Great Security Debate

The Great Security Debate
  • 5.0 (17)
  • TECHNOLOGY
  • UPDATED BIWEEKLY

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't. Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

  1. WOPR Was Right

    JAN 12

    WOPR Was Right

    Recently and over the past few years, world events may have included cybersecurity components in their enactment. So, Brian, Erik, and Dan started talking about the role of security in critical infrastructure protection, asking questions about the ethics and thresholds for government and corporate roles in cyber retaliation, whether we as security practitioners have a role (or an obligation, or even a liability) to close vulnerabilities that can be used in primary or retaliatory scenarios. How much of human nature makes cyber retaliation a foregone conclusion, or can we find ways to reduce the need or use or availability of ways in via the technology. From Stuxnet to Iran to Caracas, using cybersecurity is a prevalent vector of retaliation, but does it always have to be that way? Or will it end with WOPR’s recognition that the only way to win the game is not to play at all? It’s hard to talk about modern cybersecurity and not bring in current events, and even harder to keep it from turning political. We tried very hard to do a good job in the latter as we talked about the former.  Thanks for being part of the debate! Show Notes: Caracas Invasion - https://abcnews.go.com/International/explosions-heard-venezuelas-capital-city-caracas/story?id=128861598Stuxnet Explained - https://www.csoonline.com/article/562691/stuxnet-explained-the-first-known-cyberweapon.htmlBook Recommendation: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon - https://geni.us/swbNSan Bernardino vs Apple - https://epic.org/documents/apple-v-fbi-2/Movie Recommendation: Real Genius - https://geni.us/abYUYTBook Recommendation: The Creature from Jekyll Island: A Second Look at the Federal Reserve - https://geni.us/SL21aCIA Triad - https://cybersecuritynews.com/cia-triad-confidentiality-integrity-availability/Book Recommendation: Atomic Habits - https://geni.us/Nn2GSYrMichigan Council of Women in Technology -https://mcwt.orgCritical Infrastructure (Sectors) - https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectorsShadowbrokers - https://www.theatlantic.com/technology/archive/2017/05/shadow-brokers/527778/AI Prescriptions (Utah) - https://www.politico.com/news/2026/01/06/artificial-intelligence-prescribing-medications-utah-00709122 Japanese Omoiyari - a...

    45 min
  2. Signs, Signs. Everywhere A Sign.

    12/29/2025

    Signs, Signs. Everywhere A Sign.

    Rules are made and policies are established. But the “how” of implementing and meeting those regulations or policies will be very context specific. In this episode of the Great Security Debate, Dan, Erik, and Brian cover a number of key policies and requirements and some different ways to think about implementing them and how the specific situation, company, risk will affect the way you meet the rule. From driving a car to incident response and everything in between. We debate the need to look back at old rules and see if they all still make sense (a great programme called Kill Stupid Rules), and flexibility in control implementation to meet evolving business needs, to move quickly, and keeping the whole picture of the business, customer, and employees in mind. Thanks for Listening! Show Notes: Passing on the right in Michigan: https://legislature.mi.gov/Laws/MCL?objectName=MCL-257-637Overtake time in Triathlon: https://www.triathlete.com/training/race-tips/9-race-rules-didnt-know-breaking/Reflex Security (Agentic Tabletop Exercises and Training): https://reflexsecurity.ioKill Stupid Rules: https://www.wsb.com/blog/employee-retention-secret/GM Dress Code Change (2020): https://gmauthority.com/blog/2020/06/how-general-motors-ceo-mary-barra-changed-the-companys-dress-code-for-the-better/Silly State Rules: https://www.buzzfeed.com/rhiannacampbell/weird-old-american-laws-you-wont-believeSex in Full Self Driving Cars (Clean): https://www.cbc.ca/news/science/sex-distracted-driving-1.3562029Movie Recommendation - The Usual Suspects: https://geni.us/wVrLOCBJohn Bingham, COO, Speak by Design: https://www.speakbydesign.com/about-usMovie Recommendation - Gremlins: https://geni.us/qE6NACMovie Recommendation -Die Hard: https://geni.us/eMASsMovie Recommendation - Love Actually: a...

