Avsnitt

  • How defense keeps up with AI, cyber threats, and private-sector innovation.

    In this episode of The Watchtower, Ash Hunt sits down with Jimmy Harrington, retired Air Force colonel and former Deputy CIO at U.S. Special Operations Command, for a conversation about cyber resilience, defense innovation, and what large organizations often misunderstand about speed.

    From NATO and the Pentagon to AI-enabled defense systems and private-sector collaboration, Jimmy shares what defense can teach enterprise security leaders about resilience, leadership, mentorship, and building organizations that can operate through uncertainty.

    Highlights Why “keeping up” may be the wrong question How zero trust changes the goal from prevention to resilience Why defense innovation can become “innovation theater” What it takes for new technology to actually scale What CISOs can learn from military leadership and mentorship Connect

    Jimmy Harrington on LinkedIn

    Chapters

    0:00 Can organizations keep up with innovation?

    1:14 Jimmy Harrington Deputy CIO

    5:36 The pace problem inside defense institutions

    6:50 Reframing cyber success: stop trying to stop everything

    8:49 Run fast, trip less - operating under uncertainty

    12:12 Threat-agnostic vs threat-specific cyber defense

    14:09 Defense tech: from leading edge to catching up

    15:14 Innovation theater: the $5B that never scaled

    18:55 Slow is smooth, smooth is fast

    21:16 Palantir, Anduril, and selling belief to the DoD

    24:33 Building the plane while it's flying

    27:23 Why CISOs and defense leaders don't collaborate enough

    31:34 The military's leadership DNA corporate lacks

    35:49 Mentorship and the replacement-first model

    41:24 How leaders are actually built

    43:10 The hardest part of leaving the military

    46:28 What corporate underestimates about veterans

    Presented by Cyera. Produced by Mission.org.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

  • Is AI helping us make better decisions or just giving us more data to misinterpret?

    In this episode of The Watchtower, Ash Hunt speaks with Tony Martin-Vegue, founder of NinetyFive Risk Advisory and author of From Heat Maps to Histograms, about cyber risk, decision-making, and the role of AI in risk analysis.

    Tony explains why security teams often have more data than they realize, but still need the judgment to evaluate that data, understand its quality, and use it responsibly.

    Highlights

    Why AI can supercharge risk analysis without replacing human judgment How LLM outputs should earn their way into a risk model Why red/yellow/green heat maps limit executive risk conversations How cyber risk quantification helps security leaders speak in business terms What cybersecurity can learn from meteorology, epidemiology, actuarial science, and financial risk management

    Connect

    Tony Martin-Vegue on LinkedIn

    95 Risk Advisory

    Chapters

    0:00 The judgment problem AI can't solve

    1:24 From IT janitor to risk analyst with Tony Martin-Vegue

    5:19 Explaining risk in dollars vs colors

    9:35 Not enough data is not an excuse

    13:50 The DBIR, data quality, and the 500-report flood

    16:46 Industry reports or Twitter polls

    17:39 Decision engineering: operating under uncertainty

    20:35 The CISO's real job isn't stopping attacks

    21:31 The most influential cybersecurity book

    28:41 AI launders bias

    31:49 Decision engineering at scale: agentic context across the business

    39:43 Cyber risk math was invented by 18th-century gamblers

    41:20 What cybersecurity needs to steal from other fields

    43:44 Toyota, Taylorism, and why your heat map has to die

    45:53 Where to find Tony and the book

    Presented by Cyera. Produced by Mission.org.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

  • Saknas det avsnitt?

    Klicka här för att uppdatera flödet manuellt.

  • Identity is now the fabric that determines the viability of every business operation.

    In this episode of The Watchtower, Ash Hunt talks with Valvoline CISO Corey Kaemming about how identity became the operational backbone of modern companies. As cloud, automation, and AI accelerate, identity failures don’t just create risk - they stop work entirely. They explore why identity decisions are now business decisions, how automation amplifies identity risk, and why CISOs are evolving from gatekeepers into service leaders responsible for keeping operations moving.

    Chapters

    0:00 Identity Now Runs Everything (Corey Kaemming)

    1:20 Why Identity Suddenly Matters More Than Ever

    5:40 “Attackers Aren’t Breaking In… They’re Logging In”

    9:30 Identity as the Backbone of Enterprise Operations

    12:00 You Can’t Just “Turn On” AI in Security

    17:00 Moving Beyond Passwords - What Users Actually Want

    19:20 Why Identity Workflows Keep Breaking

    23:10 When Identity Fails, the Business Stops

    26:00 “If You Can’t Log In, Nothing Works”

    29:10 Inside a Real Identity Transformation Program

    34:50 Who Should Own Identity - Security or the Business?

    41:30 Rethinking Hiring, Teams, and Identity Strategy

    46:15 Identity Beyond Security

    Presented by Cyera. Produced by Mission.org.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

  • Security runs on metrics, but do those metrics reflect real risk?

    In this episode of The Watchtower, Ash Hunt sits down with Wade Baker - co-founder of Cyentia Institute and longtime architect of the Verizon DBIR - to dismantle the cybersecurity metrics that feel right but consistently lead programs astray. They take down "average cost per breach," expose why MTTR makes security teams look great while 99% of their vulnerabilities sit untouched, and introduce the half-life metric that actually tracks risk. Plus: why metrics are weaponized more often than they're used, and how AI agents are (finally) democratizing rigorous risk quantification.

