The Watchtower

Cyera
  • 5.0 (11)
  • Management
  • Updated Bimonthly

Where cybersecurity, data, and AI leaders come to talk like humans - not headlines. Hosted by former global CISO, Ash Hunt, every episode uncovers what’s really happening behind the boardroom slides and breach reports. From insider stories of risk and resilience to honest takes on AI disruption, this is where leaders shaping the future of security drop the corporate filter and tell it straight. Presented by Cyera. Produced by Mission.org.

Episodes

  1. May 27

    Are We Measuring the Right Things?

    Security runs on metrics, but do those metrics reflect real risk? In this episode of The Watchtower, Ash Hunt sits down with Wade Baker - co-founder of Cyentia Institute and longtime architect of the Verizon DBIR - to dismantle the cybersecurity metrics that feel right but consistently lead programs astray. They take down "average cost per breach," expose why MTTR makes security teams look great while 99% of their vulnerabilities sit untouched, and introduce the half-life metric that actually tracks risk. Plus: why metrics are weaponized more often than they're used, and how AI agents are (finally) democratizing rigorous risk quantification.   Key Takeaways: - Cost-per-data-record is a survey artifact — there's no linear correlation between breach cost and records lost - MTTR only measures the vulnerabilities you remediate — so you can post a great MTTR while ignoring 99% of your environment - Survival analysis / half-life is the better metric — it tracks burn-down against a defined finish line, not raw speed - Think like a general, not a sniper: zero vulnerabilities is the wrong objective; the right 80% is - Metrics are weaponized to justify budget more often than they're used to manage program effectiveness - You don't need a stats PhD — AI agents are democratizing rigorous risk modeling   Wade Baker on LinkedIn: https://www.linkedin.com/in/drwadebaker/ Cyentia Research: cyentia.com/research   Chapters 00:00 Are we measuring the right things? 01:18 Which cybersecurity metrics are most misunderstood 02:48 The psychology of measuring what's easy 04:20 "We've got to measure something" — and the trap that creates 05:30 The real problem: security doesn't agree what "good" looks like 07:40 Sniper vs general: the thinking style CISOs need 09:28 Doing security things vs achieving security goals 10:25 The $215-per-record myth — and why it won't die 12:13 Metrics as weapons: the real reason the number survives 14:31 The needle-in-the-haystack reality of real breaches 15:45 Risk quantification was solved decades ago — in other industries 17:24 The MTTR indictment: measuring only what you fix 18:48 Survival analysis and the half-life metric 21:07 Fixed-speed decay: metrics as decision engineering 23:57 Event landscape vs threat landscape 27:19 AI agents as scenario-analysis partners 30:05 Democratizing risk modeling without a stats PhD 31:13 What security leaders should actually measure 34:15 Your metrics are not your boss's metrics 36:07 Data storytelling: testing a metric's "so what?" 37:03 What's next from Cyentia Institute Presented by Cyera. Produced by Mission.org. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    41 min

  2. May 13

    What 1,000+ Breaches Taught This CISO About Preparedness

    Are you just avoiding a breach? Or are you prepared for one? Dan Bowden is the Global CISO at Marsh - the world's largest insurance broker - where he protects 90,000+ employees across 130+ countries while simultaneously seeing how organizations are evaluated after cyber incidents. In this episode, Dan breaks down how regulation, insurance, and real breach data are changing the standard for what "prepared" actually means in 2026. Dan Bowden is a seasoned security leader with a background spanning military, healthcare, and banking before joining Marsh as joint Global CISO. Key takeaways: - Why the gap between governance documentation and crisis culture is where most organizations fail - How to properly engage your cyber insurance broker as a consultative security partner, not a checkbox - What Marsh's breach data actually shows about insured companies being targeted (spoiler: the myth is busted) - Why MFA in 2026 should be baseline - and what carriers are asking about next - How regulatory frameworks like NYDFS are shifting from descriptive to prescriptive requirements Guest: Dan Bowden, Global CISO, Marsh LinkedIn: linkedin.com/in/danbowden   Chapters 0:00 Dan Bowden: Cybersecurity Is Not “Best Effort” 1:10 What a Global CISO Sees That Others Don’t 3:50 Why Companies Call Their Broker First During an Incident 5:03 What Real Incident Data Actually Teaches You 7:04 Rethinking Risk: Frequency vs Catastrophic Events 10:12 Why Cyber Risk Is Still Measured Wrong 11:39 Stop Letting the News Drive Your Security Strategy 14:32 Where Incident Response Actually Breaks Down 15:00 Governance vs Culture - What Really Happens in Crisis 18:03 How to Test Leadership Under Pressure 19:32 What Most Companies Get Wrong About Cyber Insurance 23:12 Cyber Insurance Is Bigger Than “Cyber” 24:11 Why Most Broker Relationships Fail 25:52 How Insurance Decisions Actually Get Made 27:53 Identity Is the Root of Most Attacks 29:46 MFA Is the Baseline - But Not the End 33:27 How Regulation Is Reshaping Security 37:52 Myth: Insurance Makes You a Target 41:31 The Future: Custom Cyber Insurance Models Presented by Cyera. Produced by Mission.org. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    45 min

  3. Apr 29

    Has Cybersecurity Failed Us?

    We’ve spent billions on cybersecurity. Why are the problems the same? In the first episode of The Watchtower, Ash Hunt invites Jason Clark, CSO at Cyera, to dig into the hard truth that foundational security controls still fail in real environments. Together, they explore why identity and data remain unsolved, how rapidly changing enterprise tech has outpaced control design, and why AI is forcing the industry to rethink its entire foundation. This episode is made possible by Cyera. Chapters 0:00 Has Cybersecurity Failed? 1:22 Jason Clark - Security Built for Old Tech 2:48 Why Security Frameworks Keep Failing 4:58 The Pattern - We Can’t Keep Up - iPhone, Cloud, AI Adoption 7:47 Security Strategy Problem - No Data Visibility 10:02 Data and Identity Are Broken in Security 13:34 Identity Is a House of Cards 15:09 AI Will Break (or Fix) Cybersecurity 18:18 Rethinking Security - Systems and Data as Assets 20:39 Why Security Teams Clash with the Business 24:02 Why Risk Modeling Fails in Security 27:58 CISO Leadership Problem - No Business Influence 30:42 AI Adoption - Why Security Must Lead 33:17 The Future of Cybersecurity - Orchestrating Intelligence 34:07 Closing - What Comes Next   Presented by Cyera. Produced by Mission.org. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    35 min

  4. Apr 14

    Welcome to The Watchtower

    The systems we rely on weren’t built for the world we’re running today. Welcome to The Watchtower. The cybersecurity podcast exploring how identity, data, and behavior now control whether a business runs - or stops. Hosted by former global CISO, Ash Hunt, The Watchtower pulls back the curtain on what’s actually happening behind dashboards - from fragile identity systems to the real impact of AI inside the business. New episodes coming soon.   Presented by Cyera. Produced by Mission.org. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

    2 min

Trailer

5
out of 5
11 Ratings

About

Where cybersecurity, data, and AI leaders come to talk like humans - not headlines. Hosted by former global CISO, Ash Hunt, every episode uncovers what’s really happening behind the boardroom slides and breach reports. From insider stories of risk and resilience to honest takes on AI disruption, this is where leaders shaping the future of security drop the corporate filter and tell it straight. Presented by Cyera. Produced by Mission.org.

Information

  • Creator
    Cyera
  • Years Active
    2K
  • Episodes
    4
  • Rating
    Clean
  • Copyright
    © 2026 The Watchtower
  • Show Website
    The Watchtower