Cyber Smokehouse

TBDCyber
  • 0.0 (0)
  • BUSINESS

This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.

  1. Security Fundamentals in an AI-Driven World - Zlatko Unger - Cyber Smokehouse - Episode #15

    3D AGO

    Security Fundamentals in an AI-Driven World - Zlatko Unger - Cyber Smokehouse - Episode #15

    Tired of the buzzword bingo flooding the cybersecurity industry? So is Zlatko Unger. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Zlatko Unger, CISO Expert at Wiz, for a no-nonsense conversation that cuts straight through the AI noise and gets back to what actually matters in security. With over 18 years of experience spanning security, risk, privacy, and compliance, Zlatko brings the kind of hard-earned perspective that only comes from building and scaling security programs in the real world. From the growing complexity of identity and access management to the supply chain gaps that keep him up at night, Zlatko lays it all out plainly. You will walk away with a clearer picture of where AI is genuinely useful in security programs, where technical debt is quietly piling up while everyone chases the next shiny thing, and what it takes to lead remote security teams and communicate risk to a board that may not want to hear it. This one is packed with substance, humor, and the kind of candid insight you rarely get on a stage at RSA.  Takeaways: AI hype is creating real operational risk. Organizations are rushing to adopt AI tools without the due diligence needed to understand what they are allowing or what risks are being introduced.Foundational security is being deprioritized. Technical debt keeps accumulating and legacy threats are still getting through because teams are too distracted by what is new to fix what is old.The AI agent space is where the near-term security value lives. Agentic tools that surface information faster and offer action suggestions are more meaningful than the AI-powered SOC marketing dominating the RSA floor.Identity and access management is growing more complex, not less. There is no standard across SaaS platforms for how permissions and scoping work, leaving serious gaps in logs, accountability, and access control.Supply chain and third-party risk still has massive gaps. Security teams often cannot trace where their data goes beyond the first layer of vendors, and AI black boxes embedded in vendor tools are making this harder.Cloud security has matured, but smaller organizations are still the weak point. Larger organizations have developed stronger muscle memory for secure cloud configuration, while smaller businesses are still stumbling into basic misconfigurations.Communicating risk to the board requires speaking their language. Translating technical risk into financial impact and tailoring the message to each stakeholder's function is what gets attention and drives action.Building strong teams means distributing hiring judgment. A committee-based interview process that includes different perspectives and gives staff a real voice in the final decision helps catch what any one interviewer might miss.Remote team culture requires intentional effort. In-person offsites, consistent communication, and encouraging team members to get outside and interact with people are all essential to keeping a remote team healthy.A course correction is coming on AI. Zlatko predicts organizations will hit a wall trying to replace too many functions with AI and will ultimately swing back toward valuing people who know how to use it rather than replacing people with it. Quote of the Show: “Using AI in every way, shape, or form creates a tremendous amount of risk across the organization.” - Zlakto Unger Links: LinkedIn: https://www.linkedin.com/in/zlatkounger/Website: https://www.wiz.io Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    56 min
  2. Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

    MAY 5

    Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

    How is AI changing both the threat landscape and the way security teams operate? Today’s guest is a seasoned cybersecurity leader navigating these changes at scale. Introducing David Cross, CISO at Atlassian. David joins Ernie Anderson and Graeme Payne to share how AI is reshaping cybersecurity, from attacker capabilities to internal defense strategies. He discusses how AI is lowering the barrier for attackers, why security teams must adapt to an increasingly fast-moving environment, and how organizations should think about managing risk as new technologies emerge. David also touches on the importance of understanding evolving threats, maintaining strong fundamentals, and ensuring teams are prepared to respond to continuous change.  Takeaways: AI is lowering the barrier for attackers: David explains that AI makes it easier for more individuals to carry out attacks, increasing both the volume and accessibility of threats. The pace of change is accelerating risk: He highlights that the speed at which AI is evolving is creating challenges for security teams trying to keep up. Security teams must continuously adapt: David emphasizes that organizations cannot rely on static defenses and must evolve alongside the threat landscape. Understanding threats is critical to defense:He discusses the importance of knowing how attackers operate in order to build effective security strategies. Fundamentals still matter: Despite new technologies, core security practices remain essential in protecting organizations. AI impacts both offense and defense: He notes that AI is not just a risk, but also a tool that can be used to strengthen security operations. Quote of the Show: “The pace of change is only increasing.” - David Cross Links: LinkedIn: https://www.linkedin.com/in/david-b-cross-b856657/Website: https://atlassian.com/Personal Website: davidcrosstravels.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    52 min
  3. Faster Innovation, Greater Risk - Jason Loomis - Cyber Smokehouse - Episode #13

