The Business of Cybersecurity

Tech Talks Network
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED WEEKLY

The Business of Cybersecurity is a podcast from the Tech Talks Network that explores where security and business strategy converge. Hosted by Neil C. Hughes, creator of the Tech Talks Daily Podcast, this series examines how today’s enterprises are managing cyber risk while still moving fast and innovating. Through insightful conversations with industry leaders, CISOs, product strategists, and security architects, the podcast brings clarity to the real-world decisions shaping cybersecurity in modern business. Each episode dives into how companies are responding to regulatory pressure, increasing complexity in cloud environments, and rising expectations from boards and customers. From AI-driven defense and zero trust to skills gaps and risk quantification, we go beyond technical jargon to explore what actually works—and what doesn’t—on the road to building resilient organisations. Whether you're leading a security team, sitting at the executive table, or simply want to understand the business impact of cybersecurity, this podcast offers honest, grounded perspectives designed to help you make better decisions in an environment that never stands still. Search Tech Talks Network to discover more shows covering the voices at the heart of enterprise technology.

  1. Goldilock Secure On Cutting The Blast Radius In Overconnected Networks

    1D AGO

    Goldilock Secure On Cutting The Blast Radius In Overconnected Networks

    For two decades, the mantra in technology has been simple: connect everything. More APIs, more integrations, more remote access, more cloud. But what happens when that hyper-connectivity becomes the very thing that amplifies risk? In this episode of Business of Cybersecurity, I sit down with Steven Brodie, Chief Revenue Officer at Goldilock Secure, a NATO-backed cybersecurity firm challenging the industry’s long-standing assumptions. Steven argues that in 2026 we are finally confronting the downside of overconnectivity, where sprawling networks and forgotten links create enormous blast radiuses when breaches occur. Instead of defaulting to constant connection, he introduces the idea of “right-sized connectivity,” where systems are connected only when required, no more and no less. We explore why so many modern breaches spread so quickly, and how architectural decisions made in the name of speed and convenience have left organizations exposed. Steven explains how most attacks are software-driven, moving laterally at machine speed, often faster than teams can patch. In that arms race, patching alone is no longer enough. Goldilock Secure approaches the problem differently by adding a physical layer of segmentation that can remotely connect or disconnect assets without sending commands over the public internet. The goal is simple: buy time, contain incidents, and prevent a localized breach from becoming a company-wide crisis. We also discuss the tension between security and operational continuity. How do you introduce deliberate firebreaks into a network without slowing down the business? Steven is clear that this is not about returning to air-gapped islands everywhere. It is about controlled connection and controlled disconnection. Boards, he argues, should rethink cybersecurity metrics away from checklist compliance and toward containment, resilience, and clear audit trails that demonstrate who accessed what, and when. As AI accelerates attack automation and zero-day vulnerabilities shrink response windows, the question facing every CISO and board is whether their architecture has grown beyond what is defensible. Are you relying purely on logical controls that can be subverted in software, or are you prepared to add physical boundaries that act as real firebreaks? I would love to hear your take. Has hyper-connectivity become a strategic liability in your organization, or is it still viewed as a competitive advantage?

    26 min
  2. How Kiteworks Is Preparing Enterprises For AI-Driven Risk In 2026

    3D AGO

    How Kiteworks Is Preparing Enterprises For AI-Driven Risk In 2026

    How prepared are enterprises and government agencies for the next wave of AI-driven risk? I sit down with Tim Freestone, Chief Strategy Officer at Kiteworks, to unpack the findings from the Kiteworks 2026 Data Security & Compliance Risk Forecast and what it reveals about the true state of data resilience today. As AI accelerates business processes and agentic systems gain more autonomy, Tim argues that the real challenge is no longer about adding another security tool. It is about gaining repeatable control over how sensitive data moves across organizations, partners, and automated systems. We explore why third-party involvement in breaches has surged to nearly one in three incidents and what that means for board-level accountability. Tim explains how traditional third-party risk assessments struggle to scale in an AI-enabled world, and why data-layer controls and modern digital rights management approaches are being revisited in a more practical form. We also examine the shift from ransomware headlines to the rising dominance of social engineering, and why micro-learning and human error prevention may offer a more realistic path forward than annual compliance training. Our conversation also tackles the regulatory pressure building across regions, from evolving GDPR requirements to the EU AI Act. Tim makes the case for unified, data-centric compliance models that provide file-level visibility and auditability, rather than fragmented controls across siloed systems. We discuss the growing relevance of data security posture management, the shrinking timeline for quantum risk, and the “harvest now, decrypt later” threat that leaders can no longer afford to dismiss as a distant concern. Finally, we turn to identity as the new perimeter in a world where AI agents act with increasing autonomy. Tim shares why identity alone is insufficient and why combining identity with data location defines the modern security boundary. For leaders facing limited budgets and skill constraints, his advice is pragmatic: start with visibility, align with established frameworks like NIST, and use AI-enabled copilots to accelerate cyber maturity rather than fall behind. If you are responsible for security, compliance, or risk outcomes, this episode offers a clear-eyed look at what is changing, accelerating, and must be addressed now. Are you truly in control of every send, share, receive, and save of sensitive data across your ecosystem?

