Cyber Smokehouse

TBDCyber

This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.

  1. 19h ago

    Predictive Cyber Risk - Tim and Suzanne O’Neil - Cyber Smokehouse - Episode #22

    Most security programs are built around understanding what has already happened, but what if organizations could begin anticipating cyber threats before they materialize? In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Tim and Suzanne O'Neil, founders of AigisPoint Predictive Intelligence. Drawing on decades of experience spanning enterprise security architecture, military leadership, entrepreneurship, and business strategy, they discuss their approach to predictive cyber risk, how AI and machine learning are reshaping threat modeling, and the realities of building an innovative cybersecurity startup. From balancing innovation with security to understanding AI's limitations, this conversation explores how organizations can begin thinking beyond reactive cybersecurity while remaining grounded in practical risk management.  Takeaways: Traditional threat modeling remains largely static, creating an opportunity to apply AI and machine learning to forecast potential cyber threats before they emerge rather than relying solely on historical attack data. Publicly available sources, including industry reports, breach investigations, and threat intelligence, contain valuable information that can be combined with modern analytical techniques to identify emerging trends instead of simply documenting the past. Building innovative cybersecurity products requires leaders to constantly balance investment decisions, innovation, and acceptable business risk, recognizing that organizations cannot fund every initiative simultaneously. Early-stage cybersecurity companies face the challenge of proving value through customer adoption while simultaneously developing secure, production-ready platforms and meeting investor expectations. AI should be viewed as an enabling technology, not an infallible decision-maker. Human oversight remains essential because AI systems can still produce flawed outcomes and require validation before being trusted in security-critical environments. As AI automates more routine security analysis, cybersecurity roles will continue to evolve rather than disappear, creating demand for new specialties as adversaries increasingly leverage AI-driven techniques. Entrepreneurship in cybersecurity requires technical expertise alongside resilience, adaptability, and a willingness to navigate uncertainty while transforming innovative ideas into commercially viable products. Quote of the Show: “Currently everybody's looking backwards.” - Suzanne O’Neil Links: LinkedIn: https://www.linkedin.com/in/suzanne-oneil-7490643b8/  linkedin.com/in/tim-o-22774918/?skipRedirect=true Website: https://www.aigispoint.net/ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    56 min
  2. Managing Risk at Scale - John Rogers - Cyber Smokehouse - Episode #21

    Jun 23

    Managing Risk at Scale - John Rogers - Cyber Smokehouse - Episode #21

    Cybersecurity leaders today face a challenge that extends far beyond technology: keeping pace with constant change. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with John Rogers, Chief Information Security Officer and Head of Technology Risk at MSCI. Drawing on experience spanning consulting, financial services, and executive security leadership, John shares his perspective on AI governance, third-party risk management, board communication, and the growing complexity facing security teams. Listeners will gain practical insights into how organizations can approach AI governance, communicate cyber risk effectively to executives and boards, rethink traditional third-party risk practices, and prepare for a future where security leaders must balance innovation with increasingly complex threats.  Takeaways: The speed of change remains one of the biggest challenges facing security leaders today, with AI accelerating both innovation and the barrier to entry for attackers. AI governance starts with visibility. Before organizations can govern AI effectively, they need an inventory of where AI systems and agents actually exist across the business. Citizen development creates opportunities for innovation but also introduces new security responsibilities that many non-technical users may not fully understand. Effective board communication requires focusing on risk, change, and business impact rather than diving into highly technical details that executives may not find actionable. Traditional third-party risk management approaches often rely heavily on questionnaires that may not provide meaningful security insight, highlighting the need for more risk-focused evaluation methods. Security teams are continually playing catch-up as new technologies emerge, while foundational controls such as encryption and access management remain consistently important. Cybersecurity professionals entering the field should embrace AI tools rather than fear them, as familiarity with AI is rapidly becoming a critical skill regardless of technical background. Quote of the Show: “It's impossible to be an expert at everything.” - John Rogers Links: LinkedIn: https://www.linkedin.com/in/johnsrogers/Website: http://www.msci.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    49 min
  3. Foundation First - Michael Myint - Cyber Smokehouse - Episode #19