    APR 28

    Faster Innovation, Greater Risk - Jason Loomis - Cyber Smokehouse - Episode #13

    How do you secure an environment when the technology is evolving faster than teams can keep up? Today’s guest is a cybersecurity leader operating at the intersection of AI, product security, and enterprise scale. Introducing Jason Loomis, CISO at Freshworks. Jason joins Ernie Anderson and Graeme Payne to share why the speed of AI innovation is becoming one of the biggest challenges in cybersecurity today. He dives into how AI is accelerating both development and risk, the growing difficulty of maintaining guardrails in AI-generated code, and why organizations are still struggling to implement governance at scale. Jason also shares a candid perspective on how AI may impact the future of cybersecurity talent, particularly at the entry level, and why continuous learning is becoming non-negotiable for security professionals.  Takeaways: The biggest challenge is simply keeping up. Jason states directly that the pace of change, especially driven by AI, is the hardest problem organizations face today. AI is accelerating both productivity and risk. From a development perspective, AI is increasing output and speed, but from a security perspective, it introduces new challenges around control and governance. Guardrails for AI-generated code are not mature yet. He highlights that while AI can write code, implementing consistent security controls and governance across tools is still difficult and not easily standardized. Entry-level cybersecurity roles are at risk. Jason explains that AI is already replacing lower-level roles like SOC analysts and GRC positions, which may impact long-term talent development. AI could reduce the future talent pipeline. He raises concern that removing entry-level learning opportunities may lead to fewer experienced professionals advancing into senior roles over time. Software supply chain risk is a growing concern. Beyond AI itself, Jason points to supply chain security as a major emerging challenge that organizations must address. AI literacy is becoming mandatory. He makes it clear that security professionals who are not actively learning and using AI risk becoming obsolete in the near future.  Quote of the Show: “Keeping up… it’s just fast, and AI is exponentially making it faster.” - Jason Loomis Links: LinkedIn: https://www.linkedin.com/in/jasonloomis1/recent-activity/images/Website: https://www.freshworks.com/?tactic_id=6909181&utm_source=social&utm_medium=linkedin&utm_campaign=aboutpage&utm_ter Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    40 min
  4. Foundations Still Define Cybersecurity Success - Merlin Namuth - Cyber Smokehouse - Episode #12

    APR 21

    Foundations Still Define Cybersecurity Success - Merlin Namuth - Cyber Smokehouse - Episode #12

    Why do organizations still struggle with cybersecurity despite more tools and innovation than ever before? Today’s guest is a seasoned cybersecurity executive with deep experience across enterprise and public sector environments. Introducing Merlin Namuth, CISO for the City and County of Denver. Merlin joins hosts Ernie Anderson and Graeme Payne to share why foundational security practices continue to be the biggest challenge for organizations today. He dives into why core disciplines like asset management and vulnerability management are often overlooked despite being critical, how AI is both a force multiplier and a growing threat, and why leadership, communication, and continuous learning are essential in cybersecurity. Merlin also shares practical insights on building high-performing teams, developing talent, and staying relevant in an industry that is constantly evolving.  Takeaways: Foundational security practices remain the biggest gap. Merlin emphasizes that organizations still struggle with core areas like hardware asset management, software tracking, and vulnerability management, despite their importance to reducing risk. “Basic” security is not actually easy. He reframes “basic” controls as “foundational” because they are difficult to implement consistently at any scale, regardless of organization size. AI is both a force multiplier and a threat. AI improves detection and response capabilities, but adversaries are also using it to rapidly develop exploits, increasing the pace of threats. Cybersecurity requires constant learning. The field changes rapidly, and professionals must continuously invest time in learning new technologies, compliance changes, and evolving threats. Leadership requires trust, feedback, and self-reflection. Merlin highlights the importance of having a trusted inner circle that can provide honest feedback and help leaders improve over time. Attracting talent requires a strong team culture. In public sector environments where compensation may be lower, promoting the quality of the team and mission helps attract strong candidates. Security programs must align across the business. He discusses working closely with functions like legal and communicating risk in ways that resonate with broader organizational goals. Quote of the Show: “I still see organizations just struggle with what I call the foundational elements of security.” - Merlin Namuth Links: LinkedIn: https://www.linkedin.com/in/merlin-namuth/Website: SeeYourselfHere.org Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    48 min
  5. Cybersecurity Is a Business Conversation - Chris Correia - Cyber Smokehouse - Episode #11