    27 min
  3. Building Trust Through Cybersecurity in a Zero Trust World

    JAN 19

    Building Trust Through Cybersecurity in a Zero Trust World

    How can cybersecurity stop being treated as a tax on growth and start becoming something founders actually lean on to win trust, customers, and long-term advantage? In this episode of Business of Cybersecurity, I reconnect with Taylor Hersom, Founder and CEO of Eden Data, for a wide-ranging and honest conversation about what security really looks like in an AI-first world. Taylor has built his career inside compliance, risk, and cybersecurity, from Deloitte to launching Eden Data during COVID, and now helping venture-backed startups and global enterprises rethink how security fits into the business itself. Rather than framing cybersecurity as fear-driven insurance, he explains why it works best when treated as a signal of maturity, discipline, and credibility. We spend time unpacking how generative AI and agentic systems are changing the risk landscape, often faster than regulation and enforcement can keep up. Taylor shares why data, not models, remains the real asset worth protecting, and why so many organizations are still operating in a kind of AI Wild West. Without slipping into alarmism, he explains where companies are most exposed today, from training data to shadow AI tools quietly entering workflows, and why governance, transparency, and basic controls matter more than flashy security spending. What really stands out is Taylor’s practical take on turning compliance into a growth lever. We talk about SOC 2 and ISO standards, not as box-checking exercises, but as tools that can actually improve operations, customer confidence, and sales conversations when done properly. He explains why oversharing security posture can be a competitive advantage, how founders should think differently than large enterprises, and why bad audits and rubber-stamp certifications may create more risk than they remove. We also explore the human side of cybersecurity, including why most breaches still come down to everyday mistakes, not elite hackers, and how automation, monitoring, and better system design can reduce risk without burning out teams. Taylor shares a grounded view of how AI could finally help solve staffing shortages and alert fatigue inside security teams, and why emerging AI security standards may soon become the next credibility badge companies want to display. We close on a lighter note with book and music recommendations, but the core message is clear. Cybersecurity no longer lives in a silo, and the organizations that understand this are already using trust as a business advantage rather than a defensive posture. As AI becomes woven into every workflow, the companies that communicate clearly about how they protect data and customers may be the ones that stand out most. So as security, compliance, and AI continue to collide over the next few years, will your organization treat cybersecurity as a burden to manage, or as a story worth telling? Useful Links Connect with Taylor Hersom on LinkedInLearn more about Eden DataFollow on LinkedIn Thanks to our sponsors, Alcor, for supporting the show.

    34 min
  4. Avanade on Preparing Organizations for a World of Stronger Cybersecurity Expectations

    12/22/2025

    Avanade on Preparing Organizations for a World of Stronger Cybersecurity Expectations

