Cyber Smokehouse

TBDCyber
  • 0.0 (0)
  • BUSINESS

This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.

  1. Foundations Still Define Cybersecurity Success - Merlin Namuth - Cyber Smokehouse - Episode #12

    1 DAY AGO

    Foundations Still Define Cybersecurity Success - Merlin Namuth - Cyber Smokehouse - Episode #12

    Why do organizations still struggle with cybersecurity despite more tools and innovation than ever before? Today’s guest is a seasoned cybersecurity executive with deep experience across enterprise and public sector environments. Introducing Merlin Namuth, CISO for the City and County of Denver. Merlin joins hosts Ernie Anderson and Graeme Payne to share why foundational security practices continue to be the biggest challenge for organizations today. He dives into why core disciplines like asset management and vulnerability management are often overlooked despite being critical, how AI is both a force multiplier and a growing threat, and why leadership, communication, and continuous learning are essential in cybersecurity. Merlin also shares practical insights on building high-performing teams, developing talent, and staying relevant in an industry that is constantly evolving.  Takeaways: Foundational security practices remain the biggest gap. Merlin emphasizes that organizations still struggle with core areas like hardware asset management, software tracking, and vulnerability management, despite their importance to reducing risk. “Basic” security is not actually easy. He reframes “basic” controls as “foundational” because they are difficult to implement consistently at any scale, regardless of organization size. AI is both a force multiplier and a threat. AI improves detection and response capabilities, but adversaries are also using it to rapidly develop exploits, increasing the pace of threats. Cybersecurity requires constant learning. The field changes rapidly, and professionals must continuously invest time in learning new technologies, compliance changes, and evolving threats. Leadership requires trust, feedback, and self-reflection. Merlin highlights the importance of having a trusted inner circle that can provide honest feedback and help leaders improve over time. Attracting talent requires a strong team culture. In public sector environments where compensation may be lower, promoting the quality of the team and mission helps attract strong candidates. Security programs must align across the business. He discusses working closely with functions like legal and communicating risk in ways that resonate with broader organizational goals. Quote of the Show: “I still see organizations just struggle with what I call the foundational elements of security.” - Merlin Namuth Links: LinkedIn: https://www.linkedin.com/in/merlin-namuth/Website: SeeYourselfHere.org Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    48 min
  2. Cybersecurity Is a Business Conversation - Chris Correia - Cyber Smokehouse - Episode #11

    14 APR

    Cybersecurity Is a Business Conversation - Chris Correia - Cyber Smokehouse - Episode #11

    How do you translate cybersecurity from a technical function into a true business priority? Today’s guest is a seasoned cybersecurity leader with deep enterprise experience. Introducing Chris Correia, CEO of CGS CyberDefense. Chris joins hosts Ernie Anderson and Graeme Payne to share how cybersecurity leaders must evolve from technologists into business storytellers who can align security with organizational priorities. He dives into why security conversations need to shift from tools to outcomes, how risk quantification enables better executive decision-making, and why organizational resiliency goes far beyond traditional cyber playbooks. Chris also shares leadership lessons from building teams, investing in the next generation, and creating long-term client relationships rooted in trust and value. Takeaways • Cybersecurity must be communicated in business terms. Chris emphasizes that security leaders need to translate technical concepts into business language to effectively engage executives and boards. • Risk quantification enables better decisions. He explains that framing security investments in terms of financial impact helps shift conversations from emotion to fact-based decision-making. • “Rules before tools” should guide security strategy. Organizations often overinvest in technology without building the right programs. Chris highlights the importance of designing the strategy first, then aligning tools to support it. • Organizational resiliency must extend beyond IT. Resiliency is not just a cybersecurity function. It requires coordination across the entire business, including roles like HR and operations, to ensure preparedness in real scenarios. • Testing and readiness must be continuous. Many organizations test disaster recovery or response plans too infrequently. Chris stresses the need for ongoing, practical testing to build real readiness. • AI must be used, but carefully validated. He notes that while AI is becoming essential, organizations must fact-check outputs and implement guardrails to avoid risk and misuse. • Relationships are central to consulting success. Chris highlights that long-term value comes from relationships, not transactions, and that trust is foundational in the consulting world.  Quote of the Show: “You have to be able to tell the right story to the right audience.” - Chris Correia Links: LinkedIn: https://www.linkedin.com/in/christopher-correia-/?skipRedirect=trueWebsite: https://cgscyberdefense.com/ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    57 min
  3. Securing What You Can’t See - Clete Taylor - Cyber Smokehouse - Episode #10