    Jun 9

    Foundation First - Michael Myint - Cyber Smokehouse - Episode #19

    Most cybersecurity conversations start with technology. Michael Myint starts with the foundation. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Michael Myint, a cybersecurity executive whose thirty year career spans Big Four consulting, global enterprises, and high growth healthcare startups. He has built programs from scratch, led organizations through public incidents, and mentored security leaders who have gone on to surpass him. You will walk away with a sharper view of where AI is genuinely changing the threat landscape, why vendor consolidation is coming, whether organizations are ready or not, and what separates the security professionals who rise from the ones who stall.   Takeaways: Board communication lives or dies on business relevance. Phishing rates and patch counts belong in the appendix. Metrics tied to revenue, speed to delivery, and product outcomes are what earn executive attention and budget support.AI is disrupting the entry level pipeline in ways the industry has not fully reckoned with. New practitioners who rely on prompt engineering without foundational knowledge will struggle when things break and nobody knows why.Vendor consolidation is coming. The era of niche tools for every sliver of the security stack is giving way to platforms that cover more ground at lower cost, and leaders who get ahead of that shift will be better positioned.Quantum computing combined with AI capabilities is a legitimate long term concern. Nation state actors are already better resourced than most enterprises, and that gap only widens as quantum matures.The CISO is not the department of no. Security leaders who lean on restriction and compliance theater lose credibility quickly. The ones who earn trust show up with solutions and speak the language of the business.Building future leaders requires giving real ownership, not just tasks. Cross training across security functions and evaluating people on program outcomes rather than activity is what develops professionals who can eventually lead on their own.A foundational background still matters before moving into a cybersecurity role. Understanding networking, identity, and how systems actually work provides context that no certification shortcut can replace.Quote of the Show: “"Be curious, dig a lot, be a go-getter, be a problem solver, take ownership."- Michael MyintLinks: LinkedIn: https://www.linkedin.com/in/michaelmyint/Website: https://adapthealth.com/ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    44 min
  4. Rethinking Security Risk - Mea Clift - Cyber Smokehouse - Episode #18

    Jun 2

    Rethinking Security Risk - Mea Clift - Cyber Smokehouse - Episode #18

    Cybersecurity careers are rarely linear, and building effective security leadership requires more than technical expertise alone. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Mea Clift, CISO at Cengage, for a conversation about cybersecurity career growth, leadership, curiosity, and risk management. Mea shares insights on how professionals can find their place within the cybersecurity industry, why curiosity is essential for long-term success, and how passion drives deeper expertise. The discussion also explores misconceptions about the CISO role, business impact assessments, security risk, and the realities of operating modern security programs. Outside of cybersecurity, the conversation shifts into Mea’s approach to smoking and grilling, including charcoal setups, smoking techniques, and favorite recipes.  Takeaways: Cybersecurity professionals should find a specialty they’re passionate about. Mea explains that broad interest alone is not enough to build a successful cybersecurity career and encourages people to identify the specific area that excites them most.Curiosity is critical for long-term success in security. The conversation highlights the importance of continuous learning because cybersecurity constantly evolves.Passion helps professionals stand out in competitive hiring environments. Mea discusses how enthusiasm, projects, networking, and deep subject knowledge differentiate candidates during interviews.Business impact assessments are an underrated security control. During the lightning round, Mea identifies business impact assessments as a security control that deserves more attention.Risk remains a major challenge within the security industry. Mea gives a concise answer of “Risk” when asked what the industry is getting completely wrong.There are misconceptions about what CISOs actually do. The discussion touches on common assumptions around the day-to-day work of CISOs and the operational realities behind security leadership roles.Smoking and grilling are part of Mea’s creative outlet outside work. Mea shares details about her charcoal and wood smoking setup, favorite smoking techniques, and favorite  recipes. Quote of the Show: “Life’s too short. You gotta follow your passion.” - Mea Clift Links: LinkedIn: https://www.linkedin.com/in/mea-clift/Website: https://www.cengagegroup.com/ Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    47 min
  5. Cybersecurity Beyond Compliance - Matthew Mudry - Cyber Smokehouse - Episode #17

