EPISODE · Mar 24, 2026 · 1H 14M
Incidents at Scale: What CISOs Get Wrong
from Full Metal Packet
Randy Barr has held the CISO title at over 10 companies — including Cisco, Zoom, and BioRender — and has seen every version of how security programs succeed and fall apart.He now leads security at Sequence Security, focused on API security, bot management, and AI protection. In this episode, Randy takes us through what security teams think they're doing well but aren't, what incidents actually look like at scale, and why AI is rewriting the rules faster than most organizations can keep up.He explains:Why compliance and security are not the same thing — and confusing them is dangerousHow insider threats often hide inside your own growth and broken processesWhat a war room actually needs to function under pressureWhy MCP servers and prompt injection are the next wave of incidents no one is ready forHow to build a CISO career that doesn't burn you outEpisode Timeline:(00:00) From ASP to cloud to AI — how the security industry has shifted(07:33) Why 80% of internet traffic is now machine to machine(09:46) What most startups get wrong about security programs(15:01) How to make the business case for a security budget(19:36) When buying more tools is actually the wrong move(28:30) War story: stolen servers sold online by an infrastructure manager(36:25) War story part 2: third-party contractors scripting their own reimbursements(42:00) The website defacement that launched Randy's security career(46:11) What a good incident war room actually looks like(53:50) Shadow AI, MCP servers, and the prompt injection risk no one is tracking(01:02:00) Where AI can genuinely replace manual security work(01:12:43) Advice for new and experienced CISOs on what actually mattersConnect with Randy on LinkedInPowered by Control D
NOW PLAYING
Incidents at Scale: What CISOs Get Wrong
No transcript for this episode yet
Similar Episodes
May 7, 2026 ·86m
Apr 29, 2026 ·111m
Apr 20, 2026 ·57m
Apr 18, 2026 ·89m
Apr 13, 2026 ·59m
Apr 9, 2026 ·82m