:13:30 Selling outcomes, aligning executives and day-to-day users, and navigating tradeoffs 00:16:00 Hypercare and why implementations fail without a support runway 00:18:00 The reality of recurring service, client fit, and revision-driven burn 00:22:30 How to contact Sam and where to find Marks Group events Links and Resources LinkedIn: https://www.linkedin.com/in/-samuel-moore/ Company: https://marksgroup.net

28. maj 202622 min