    54 min
  3. Agentic Dan

    12/15/2025

    Agentic Dan

    We are back for another Great Security Debate. In this episode: we discuss the potential role of agentic AI in security, from true “copilot” to automated decider of things, and whether LLMs are just a really cool search engine. Brian, Erik, and Dan also debate the means and extent to which we could replace ourselves with agents and what the inhibitors and risks are (spoiler alert: trust and survival of that agent after employment were big factors), and how do we train those agents of all the steps our brains take to make the decisions that the humans make, and do so without polluting it with aspirational versions of ourselves (think: Instagram vs Reality). And it all leads to a parenting lesson by Brian and an automotive process lesson by Erik? It’s quite a debate.  Thanks for listening! We might do one more episode in 2026, but if not have a wonderful holidays and a happy new year! Here’s the quote that Brian references at the end of the episode by Tolstoy: Patience is waiting. Not passively waiting. That is laziness. But to Keep going when the going is hard and slow - that is patience. The two most powerful warriors are patience and time. The value lies not in reducing "power" (computational energy) but in leveraging that processing power to achieve outcomes that are difficult, slow, or impossible for humans to manage alone.Thanks for listening! Show Notes: Reflex Security - https://reflexsecurity.ioMovie Recommendation: Multiplicity - https://geni.us/7vgKOPlaid Privacy Policy - https://plaid.com/legal/Prompts.ai - https://www.prompts.ai/enMusic Recommendation: Take On Me - A-ha - https://www.youtube.com/watch?v=djV11Xbc914Book Recommendation: The Toyota Way - Book - https://geni.us/3LcpMBook Recommendation: Six Sigma - https://geni.us/CS8qlBook Recommendation: Matricide - https://geni.us/Xfn2MBBook Recommendation: The Lorax - https://geni.us/Fy8X4bPerplexity - https://www.perplexity.aiTV Recommendation - Pluribus (Apple TV+) - https://tv.apple.com/us/show/pluribus/umc.cmc.37axgovs2yozlyh3c2cmwzlza Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

    49 min
  4. Give a Sh!t Posture Management

    11/17/2025

    Give a Sh!t Posture Management

    On this weeks’ Debate, Brian brings a truckload of acronyms for more single panes of glass to help us consolidate our various single panes of glass, Erik may actually be Brian (or maybe Brian is Erik), and Dan confirms he still (and likely always will) spend the rest of his days living in the house he just built deep in the Trough of Disillusionment. What started out as a chat about some new technologies in the space turned into a treatise on the state of leadership and the future talent pipeline’s need for more curiosity (and why we think they are starved of the opportunity to learn to be curious). Along the way we talk about what motivates organisations to do security right from the get go vs leaving it alone based on difficulty to remediate, and the risk balances of both (think: productivity vs security). Throw in a little “binary opinions have dragged us into the mire” and you’ve got a full episode of The Great Security Debate. We also drop some hints about a new show coming from The Distilling Security network in 2026 called The Final Act which will bring guests in the later stages of their careers about the urgency of our careers in security and tech, what they want to leave behind as legacy, and what they are doing to prepare their orgs for their eventual departure. Add on how they have and will give back to the community, and what their successors want to see done before this first generation of security and tech leaders hit the road. Please subscribe and leave a comment.  If you’d like to sponsor the network, please email sponsors@distillingsecurity.com Thanks for listening! Show Notes: What is Data Security Posture Management (DSPM) - https://www.ibm.com/think/topics/data-security-posture-managementWhat is Identity Security Posture Management (ISPM) - https://www.sentinelone.com/cybersecurity-101/identity-security/identity-security-posture-management-ispm/What is an Institutional Review Board (IRB) - https://www.hhs.gov/ohrp/education-and-outreach/online-education/human-research-protection-training/lesson-3-what-are-irbs/index.htmlLucy pulls the football (hand egg) away from Charlie Brown - https://www.youtube.com/watch?v=9dsm7K1Xkn4Healthy foods are more costly - https://www.cnbc.com/2023/12/27/healthy-foods-are-often-more-expensive-heres-why.htmlWhy Ford cancelled the Bronco after OJ - https://www.slashgear.com/1560204/reason-ford-bronco-discontinued-after-oj-simpson-trial-explained/Not enough data - GSD Episode 62 [Audio] - https://podcasts.apple.com/us/podcast/the-100-years-ai-flood/id1513770103?i=1000735045511Not enough data - GSD Episode 62 [Video] - Book Recommendation - Anxious Generation by Jonathan Haidt - https://geni.us/lDrdn3Book Recommendation - The Coddling of the American Mind by Jonathan...

    55 min
  5. The 100 Years AI Flood

    11/03/2025

    The 100 Years AI Flood

    The Great Security Debate is *back*! It’s been a busy year, but it’s time to get this show back on the air (and maybe on the road). Dan takes a break from the rat race, Erik took over the world, and Brian uses Elmer’s Glue to splice his network cables. Topics in the show this week: AWS and Microsoft make the best cases for business continuity plans, the AIIs public cloud reliable enough? Should we all move back to local data centres? How can we reliably assess that risk?Want an AI Data Centre on your town? NIMBY vs Innovation! We will be back every 2 weeks on Mondays. Subscribe on YouTube at https://youtube.com/@greatsecuritydebate to see our smiling faces as you watch, or in your favourite podcast application to listen on your commute or with your whole family around the radio. See you on the 17th with more debates! And some entirely new shows coming from Distilling Security very soon, too. Subscribe to the newsletter on our website https://distillingsecurity.com to hear all about them Links to mentioned articles and topics: AWS Outage - 20 October 2025 - https://www.bbc.com/news/articles/cev1en9077roMicrosoft Azure Outage - https://www.wsj.com/tech/microsoft-hit-with-azure-365-outage-b3ac072437Signals move from AWS to Data Centre - https://world.hey.com/dhh/our-cloud-exit-savings-will-now-top-ten-million-over-five-years-c7d9b5bd100 Years Flood - usgs.gov - https://www.usgs.gov/water-science-school/science/100-year-floodGreat Flood of 1937 - https://www.weather.gov/lmk/flood_37Impact of Jaguar Land Rover Incident - https://www.bbc.com/news/articles/c0qpl0v3gnzoCDK Attack and Outage - https://www.industryweek.com/technology-and-iiot/article/55091142/major-cybersecurity-breach-affects-auto-manufacturersRussian grain blockade against Ukraine - https://www.cfr.org/article/how-ukraine-overcame-russias-grain-blockadeSaline, Michigan OpenAI Data Centre & Pushback - https://apnews.com/article/openai-inc-joi-harris-data-management-and-storage-microsoft-corp-oracle-corp-f25196fca5865ed79d94c972249a272cRacine, Wisconsin Foxconn and Microsoft site failures - https://racinecountyeye.com/2025/10/08/microsoft-abandon-1st-caledonia/Racine, Wisconsin What happened to FoxConn? a...