    Key Takeaways:

    - Cost-per-data-record is a survey artifact — there's no linear correlation between breach cost and records lost

    - MTTR only measures the vulnerabilities you remediate — so you can post a great MTTR while ignoring 99% of your environment

    - Survival analysis / half-life is the better metric — it tracks burn-down against a defined finish line, not raw speed

    - Think like a general, not a sniper: zero vulnerabilities is the wrong objective; the right 80% is

    - Metrics are weaponized to justify budget more often than they're used to manage program effectiveness

    - You don't need a stats PhD — AI agents are democratizing rigorous risk modeling

    Wade Baker on LinkedIn: https://www.linkedin.com/in/drwadebaker/

    Cyentia Research: cyentia.com/research

    Chapters

    00:00 Are we measuring the right things?

    01:18 Which cybersecurity metrics are most misunderstood

    02:48 The psychology of measuring what's easy

    04:20 "We've got to measure something" — and the trap that creates

    05:30 The real problem: security doesn't agree what "good" looks like

    07:40 Sniper vs general: the thinking style CISOs need

    09:28 Doing security things vs achieving security goals

    10:25 The $215-per-record myth — and why it won't die

    12:13 Metrics as weapons: the real reason the number survives

    14:31 The needle-in-the-haystack reality of real breaches

    15:45 Risk quantification was solved decades ago — in other industries

    17:24 The MTTR indictment: measuring only what you fix

    18:48 Survival analysis and the half-life metric

    21:07 Fixed-speed decay: metrics as decision engineering

    23:57 Event landscape vs threat landscape

    27:19 AI agents as scenario-analysis partners

    30:05 Democratizing risk modeling without a stats PhD

    31:13 What security leaders should actually measure

    34:15 Your metrics are not your boss's metrics

    36:07 Data storytelling: testing a metric's "so what?"

    37:03 What's next from Cyentia Institute

    Presented by Cyera. Produced by Mission.org.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

  • Are you just avoiding a breach? Or are you prepared for one?

    Dan Bowden is the Global CISO at Marsh - the world's largest insurance broker - where he protects 90,000+ employees across 130+ countries while simultaneously seeing how organizations are evaluated after cyber incidents. In this episode, Dan breaks down how regulation, insurance, and real breach data are changing the standard for what "prepared" actually means in 2026.

    Dan Bowden is a seasoned security leader with a background spanning military, healthcare, and banking before joining Marsh as joint Global CISO.

    Key takeaways:

    - Why the gap between governance documentation and crisis culture is where most organizations fail

    - How to properly engage your cyber insurance broker as a consultative security partner, not a checkbox

    - What Marsh's breach data actually shows about insured companies being targeted (spoiler: the myth is busted)

    - Why MFA in 2026 should be baseline - and what carriers are asking about next

    - How regulatory frameworks like NYDFS are shifting from descriptive to prescriptive requirements

    Guest: Dan Bowden, Global CISO, Marsh

    LinkedIn: linkedin.com/in/danbowden

    Chapters

    0:00 Dan Bowden: Cybersecurity Is Not “Best Effort”

    1:10 What a Global CISO Sees That Others Don’t

    3:50 Why Companies Call Their Broker First During an Incident

    5:03 What Real Incident Data Actually Teaches You

    7:04 Rethinking Risk: Frequency vs Catastrophic Events

    10:12 Why Cyber Risk Is Still Measured Wrong

    11:39 Stop Letting the News Drive Your Security Strategy

    14:32 Where Incident Response Actually Breaks Down

    15:00 Governance vs Culture - What Really Happens in Crisis

    18:03 How to Test Leadership Under Pressure

    19:32 What Most Companies Get Wrong About Cyber Insurance

    23:12 Cyber Insurance Is Bigger Than “Cyber”

    24:11 Why Most Broker Relationships Fail

    25:52 How Insurance Decisions Actually Get Made

    27:53 Identity Is the Root of Most Attacks

    29:46 MFA Is the Baseline - But Not the End

    33:27 How Regulation Is Reshaping Security

    37:52 Myth: Insurance Makes You a Target

    41:31 The Future: Custom Cyber Insurance Models

    Presented by Cyera. Produced by Mission.org.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

  • We’ve spent billions on cybersecurity. Why are the problems the same?

    In the first episode of The Watchtower, Ash Hunt invites Jason Clark, CSO at Cyera, to dig into the hard truth that foundational security controls still fail in real environments. Together, they explore why identity and data remain unsolved, how rapidly changing enterprise tech has outpaced control design, and why AI is forcing the industry to rethink its entire foundation.

    This episode is made possible by Cyera.

    Chapters

    0:00 Has Cybersecurity Failed?

    1:22 Jason Clark - Security Built for Old Tech

    2:48 Why Security Frameworks Keep Failing

    4:58 The Pattern - We Can’t Keep Up - iPhone, Cloud, AI Adoption

    7:47 Security Strategy Problem - No Data Visibility

    10:02 Data and Identity Are Broken in Security

    13:34 Identity Is a House of Cards

    15:09 AI Will Break (or Fix) Cybersecurity

    18:18 Rethinking Security - Systems and Data as Assets

    20:39 Why Security Teams Clash with the Business

    24:02 Why Risk Modeling Fails in Security

    27:58 CISO Leadership Problem - No Business Influence

    30:42 AI Adoption - Why Security Must Lead

    33:17 The Future of Cybersecurity - Orchestrating Intelligence

    34:07 Closing - What Comes Next

    Presented by Cyera. Produced by Mission.org.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

  • The systems we rely on weren’t built for the world we’re running today.

    Welcome to The Watchtower.

    The cybersecurity podcast exploring how identity, data, and behavior now control whether a business runs - or stops.

    Hosted by former global CISO, Ash Hunt, The Watchtower pulls back the curtain on what’s actually happening behind dashboards - from fragile identity systems to the real impact of AI inside the business.

    New episodes coming soon.

    Presented by Cyera. Produced by Mission.org.


    Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.