EPISODE · Jul 17, 2026 · 45 MIN
Interview with Josh Mason | Episode 62
from AI Security Ops · host Black Hills Information Security
In this episode of BHIS Presents: AI Security Ops, Bronwen Aker and Ethan sit down with Josh Mason for a wide-ranging conversation about cybersecurity careers, AI, small business security, and what it actually takes to help organizations make practical security decisions.How do small businesses think about security when they do not have a full-time CISO?And what happens when AI starts lowering the barrier for research, planning, governance, and security operations?Not hypothetically. Not as a buzzword. But in the real world — where companies are trying to understand SOC 2, HIPAA, incident response, cyber insurance, AI governance, hallucinations, and the risks of letting tools make decisions they do not fully understand.Josh brings a practical perspective from his background as a C-130 pilot, cyber leader, instructor, sales engineer, vCISO, consultant, and founder of Noob Village at DEF CON.We dig into:- What Noob Village is and why DEF CON needs an on-ramp for new people- Josh’s path from Air Force pilot to cyber leadership- Why communication and translation matter so much in cybersecurity- What a vCISO actually does for small businesses- How smaller companies think through SOC 2, HIPAA, GRC, pen testing, and incident response- How AI can speed up research, planning, and draft creation- Why AI-generated work still needs human review and source validation- How companies are trying to govern employee use of AI tools- Why cyber insurance, E&O coverage, and AI hallucinations are starting to overlap- Where RAG and guardrails can help reduce risk- How AI may reshape the work small businesses can do on their own- Why trust, relationships, and human judgment still matter in consulting- How hacker community, mentorship, and D&D all somehow fit togetherThis episode explores a practical shift in AI security: AI is not just changing the tools defenders use. It is changing how small businesses learn, make decisions, evaluate risk, and decide when they need expert help.The takeaway: AI can make security work more accessible, but it does not replace experience, judgment, validation, or trust. The organizations that benefit most are the ones that use AI to accelerate good decisions — not outsource thinking entirely.Chapters(00:00) - Meet Josh Mason (01:27) - Hacker Summer Camp and Noob Village (06:45) - From Air Force Pilot to Cyber Leadership (13:08) - What a vCISO Does for Small Businesses (19:55) - Using AI for Research and Incident Response Planning (24:46) - Small Business AI Security and Governance (27:47) - Cyber Insurance, Hallucinations, and Guardrails (31:43) - How AI Is Reshaping Small Business Security (42:15) - Where to Find Josh Click here to watch this episode on YouTube. Creators & Guests Ethan Robish - Guest Bronwen Aker - Host Josh Mason - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.
What this episode covers
In this episode of BHIS Presents: AI Security Ops, Bronwen Aker and Ethan sit down with Josh Mason for a wide-ranging conversation about cybersecurity careers, AI, small business security, and what it actually takes to help organizations make practical security decisions.How do small businesses think about security when they do not have a full-time CISO?And what happens when AI starts lowering the barrier for research, planning, governance, and security operations?Not hypothetically. Not as a buzzword. But in the real world — where companies are trying to understand SOC 2, HIPAA, incident response, cyber insurance, AI governance, hallucinations, and the risks of letting tools make decisions they do not fully understand.Josh brings a practical perspective from his background as a C-130 pilot, cyber leader, instructor, sales engineer, vCISO, consultant, and founder of Noob Village at DEF CON.We dig into:- What Noob Village is and why DEF CON needs an on-ramp for new people- Josh’s path from Air Force pilot to cyber leadership- Why communication and translation matter so much in cybersecurity- What a vCISO actually does for small businesses- How smaller companies think through SOC 2, HIPAA, GRC, pen testing, and incident response- How AI can speed up research, planning, and draft creation- Why AI-generated work still needs human review and source validation- How companies are trying to govern employee use of AI tools- Why cyber insurance, E&O coverage, and AI hallucinations are starting to overlap- Where RAG and guardrails can help reduce risk- How AI may reshape the work small businesses can do on their own- Why trust, relationships, and human judgment still matter in consulting- How hacker community, mentorship, and D&D all somehow fit togetherThis episode explores a practical shift in AI security: AI is not just changing the tools defenders use. It is changing how small businesses learn, make decisions, evaluate risk, and decide when they need expert help.The takeaway: AI can make security work more accessible, but it does not replace experience, judgment, validation, or trust. The organizations that benefit most are the ones that use AI to accelerate good decisions — not outsource thinking entirely.Chapters(00:00) - Meet Josh Mason (01:27) - Hacker Summer Camp and Noob Village (06:45) - From Air Force Pilot to Cyber Leadership (13:08) - What a vCISO Does for Small Businesses (19:55) - Using AI for Research and Incident Response Planning (24:46) - Small Business AI Security and Governance (27:47) - Cyber Insurance, Hallucinations, and Guardrails (31:43) - How AI Is Reshaping Small Business Security (42:15) - Where to Find Josh Click here to watch this episode on YouTube. Creators & Guests Ethan Robish - Guest Bronwen Aker - Host Josh Mason - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.
NOW PLAYING
Interview with Josh Mason | Episode 62
No transcript for this episode yet