    47 min
  6. Risky Risks: Live from the GTS Security Summit

    05/12/2025

    Risky Risks: Live from the GTS Security Summit

    The Great Security Debate crew recorded a live episode at the GTS Security Summit in Detroit, Michigan with special guest, Zah Gonzalvo, SVP of Financial, Climate, and Operational Risk at Banco Popular. Tune in for a great discussion on risk, risk mitigation, risk prioritisation, and risk in context. Yep, it's all about risk! Takeaways: The evolution of security has shifted from a binary perspective to a more nuanced understanding of risk management, acknowledging the need for flexibility in addressing diverse security challenges. In contemporary discussions, it is increasingly evident that security must be integrated into business strategy, highlighting the imperative for security professionals to communicate effectively with stakeholders. The role of the Chief Information Security Officer (CISO) has transcended traditional technological boundaries, necessitating a comprehensive grasp of business risk and operational efficiency. Effective risk management within organizations requires a shared responsibility model, where every employee contributes to the overall security posture, thus reinforcing the concept that security is a collective endeavor. Scenario analysis is a potent tool in risk management, enabling organizations to anticipate potential threats and understand the implications of various risk scenarios on their operations. Engaging with business units to contextualize security risks in terms of operational impact and financial implications is vital for securing necessary budgets and resources for security initiatives.

    48 min
  7. Fantasy Hacker League

    10/21/2024

    Fantasy Hacker League

    In this episode of The Great Security Debate, Dan, Brian and Erik invent (and copyright) the idea of a Fantasy Hacker League then dig into more serious discussions on deception technology, asset discovery challenges, and resource management. The conversation also delves into the impact of budget constraints on security projects, the mental toll on cybersecurity professionals, and the evolving role of CISOs in digital transformation. Issues such as job stress, burnout, and role mismatches among security leaders are addressed, alongside strategic insights on integrating security within broader business operations. 00:00 Introduction to the Great Security Debate 00:39 Humorous Take on Hacker Recruitment 03:16 Fantasy Hacker League Concept 09:18 Microsoft's Honeypot Strategy 22:58 Challenges in Security Budgets and Resources 31:03 The Reality of Full-Time Positions 31:31 Introverts vs. Extroverts in Leadership 32:06 The Challenges of Being a CISO 33:53 Work-Life Balance and Stress 37:04 The Role of Security in Business 39:36 The Future of Security Leadership 41:00 Adapting to Economic Constraints 59:28 The Importance of Enjoying Your Work 01:00:26 Conclusion and Farewell

    1h 2m
  8. Free Disaster Recovery Tests!

    09/03/2024

    Free Disaster Recovery Tests!

    Welcome to the Great Security Debate! In this episode, experts take on a multifaceted discussion about the intricacies of technology and cybersecurity. The debate navigates through the recent incident involving CrowdStrike and Microsoft, dissecting the layers of technology, processes, and the roles of different entities in maintaining security. Emphasizing the lessons learned, the debate also explores the challenges of disaster recovery, business continuity, and balancing risk in an increasingly complex digital landscape. Tune in as the hosts delve into the ramifications of over-consolidation, the implications of vendor lock-in, and the importance of maintaining a culture of quality and robust testing. 00:00 Introduction to the Great Security Debate 00:37 Layers of Technology and Finger Pointing 01:23 Disaster Recovery and Business Continuity 02:34 Market Leaders and Single Points of Failure 08:25 The Complexity of Software and Manufacturing Analogies 14:27 Kernel Access and Security Implications 23:29 BitLocker Keys and Recovery Challenges 28:05 Daily Text File Sharing 28:21 Transitioning BitLocker Management 28:45 Risk Profiles and Encryption Decisions 31:47 Team Collaboration and Lessons Learned 33:38 CrowdStrike Incident Analysis 36:18 The Importance of Response and Culture 44:10 Balancing Speed and Safety in Software 51:41 Closing Remarks and Future Plans

    53 min
See All (66)

Ratings & Reviews

5
out of 5
17 Ratings

About

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't. Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

Information

  • Creator
    The Great Security Debate
  • Years Active
    2020 - 2026
  • Episodes
    66
  • Rating
    Explicit
  • Copyright
    © 2025 Distilling Security Inc.
  • Show Website
    Great Security Debate