    May 26

    Cybersecurity Beyond Compliance - Matthew Mudry - Cyber Smokehouse - Episode #17

    What happens when organizations scale rapidly through acquisition while simultaneously navigating AI adoption and evolving cyber risk? In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Matthew Mudry, CISO at Alera Group, to discuss the operational realities of securing large-scale acquisitions, integrating fragmented environments, and managing cybersecurity risk during periods of aggressive growth. Matthew shares firsthand experiences standardizing security across acquired organizations, balancing business pressure with security due diligence, and navigating the growing complexity introduced by AI technologies. The conversation explores M&A integration challenges, data loss prevention, access control, AI governance, leadership communication, security roadmaps, and the future of the CISO role.  Takeaways: M&A creates significant operational security complexity. Matthew discusses the challenge of integrating acquired businesses into standardized security platforms and processes.Security teams need earlier involvement in acquisitions. The conversation explores how organizations sometimes prioritize business growth before fully understanding integration and security risks.AI introduces both opportunity and risk. Matthew shares concerns around AI misuse, access control, data loss prevention, and adversarial use cases while also discussing opportunities to improve security operations using AI.Access control and DLP remain foundational. The episode repeatedly emphasizes the importance of strong access controls and data protection strategies when adopting AI technologies.Security leaders must communicate effectively with executives. Matthew discusses translating technical risk into measurable business reporting through roadmaps, metrics, and leadership engagement.Strong technical foundations matter for future leaders. Matthew advises aspiring cybersecurity leaders not to rush into management too early and stresses the importance of technical and risk management experience.Quantum computing is becoming a long-term concern. The conversation explores future risks around encryption, legacy data exposure, and long-term data retention. Quote of the Show: “What’s better than fighting AI with AI?” - Matthew Mudry Links: LinkedIn: https://www.linkedin.com/in/matthewmudry/Website: http://www.aleragroup.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    55 min
  6. Modern Cybersecurity Challenges: Explained- Mike Salem - Cyber Smokehouse - Episode #16

    May 19

    Modern Cybersecurity Challenges: Explained- Mike Salem - Cyber Smokehouse - Episode #16

    Cybersecurity is evolving faster than ever, and leaders are being forced to rethink how they approach risk, resilience, and modern defense strategies. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Mike Salem to discuss today’s rapidly changing cyber landscape and the growing influence of AI on both attackers and defenders. Throughout the conversation, Mike shares insights on emerging cyber threats, operational challenges facing security teams, and the importance of adaptability in modern cybersecurity leadership. The discussion also explores how organizations can better prepare for evolving risks while balancing innovation, visibility, and practical security execution. This episode offers valuable perspective for cybersecurity leaders, IT professionals, and organizations navigating constant technological change and increasing security complexity.  Takeaways: • AI is rapidly changing the cybersecurity landscape. The conversation explores how AI is accelerating both offensive and defensive cybersecurity capabilities and increasing the speed of change across the industry. • Security teams must continuously adapt. Mike discusses the operational challenges organizations face as threats evolve faster than traditional security processes. • Visibility and awareness remain critical.The episode highlights the importance of understanding environments, risks, and potential gaps before incidents occur. • Cybersecurity leadership requires flexibility. The discussion emphasizes the need for leaders to remain adaptable while balancing business priorities and security objectives. • Threat actors are evolving quickly. Mike shares perspectives on how modern attackers are becoming more sophisticated and accessible through emerging technologies. • Organizations must focus on practical execution. The conversation reinforces the importance of operationalizing security strategies rather than relying solely on theoretical frameworks. Quote of the Show: “Threat actors are evolving faster than most organizations can react.” -  Mike Salem Links: LinkedIn: https://www.linkedin.com/in/mikesalem2112/Website: http://www.ihstowers.comMike’s Email: mss972@yahoo.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    48 min
  7. Security Fundamentals in an AI-Driven World - Zlatko Unger - Cyber Smokehouse - Episode #15

    May 12

    Security Fundamentals in an AI-Driven World - Zlatko Unger - Cyber Smokehouse - Episode #15