    What does the UK’s new Cyber Security and Resilience Bill actually mean for mid-sized businesses that sit quietly inside complex supply chains, often assuming the rules are aimed at someone else? In this episode of Business of Cybersecurity, I sit down with Jason Revill, Global Security Practice Technology Lead at Avanade, to unpack why this legislation represents a genuine shift in how cyber risk will be judged, enforced, and felt across the UK mid-market. While much of the public debate has focused on critical national infrastructure, Jason explains why managed service providers and mid-sized firms are now firmly in scope, particularly those that underpin larger enterprises. Mandatory incident reporting, tougher expectations, and turnover-based penalties are changing cyber resilience from a technical concern into a board-level business issue. We explore why outsourcing cybersecurity no longer reduces accountability, even though nearly half of UK mid-market firms rely on third parties to manage their defenses. Jason shares real-world insight into how supply chain vulnerabilities are driving a growing share of breaches, why identity and access management has become a weak link, and how attackers increasingly exploit trust between organizations rather than technical flaws alone. The conversation also looks at the rising threat of legal action following breaches, with group claims against well-known UK brands signaling a wider shift in public and regulatory expectations. Crucially, this is not a fear-driven discussion. Jason offers a grounded perspective on how mid-sized organizations can move beyond checkbox compliance and embed security into everyday operations without grinding the business to a halt. We talk openly about cost, trade-offs, and why resilience planning only works when it is owned by the whole organization, not just the security team. For leaders heading into a new year facing tighter scrutiny and higher stakes, this episode offers clarity on what good looks like in practice and how to start building it. If cyber resilience is quickly becoming a license to operate rather than an optional safeguard, how prepared is your organization for the expectations that customers, regulators, and even the public are about to place on it, and what would it take to get ahead of that curve rather than react after the fact? Useful Links Connect With Jason RevillLearn More About AvanadeCyber Security and Resilience Bill Tech Talks Network is sponsored by Denodo

    28 min
  5. When IT Meets OT, Can Endpoint Security Hold The Line

    11/17/2025

    When IT Meets OT, Can Endpoint Security Hold The Line

    How do you protect factory floors, utilities, and critical infrastructure when IT and OT finally run on the same nervous system? That is the challenge at the heart of my latest conversation with John Walsh, Field CTO at IGEL Technology, recorded live at the IGEL Now and Next event in Frankfurt. Back in March in Miami, John and I talked about zero trust as an ecosystem rather than a product, a way to bring unified management and strong policy enforcement to the endpoint. This time, we take that thinking to the operational technology world, where the stakes feel very different. When a cyberattack hits a factory, it is not only data at risk. It can stop production lines, damage equipment, and cost millions in downtime. John explains how a prevention first mindset, backed by IGEL’s immutable OS, Universal Management Suite, and OEM ready integrations, is helping manufacturers and OEMs move security out to the edge where attacks actually begin. Across the episode, John lifts the lid on IGEL’s work with partners such as Intel, Honeywell, Zscaler, and others who see OT as a growth frontier. We talk about US Department of Defense zero trust 2.0 requirements, European regulation, and what it really takes to extend zero trust thinking from the office to the plant. From dark industrial networks to containerized workloads at the edge, from sensor attestation to the kill chain, this is a grounded look at how endpoint security, confidential compute, and sovereign architectures are reshaping industrial resilience. This one is for anyone who cares about the future of secure infrastructure, whether you work in manufacturing, utilities, or simply want a clearer view of where zero trust is heading as AI powered threats accelerate. Do you believe prevention first security can truly keep pace with autonomous attacks, or are we still leaning too heavily on detection and response thinking from an older era of cyber? I would love to hear your thoughts.

    24 min
  6. Why Endpoint Resilience Is the Missing Piece in Cybersecurity Strategy

    11/10/2025

    Why Endpoint Resilience Is the Missing Piece in Cybersecurity Strategy

    What does business continuity really mean when thousands of devices across a hospital or enterprise go dark? In this episode, Jason Mafera, Chief Technology Officer for Healthcare at IGEL, joins me at the Now and Next event in Frankfurt to explore why endpoint resilience has become one of the most overlooked priorities in cybersecurity. Jason explains why hospitals and healthcare providers have zero tolerance for downtime, and how the same principle applies across every industry where endpoint failure halts operations. He breaks down how IGEL’s prevention-first approach and its Business Continuity and Disaster Recovery solution can restore access within minutes, even during a ransomware event that would otherwise take weeks or months to recover from. For cybersecurity analysts evaluating endpoint protection, Jason offers valuable insight into what a prevention-first model looks like in practice. He describes how secure-by-design, read-only operating systems, dual boot capabilities, and layered recovery options create an architecture that is both lightweight and resilient. Analysts looking to compare endpoint strategies will find this discussion useful for understanding how organizations can combine operational uptime, rapid recovery, and measurable ROI without adding complexity or cost. We also discuss how prevention-first design changes the economics of IT. Jason shares examples of how organizations are cutting costs, improving patient safety, and aligning endpoint strategy with Zero Trust frameworks to strengthen both security and productivity. It is a fascinating look at how the business of cybersecurity is changing, and why protecting the endpoint is no longer optional. Are enterprises finally ready to treat endpoint continuity as part of their core business strategy? I would love to hear your thoughts after the episode. Useful Links Connect with Klaus Oestermann on LinkedInLearn more about IGELFollow on LinkedIn, Twitter and YouTube Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