    APR 14

    Cybersecurity Is a Business Conversation - Chris Correia - Cyber Smokehouse - Episode #11

    How do you translate cybersecurity from a technical function into a true business priority? Today’s guest is a seasoned cybersecurity leader with deep enterprise experience. Introducing Chris Correia, CEO of CGS CyberDefense. Chris joins hosts Ernie Anderson and Graeme Payne to share how cybersecurity leaders must evolve from technologists into business storytellers who can align security with organizational priorities. He dives into why security conversations need to shift from tools to outcomes, how risk quantification enables better executive decision-making, and why organizational resiliency goes far beyond traditional cyber playbooks. Chris also shares leadership lessons from building teams, investing in the next generation, and creating long-term client relationships rooted in trust and value. Takeaways • Cybersecurity must be communicated in business terms. Chris emphasizes that security leaders need to translate technical concepts into business language to effectively engage executives and boards. • Risk quantification enables better decisions. He explains that framing security investments in terms of financial impact helps shift conversations from emotion to fact-based decision-making. • “Rules before tools” should guide security strategy. Organizations often overinvest in technology without building the right programs. Chris highlights the importance of designing the strategy first, then aligning tools to support it. • Organizational resiliency must extend beyond IT. Resiliency is not just a cybersecurity function. It requires coordination across the entire business, including roles like HR and operations, to ensure preparedness in real scenarios. • Testing and readiness must be continuous. Many organizations test disaster recovery or response plans too infrequently. Chris stresses the need for ongoing, practical testing to build real readiness. • AI must be used, but carefully validated. He notes that while AI is becoming essential, organizations must fact-check outputs and implement guardrails to avoid risk and misuse. • Relationships are central to consulting success. Chris highlights that long-term value comes from relationships, not transactions, and that trust is foundational in the consulting world.  Quote of the Show: “You have to be able to tell the right story to the right audience.” - Chris Correia Links: LinkedIn: https://www.linkedin.com/in/christopher-correia-/?skipRedirect=trueWebsite: https://cgscyberdefense.com/ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    57 min
  6. Securing What You Can’t See - Clete Taylor - Cyber Smokehouse - Episode #10

    APR 7

    Securing What You Can’t See - Clete Taylor - Cyber Smokehouse - Episode #10

    How do you secure environments that are constantly changing, distributed, and increasingly difficult to see? Today’s guest is a forward-thinking cybersecurity leader focused on tackling modern visibility and infrastructure challenges. Introducing Clete Taylor, Senior Security Architect at Frost. Clete joins hosts Ernie Anderson and Graeme Payne to explore how evolving environments are reshaping the way organizations approach security. He shares how the shift to cloud and hybrid infrastructure has created blind spots that traditional tools struggle to address. The conversation dives into why visibility is foundational to security, how attackers exploit gaps in awareness, and what organizations must do to adapt. Clete also highlights the importance of proactive strategy, continuous monitoring, and aligning security practices with how modern systems actually operate.   Takeaways: • You cannot secure what you cannot see. Modern environments are dynamic and distributed, making visibility the foundation of any effective security strategy. Without clear insight into systems and access, risk increases significantly. • Traditional security models are falling behind. Perimeter-based approaches were built for static environments. Today’s cloud and hybrid infrastructures require adaptive, continuously evolving security strategies. • Complexity creates opportunity for attackers. As systems grow more complex, gaps naturally emerge. Attackers are increasingly targeting these blind spots where monitoring and control are weakest. • Continuous monitoring is no longer optional. Security must operate in real time. Point-in-time assessments are not enough to detect or respond to threats in fast-moving environments. • Alignment between infrastructure and security is critical. Security strategies must reflect how systems are actually built and used. Misalignment creates inefficiencies and increases vulnerability. • Proactive thinking outperforms reactive defense. Organizations that anticipate risks and design for them early are far better positioned than those constantly reacting to incidents. Quote of the Show: “If you don’t have visibility, you’re making decisions in the dark.” - Clete Taylor Links: LinkedIn: https://www.linkedin.com/in/cletetaylor13/Website: cletustaylor.comBook Link: https://www.amazon.com/dp/B0GG5VL3MQ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    54 min
  7. Securing Identity in a Cloud-First World - Joe Mendygral - Cyber Smokehouse - Episode #9