    Tired of the buzzword bingo flooding the cybersecurity industry? So is Zlatko Unger. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Zlatko Unger, CISO Expert at Wiz, for a no-nonsense conversation that cuts straight through the AI noise and gets back to what actually matters in security. With over 18 years of experience spanning security, risk, privacy, and compliance, Zlatko brings the kind of hard-earned perspective that only comes from building and scaling security programs in the real world. From the growing complexity of identity and access management to the supply chain gaps that keep him up at night, Zlatko lays it all out plainly. You will walk away with a clearer picture of where AI is genuinely useful in security programs, where technical debt is quietly piling up while everyone chases the next shiny thing, and what it takes to lead remote security teams and communicate risk to a board that may not want to hear it. This one is packed with substance, humor, and the kind of candid insight you rarely get on a stage at RSA.  Takeaways: AI hype is creating real operational risk. Organizations are rushing to adopt AI tools without the due diligence needed to understand what they are allowing or what risks are being introduced.Foundational security is being deprioritized. Technical debt keeps accumulating and legacy threats are still getting through because teams are too distracted by what is new to fix what is old.The AI agent space is where the near-term security value lives. Agentic tools that surface information faster and offer action suggestions are more meaningful than the AI-powered SOC marketing dominating the RSA floor.Identity and access management is growing more complex, not less. There is no standard across SaaS platforms for how permissions and scoping work, leaving serious gaps in logs, accountability, and access control.Supply chain and third-party risk still has massive gaps. Security teams often cannot trace where their data goes beyond the first layer of vendors, and AI black boxes embedded in vendor tools are making this harder.Cloud security has matured, but smaller organizations are still the weak point. Larger organizations have developed stronger muscle memory for secure cloud configuration, while smaller businesses are still stumbling into basic misconfigurations.Communicating risk to the board requires speaking their language. Translating technical risk into financial impact and tailoring the message to each stakeholder's function is what gets attention and drives action.Building strong teams means distributing hiring judgment. A committee-based interview process that includes different perspectives and gives staff a real voice in the final decision helps catch what any one interviewer might miss.Remote team culture requires intentional effort. In-person offsites, consistent communication, and encouraging team members to get outside and interact with people are all essential to keeping a remote team healthy.A course correction is coming on AI. Zlatko predicts organizations will hit a wall trying to replace too many functions with AI and will ultimately swing back toward valuing people who know how to use it rather than replacing people with it. Quote of the Show: “Using AI in every way, shape, or form creates a tremendous amount of risk across the organization.” - Zlakto Unger Links: LinkedIn: https://www.linkedin.com/in/zlatkounger/Website: https://www.wiz.io Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    56 min
  8. Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

    May 5

    Security in the Age of AI Acceleration - David Cross - Cyber Smokehouse - Episode #14

    How is AI changing both the threat landscape and the way security teams operate? Today’s guest is a seasoned cybersecurity leader navigating these changes at scale. Introducing David Cross, CISO at Atlassian. David joins Ernie Anderson and Graeme Payne to share how AI is reshaping cybersecurity, from attacker capabilities to internal defense strategies. He discusses how AI is lowering the barrier for attackers, why security teams must adapt to an increasingly fast-moving environment, and how organizations should think about managing risk as new technologies emerge. David also touches on the importance of understanding evolving threats, maintaining strong fundamentals, and ensuring teams are prepared to respond to continuous change.  Takeaways: AI is lowering the barrier for attackers: David explains that AI makes it easier for more individuals to carry out attacks, increasing both the volume and accessibility of threats. The pace of change is accelerating risk: He highlights that the speed at which AI is evolving is creating challenges for security teams trying to keep up. Security teams must continuously adapt: David emphasizes that organizations cannot rely on static defenses and must evolve alongside the threat landscape. Understanding threats is critical to defense:He discusses the importance of knowing how attackers operate in order to build effective security strategies. Fundamentals still matter: Despite new technologies, core security practices remain essential in protecting organizations. AI impacts both offense and defense: He notes that AI is not just a risk, but also a tool that can be used to strengthen security operations. Quote of the Show: “The pace of change is only increasing.” - David Cross Links: LinkedIn: https://www.linkedin.com/in/david-b-cross-b856657/Website: https://atlassian.com/Personal Website: davidcrosstravels.com Ways to Tune In: Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

    52 min

About

This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.