    7 APR

    Securing What You Can’t See - Clete Taylor - Cyber Smokehouse - Episode #10

    How do you secure environments that are constantly changing, distributed, and increasingly difficult to see? Today’s guest is a forward-thinking cybersecurity leader focused on tackling modern visibility and infrastructure challenges. Introducing Clete Taylor, Senior Security Architect at Frost. Clete joins hosts Ernie Anderson and Graeme Payne to explore how evolving environments are reshaping the way organizations approach security. He shares how the shift to cloud and hybrid infrastructure has created blind spots that traditional tools struggle to address. The conversation dives into why visibility is foundational to security, how attackers exploit gaps in awareness, and what organizations must do to adapt. Clete also highlights the importance of proactive strategy, continuous monitoring, and aligning security practices with how modern systems actually operate.   Takeaways: • You cannot secure what you cannot see. Modern environments are dynamic and distributed, making visibility the foundation of any effective security strategy. Without clear insight into systems and access, risk increases significantly. • Traditional security models are falling behind. Perimeter-based approaches were built for static environments. Today’s cloud and hybrid infrastructures require adaptive, continuously evolving security strategies. • Complexity creates opportunity for attackers. As systems grow more complex, gaps naturally emerge. Attackers are increasingly targeting these blind spots where monitoring and control are weakest. • Continuous monitoring is no longer optional. Security must operate in real time. Point-in-time assessments are not enough to detect or respond to threats in fast-moving environments. • Alignment between infrastructure and security is critical. Security strategies must reflect how systems are actually built and used. Misalignment creates inefficiencies and increases vulnerability. • Proactive thinking outperforms reactive defense. Organizations that anticipate risks and design for them early are far better positioned than those constantly reacting to incidents. Quote of the Show: “If you don’t have visibility, you’re making decisions in the dark.” - Clete Taylor Links: LinkedIn: https://www.linkedin.com/in/cletetaylor13/Website: cletustaylor.comBook Link: https://www.amazon.com/dp/B0GG5VL3MQ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    54 min
  4. Securing Identity in a Cloud-First World - Joe Mendygral - Cyber Smokehouse - Episode #9

    31 MAR

    Securing Identity in a Cloud-First World - Joe Mendygral - Cyber Smokehouse - Episode #9

    How do organizations stay secure when identity, access, and infrastructure are more distributed than ever before? Today’s guest is a seasoned cybersecurity leader focused on modern identity and cloud security challenges. Introducing Joe Mendygral, Senior Director at TBD Cyber. Joe joins hosts Ernie Anderson and Graeme Payne to explore how identity has become the core battleground in cybersecurity. He also delves into how cloud environments, AI, and evolving attack methods are forcing organizations to rethink how they detect and respond to threats. Joe shares practical insights on visibility, detection, and why traditional security approaches are struggling to keep up with modern environments. The conversation highlights the growing importance of understanding user behavior, securing identities, and building adaptive security strategies that evolve alongside threats. Takeaways: • Identity is now the primary attack surface. As organizations move to cloud-first environments, attackers are increasingly targeting identities instead of infrastructure. Securing who has access is now more important than securing where access happens. • Visibility gaps create the biggest risks. Many organizations lack a clear understanding of who has access to what across systems. Without visibility, it becomes nearly impossible to detect or respond to threats effectively. • Detection must evolve beyond traditional methods. Signature-based and perimeter-focused security models are no longer sufficient. Modern environments require behavior-based detection that can identify anomalies in real time. • Cloud complexity increases security challenges. As infrastructure becomes more distributed, security becomes harder to manage. Organizations must adapt their strategies to account for dynamic environments and decentralized access. • AI is changing both offense and defense. AI is enabling faster detection and response, but it is also being used by attackers to scale and automate threats. Security teams must evolve just as quickly to stay ahead. • Security requires continuous adaptation. There is no static solution to cybersecurity. Organizations must continuously refine their strategies, tools, and processes to keep up with an ever-changing threat landscape. Quote of the Show: “If you don’t understand identity and behavior, you don’t understand your risk.” - Joe Mendygral Links: LinkedIn: https://www.linkedin.com/in/joe-mendygral-0846a82/Website: https://www.tbdcyber.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    53 min
  5. AI, Identity, and the Future of Security- Steve Bay - Cyber Smokehouse - Episode #008