    MAR 31

    Securing Identity in a Cloud-First World - Joe Mendygral - Cyber Smokehouse - Episode #9

    How do organizations stay secure when identity, access, and infrastructure are more distributed than ever before? Today’s guest is a seasoned cybersecurity leader focused on modern identity and cloud security challenges. Introducing Joe Mendygral, Senior Director at TBD Cyber. Joe joins hosts Ernie Anderson and Graeme Payne to explore how identity has become the core battleground in cybersecurity. He also delves into how cloud environments, AI, and evolving attack methods are forcing organizations to rethink how they detect and respond to threats. Joe shares practical insights on visibility, detection, and why traditional security approaches are struggling to keep up with modern environments. The conversation highlights the growing importance of understanding user behavior, securing identities, and building adaptive security strategies that evolve alongside threats. Takeaways: • Identity is now the primary attack surface. As organizations move to cloud-first environments, attackers are increasingly targeting identities instead of infrastructure. Securing who has access is now more important than securing where access happens. • Visibility gaps create the biggest risks. Many organizations lack a clear understanding of who has access to what across systems. Without visibility, it becomes nearly impossible to detect or respond to threats effectively. • Detection must evolve beyond traditional methods. Signature-based and perimeter-focused security models are no longer sufficient. Modern environments require behavior-based detection that can identify anomalies in real time. • Cloud complexity increases security challenges. As infrastructure becomes more distributed, security becomes harder to manage. Organizations must adapt their strategies to account for dynamic environments and decentralized access. • AI is changing both offense and defense. AI is enabling faster detection and response, but it is also being used by attackers to scale and automate threats. Security teams must evolve just as quickly to stay ahead. • Security requires continuous adaptation. There is no static solution to cybersecurity. Organizations must continuously refine their strategies, tools, and processes to keep up with an ever-changing threat landscape. Quote of the Show: “If you don’t understand identity and behavior, you don’t understand your risk.” - Joe Mendygral Links: LinkedIn: https://www.linkedin.com/in/joe-mendygral-0846a82/Website: https://www.tbdcyber.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    53 min
  8. AI, Identity, and the Future of Security- Steve Bay - Cyber Smokehouse - Episode #008

    MAR 24

    AI, Identity, and the Future of Security- Steve Bay - Cyber Smokehouse - Episode #008

    How do cybersecurity leaders manage risk, talent, and rapid innovation as AI transforms both threats and defenses? Today’s guest is a seasoned cyber intelligence leader and strategic risk advisor. Introducing Steve Bay, Vice President of Cybersecurity and Chief Information Security Officer at Coretelligent. Steve joins hosts Ernie Anderson and Graeme Payne to share how AI is reshaping the cybersecurity landscape and what leaders must do to stay ahead. He also delves into talent challenges, evolving threat dynamics, and the importance of balancing innovation with governance in a rapidly changing environment. Steve shares insights from his journey into cybersecurity, his experience in intelligence and enterprise security, and his perspective on how organizations can navigate uncertainty while building resilient security programs.   Takeaways: AI is the biggest disruptor in cybersecurity today:AI is transforming how both defenders and attackers operate. Organizations must understand how employees are using AI tools and how threat actors are leveraging them to exploit vulnerabilities. Governance of AI is critical but complex:Banning AI is not realistic and can create more risk than it solves. Leaders must focus on thoughtful governance that enables innovation while protecting data and systems. The cybersecurity talent market is evolving rapidly:There is a disconnect between hiring expectations and market reality. Companies want experienced talent at entry-level cost, while skilled professionals still struggle to find the right roles. AI may reshape entry-level career paths:As AI automates more foundational work, organizations must rethink how they develop junior talent and build future cybersecurity leaders. Cost pressure is forcing smarter security strategies:Organizations must balance delivering high-quality security with tight budgets. This requires prioritization, efficiency, and a clear understanding of business risk. Curiosity and adaptability are essential for leaders:Steve highlights that the pace of change requires continuous learning. Leveraging tools like AI for daily awareness can help leaders stay informed without being overwhelmed Quote of the Show: “We need to figure out how to harness AI and maximize it for the good of society, not try to ban it.” - Steve Bay Links: LinkedIn: https://www.linkedin.com/in/steven-bay-8005865/Website: https://www.core.tech Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    54 min
See All (16)

Trailer

About

This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.

Information

  • Creator
    TBDCyber
  • Years Active
    2K
  • Episodes
    16
  • Rating
    Explicit
  • Copyright
    © TBDCyber
  • Show Website
    Cyber Smokehouse