    24 min
  7. Corelight’s Brian Dye on Outsmarting AI-Powered Attackers

    10/24/2025

    Corelight’s Brian Dye on Outsmarting AI-Powered Attackers

    In today’s digital battlefield, prevention is no longer enough. Firewalls and endpoint protection might keep the doors locked, but attackers are slipping in through the windows. In this episode of Tech Talks Daily, I sit down with Brian Dye, CEO of Corelight, to explore how the cybersecurity game has changed and why network detection and response (NDR) has become the new frontline of digital defense. Brian brings an extraordinary track record from senior roles at Symantec, McAfee, and Citrix, giving him a rare perspective on how cyber strategy has evolved from antivirus software to AI-driven network intelligence. As he explains, “The days of when things were nice and loud and easy to find have come and gone.” Attackers now live off the land, using legitimate IT tools like PowerShell to hide in plain sight, while generative AI accelerates the weaponization of new exploits in hours instead of weeks. We discuss why Corelight’s open-source heritage gives it a unique edge in the GenAI era, how automation is reshaping response workflows, and what it really takes to achieve sub-15-second threat response. Brian also opens up about leadership lessons learned from his years in the industry, Corelight’s growth from startup to global scale, and the cultural principles that keep innovation alive through rapid expansion. This conversation goes far beyond cybersecurity buzzwords. It is a candid look at the reality facing modern defenders, where data is readiness, visibility is power, and resilience is built one decision at a time. Whether you are a CISO, developer, or business leader, this episode offers a grounded, human perspective on the future of cyber defense and what it means to truly understand what went “bump in the night.”

    28 min
  8. Experian’s AI Fraud Report: SIM Swaps, Voice Cloning, and Smarter Countermeasures

    09/29/2025

    Experian’s AI Fraud Report: SIM Swaps, Voice Cloning, and Smarter Countermeasures

    Experian’s Chief Product Officer for Identity and Fraud in the UK and Ireland, Paul Weathersby, joins me to unpack how criminals are using generative tools to fabricate documents, clone voices, perfect phishing at scale, and stitch together synthetic identities. We dig into the sharp rise in SIM swap attacks, why eSIM provisioning can accelerate takeovers, and how coordinated crews now treat fraud like a business with playbooks and orchestration. Paul explains what works on the defensive side right now. Think adaptive, multilayered authentication that reacts to real risk signals, mobile network checks to identify recent SIM changes, behavioral biometrics, enhanced document and liveness detection, and AI that accelerates investigations while reducing false positives and compliance costs. We also look at more innovative data use, graph analytics to expose fraud rings, cross-industry intelligence sharing, and the FCA’s supersized sandbox that helps teams test models at high volume. If you care about stopping account takeovers without breaking customer experience, this conversation is a practical blueprint for 2026 and beyond. SIM swapping increased by over 1,000% How to protect yourself from SIM swapping ********* Visit the Sponsor of Tech Talks Network: Land your first job in tech in 6 months as a Software QA Engineering Bootcamp with Careerist https://crst.co/OGCLA

    29 min
See All (23)

About

The Business of Cybersecurity is a podcast from the Tech Talks Network that explores where security and business strategy converge. Hosted by Neil C. Hughes, creator of the Tech Talks Daily Podcast, this series examines how today’s enterprises are managing cyber risk while still moving fast and innovating. Through insightful conversations with industry leaders, CISOs, product strategists, and security architects, the podcast brings clarity to the real-world decisions shaping cybersecurity in modern business. Each episode dives into how companies are responding to regulatory pressure, increasing complexity in cloud environments, and rising expectations from boards and customers. From AI-driven defense and zero trust to skills gaps and risk quantification, we go beyond technical jargon to explore what actually works—and what doesn’t—on the road to building resilient organisations. Whether you're leading a security team, sitting at the executive table, or simply want to understand the business impact of cybersecurity, this podcast offers honest, grounded perspectives designed to help you make better decisions in an environment that never stands still. Search Tech Talks Network to discover more shows covering the voices at the heart of enterprise technology.

Information

More From Tech Talks Network