    24 MAR

    AI, Identity, and the Future of Security- Steve Bay - Cyber Smokehouse - Episode #008

    How do cybersecurity leaders manage risk, talent, and rapid innovation as AI transforms both threats and defenses? Today’s guest is a seasoned cyber intelligence leader and strategic risk advisor. Introducing Steve Bay, Vice President of Cybersecurity and Chief Information Security Officer at Coretelligent. Steve joins hosts Ernie Anderson and Graeme Payne to share how AI is reshaping the cybersecurity landscape and what leaders must do to stay ahead. He also delves into talent challenges, evolving threat dynamics, and the importance of balancing innovation with governance in a rapidly changing environment. Steve shares insights from his journey into cybersecurity, his experience in intelligence and enterprise security, and his perspective on how organizations can navigate uncertainty while building resilient security programs.   Takeaways: AI is the biggest disruptor in cybersecurity today:AI is transforming how both defenders and attackers operate. Organizations must understand how employees are using AI tools and how threat actors are leveraging them to exploit vulnerabilities. Governance of AI is critical but complex:Banning AI is not realistic and can create more risk than it solves. Leaders must focus on thoughtful governance that enables innovation while protecting data and systems. The cybersecurity talent market is evolving rapidly:There is a disconnect between hiring expectations and market reality. Companies want experienced talent at entry-level cost, while skilled professionals still struggle to find the right roles. AI may reshape entry-level career paths:As AI automates more foundational work, organizations must rethink how they develop junior talent and build future cybersecurity leaders. Cost pressure is forcing smarter security strategies:Organizations must balance delivering high-quality security with tight budgets. This requires prioritization, efficiency, and a clear understanding of business risk. Curiosity and adaptability are essential for leaders:Steve highlights that the pace of change requires continuous learning. Leveraging tools like AI for daily awareness can help leaders stay informed without being overwhelmed Quote of the Show: “We need to figure out how to harness AI and maximize it for the good of society, not try to ban it.” - Steve Bay Links: LinkedIn: https://www.linkedin.com/in/steven-bay-8005865/Website: https://www.core.tech Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    54 min
  6. Translating Cyber Risk for Business Leaders - Jimmy Lummis - Cyber Smokehouse - Episode #007

    17 MAR

    Translating Cyber Risk for Business Leaders - Jimmy Lummis - Cyber Smokehouse - Episode #007

    How can cybersecurity leaders translate technical threats into real business decisions without losing executive alignment or strategic clarity? Today’s guest is a thoughtful cybersecurity strategist and business-focused security leader.  Introducing Jimmy Lummis, Director and Business Information Security Officer at IHG Hotels & Resorts. Jimmy joins hosts Ernie Anderson and Graeme Payne to discuss how modern security leaders must bridge the gap between technical teams and executive leadership. He also explores the realities of cyber risk quantification, the role of AI in modern threat landscapes, and why translating cybersecurity into business language is essential for effective decision making. Takeaways Cybersecurity is ultimately about managing risk, not eliminating it. Jimmy explains that no organization can achieve perfect security. The real responsibility of leaders is determining what level of risk the business is willing to accept and aligning security investments accordingly. Cyber risk must be translated into business language. Technical discussions about vulnerabilities and controls do not resonate with executives. Effective security leaders frame cyber threats in terms of financial impact, operational disruption, and strategic risk. AI introduces both opportunity and new threat vectors. Organizations are racing to adopt AI, but threat actors are also leveraging these tools. Security leaders must balance innovation with responsible oversight and risk awareness. Traditional cybersecurity problems still matter. While emerging technologies grab headlines, many breaches still occur due to longstanding issues like identity management, patching, and basic security hygiene. Security leaders must act as translators between worlds. Jimmy emphasizes the importance of bridging the gap between engineers and executives. Leaders who can interpret technical realities in business terms help organizations make better strategic decisions. Cyber risk quantification helps prioritize security investments. Quantifying risk allows organizations to make informed tradeoffs about where to allocate resources and which threats pose the greatest potential impact. Quote of the Show: “Cybersecurity is not about eliminating risk. It’s about deciding what level of risk the business is willing to accept” - Jimmy Lummis Links: LinkedIn: https://www.linkedin.com/in/jimmylummis/Website: http://www.ihgplc.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    54 min
  7. Security Strategy Beyond Traditional Perimeters - David Nolan - Cyber Smokehouse - Episode #6

