EPISODE · Jun 22, 2026 · 45 MIN
#149 Andrew Scott: Cybersecurity Is a Business Imperative
from PreVetted Podcast · host Federico Ramallo
Andrew Scott is Field CISO at Todyl, where he bridges executive decision-makers and cybersecurity programs for mid-market and SMB organizations. With over a decade of experience across IBM, CrowdStrike, and Recorded Future, he has built security operations programs, led threat intelligence teams, and advised Fortune 500 companies and Federal agencies.In this episode, Andrew breaks down the most common security gap he sees across organizations: governance. He explains why buying tools without first establishing process and strategy compounds problems rather than solving them, and why asking "what does good look like?" before building a security program is the most important first step any leader can take.Andrew and Federico explore how AI is reshaping the threat landscape on both sides. Attackers are automating reconnaissance and phishing faster than defenders can respond, and the fundamentals of identity, patching, and visibility matter more than ever. They also discuss how Moody's now treats cyber events as catastrophically as hurricanes when evaluating business credit risk.If you lead a team and security feels like an afterthought, this episode will change how you think about risk, accountability, and the cost of getting it wrong.About Andrew ScottField CISO at Todyl | Cybersecurity advisor across IBM, CrowdStrike, and Recorded Future | Helping mid-market companies build stronger security programsAbout Federico Ramallo ✨👨💻🌎🚀 Software Engineering Manager | 🛠 Founder of DensityLabs.io & PreVetted.ai | 🤝 Connecting 🇺🇸 U.S. teams with top nearshore 🌎 LATAM engineers- 💼 https://www.linkedin.com/in/framallo/- 🌐 https://densitylabs.io- ✅ https://prevetted.ai🎙 PreVetted Podcast 🎧📡- 🎯 https://prevetted.ai/podcast- 🐦 https://x.com/PrevettedPod- 🔗 https://www.linkedin.com/company/prevetted-podcast00:00 Introduction to Cybersecurity Leadership01:05 Understanding the Role of a Field CISO05:14 Democratizing Cybersecurity for Mid-Market Organizations08:05 The Opportunistic Nature of Cyber Attacks09:26 Balancing Security and Business Needs12:05 The Importance of Governance in Security Programs17:06 Common Security Gaps in Organizations21:34 Incident Response and Governance23:17 Establishing a Control Framework23:58 AI's Impact on the Threat Landscape27:44 The Speed of Cyber Attacks30:21 Governance and Decision-Making in AI Use33:18 Human Oversight in AI Development37:03 Collaboration Between Security and Business44:08 Cybersecurity as a Business Imperative
What this episode covers
Andrew Scott is Field CISO at Todyl, where he bridges executive decision-makers and cybersecurity programs for mid-market and SMB organizations. With over a decade of experience across IBM, CrowdStrike, and Recorded Future, he has built security operations programs, led threat intelligence teams, and advised Fortune 500 companies and Federal agencies.In this episode, Andrew breaks down the most common security gap he sees across organizations: governance. He explains why buying tools without first establishing process and strategy compounds problems rather than solving them, and why asking "what does good look like?" before building a security program is the most important first step any leader can take.Andrew and Federico explore how AI is reshaping the threat landscape on both sides. Attackers are automating reconnaissance and phishing faster than defenders can respond, and the fundamentals of identity, patching, and visibility matter more than ever. They also discuss how Moody's now treats cyber events as catastrophically as hurricanes when evaluating business credit risk.If you lead a team and security feels like an afterthought, this episode will change how you think about risk, accountability, and the cost of getting it wrong.About Andrew ScottField CISO at Todyl | Cybersecurity advisor across IBM, CrowdStrike, and Recorded Future | Helping mid-market companies build stronger security programsAbout Federico Ramallo ✨👨💻🌎🚀 Software Engineering Manager | 🛠 Founder of DensityLabs.io & PreVetted.ai | 🤝 Connecting 🇺🇸 U.S. teams with top nearshore 🌎 LATAM engineers- 💼 https://www.linkedin.com/in/framallo/- 🌐 https://densitylabs.io- ✅ https://prevetted.ai🎙 PreVetted Podcast 🎧📡- 🎯 https://prevetted.ai/podcast- 🐦 https://x.com/PrevettedPod- 🔗 https://www.linkedin.com/company/prevetted-podcast00:00 Introduction to Cybersecurity Leadership01:05 Understanding the Role of a Field CISO05:14 Democratizing Cybersecurity for Mid-Market Organizations08:05 The Opportunistic Nature of Cyber Attacks09:26 Balancing Security and Business Needs12:05 The Importance of Governance in Security Programs17:06 Common Security Gaps in Organizations21:34 Incident Response and Governance23:17 Establishing a Control Framework23:58 AI's Impact on the Threat Landscape27:44 The Speed of Cyber Attacks30:21 Governance and Decision-Making in AI Use33:18 Human Oversight in AI Development37:03 Collaboration Between Security and Business44:08 Cybersecurity as a Business Imperative
NOW PLAYING
#149 Andrew Scott: Cybersecurity Is a Business Imperative
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.