    10 MAR

    Security Strategy Beyond Traditional Perimeters - David Nolan - Cyber Smokehouse - Episode #6

    In this episode of Cyber Smokehouse, hosts Ernie and Graeme sit down with David Nolan, Principal Advisor at Apex Advisors, to explore how organizations must rethink cybersecurity as digital environments grow more complex and interconnected. David shares why the traditional concept of a network perimeter is rapidly disappearing as organizations adopt cloud platforms, distributed workforces, and connected technologies. As a result, security leaders must move beyond reactive defense and focus on building resilience, visibility, and strategic alignment across the entire digital ecosystem. The conversation explores how cybersecurity must evolve from a purely technical discipline into a business leadership priority, how organizations can anticipate emerging threats, and why security culture plays a critical role in protecting modern systems. Takeaways: Cybersecurity Must Be a Business Priority: Security is no longer confined to the IT department. Organizations that integrate cybersecurity into strategic decision making are better positioned to manage risk and protect critical operations.The Network Perimeter Has Disappeared: With cloud infrastructure, remote work, and third-party integrations becoming the norm, organizations must move beyond perimeter-based security models and focus on identity, access control, and system visibility.Visibility Is the Foundation of Protection: Leaders cannot defend systems they cannot see. Strong monitoring, telemetry, and system awareness allow organizations to detect vulnerabilities and respond faster to emerging threats.Security Culture Starts at the Top: Effective cybersecurity depends on leadership setting expectations around accountability, awareness, and responsible behavior across the organization.Proactive Security Prevents Major Failures: Organizations that prioritize threat modeling, risk assessments, and preventative controls reduce the likelihood and impact of security incidents.Collaboration Strengthens Defense: Cybersecurity today requires coordination between leadership, technology teams, operational stakeholders, and external partners to protect complex digital ecosystems. Quote of the Show: “Security cannot be an afterthought. It has to be built into the way organizations design systems, processes, and culture from the beginning.” - David Nolan Links: LinkedIn: https://www.linkedin.com/in/david-c-nolan/ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    38 min
  8. Resilient Healthcare in a Cyber Age - Hugo Lai - Cyber Smokehouse - Episode # 005

    3 MAR

    Resilient Healthcare in a Cyber Age - Hugo Lai - Cyber Smokehouse - Episode # 005

    Healthcare cybersecurity is no longer just about compliance, it’s about resilience. In this episode of Cyber Smokehouse, hosts Ernie and Graeme sit down with Hugo Lai, Chief Information Security Officer at Temple Health, to explore how healthcare organizations can protect patient care in an era of AI adoption, ransomware threats, and relentless budget pressure. Hugo shares practical insights from leading enterprise security programs inside one of the most operationally complex industries. From managing medical device risk to embedding daily threat intelligence briefings into team culture, this conversation dives deep into what modern cyber leadership looks like when lives are on the line. Key Takeaways Resilience Over Compliance: HIPAA may focus on privacy, but today’s healthcare security must prioritize operational continuity and patient care even during disruption.Budget Discipline Builds Trust: Security leaders who spend intentionally and align with organizational priorities are more likely to secure sustained executive support.AI Requires Guardrails, Not Roadblocks: Instead of blocking AI adoption, security teams must create safe, approved environments that enable responsible use.Operational Preparedness Is Critical: Tabletop exercises, manual fallback training, and daily threat briefings ensure teams are ready when systems fail.Medical Device Security Is Risk Management: Visibility, segmentation, configuration control, and cross-functional collaboration are essential to managing IoT and clinical device risk.Leadership Is Personalization: Understanding individual team members’ motivations and empowering them appropriately drives performance and retention.Learning Never Stops: In a rapidly evolving threat landscape, cybersecurity leaders must invest in continuous learning for themselves and their teams. Quote of the Show: “We cannot completely eliminate all the risks out there, but it’s important that you have a strategy and you’re making sound decisions when managing risks.” Links: LinkedIn: https://www.linkedin.com/in/hugolai/Website: https://www.templehealth.org Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    32 min
See All (13)

Trailer

About

This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.

Information

  • Creator
    TBDCyber
  • Years Active
    2k
  • Episodes
    13
  • Rating
    Clean
  • Copyright
    © TBDCyber
  • Show Website
    Cyber Smokehouse