Podcasts Archives | TechSpective

There's a pattern that shows up in incident response work that nobody talks about in the vendor briefings. You bring in forensics after something goes wrong, and somewhere in that process, you find a tool — already deployed, already licensed, sometimes running for years — that had the data to catch what happened. Nobody was looking at it. In some cases, it wasn't even turned on the right way. Max Henderson runs global digital forensics and incident response at Kroll. He's seen this enough that it's not a surprise anymore. That's part of what makes him a useful person to talk to about Kroll's new cyber resilience research. He’s not reading a survey and drawing conclusions. Instead, he's comparing it against what he actually finds on cases. I had him on the TechSpective Podcast, and we started where I always start with someone who's close to research like this: not the findings, but what surprised him. His answer goes somewhere I didn't expect, and it reframes a lot of what follows. It's not about a specific attack type or a new threat category. Rather, it's about a structural problem in how organizations think about security investment. This is one that keeps showing up regardless of how much they've spent. The report itself covers 1,000 decision-makers across 10 countries. The headline numbers are familiar in their frustration — 94% treat cybersecurity as a top risk, budgets are up, nearly everyone has an incident response plan. And yet 72% still report misalignment between security priorities and business decisions. That gap has a real explanation. Max gives it one that makes more sense than the usual "leadership doesn't get it" framing. We spent some time on the confidence problem. Organizations consistently overestimate their readiness — not because they're being dishonest, but because of how the question gets asked internally and who's answering it. The gap between saying you can quantify cyber risk and actually being able to do it when something happens is significant. Max has watched that gap reveal itself in real time during incidents. This happens in rooms with executives who are hearing for the first time how long they might be down. The speed problem isn't getting better. Kroll's data on outbreak times is uncomfortable, and the percentage of organizations that feel equipped to respond within that window is even more uncomfortable. AI is part of why timelines are compressing — but not in the way most people fixate on. The most effective attacks Max is seeing right now don't involve sophisticated AI-enhanced exploits. Instead, they involve someone picking up the phone. The gap between where organizations focus their security investment and where they're actually getting hit is one of the more consistent findings across Kroll's casework. The AI discussion goes a few directions. There's the attacker side, which is getting more attention. But there's also what happens when organizations build out powerful AI infrastructure internally. What that looks like as a target is important, too. Max made a point about MCP servers specifically that I hadn't heard framed that way before — the security risk isn't necessarily about abusing the AI itself, it's about what you've handed to whoever can get onto that system. There's also a thread on agentic AI and the forensic problems it creates. I think that is going to become a much bigger conversation. I asked him at the end where he'd tell an organization to start. One priority, 80% of the way there. The answer connects back to where we opened. Full episode on YouTube and wherever you get podcasts.

Every conversation I’ve had for the past couple of years has followed the same arc. First, it was generative AI. Then agentic AI. Now the question everyone is circling is how you actually secure agentic AI — and it turns out that’s a harder problem than most people expected. I sat down with Naor Paz, CEO and co-founder of Capsule Security, to talk through it. Naor spent years as a security practitioner and incident responder, moved into product leadership at F5, and is now focused on what he sees as one of the most underserved problems in enterprise security: stopping AI agents from going rogue while they’re actually running. Agentic AI Visibility Most of the security work happening around agentic AI right now is happening before the agent ever executes — governance, configuration, posture management, compliance. Capsule is focused on what happens during execution, which Naor says is where existing tools have almost no visibility at all. The core issue is that agents are non-deterministic. You can configure guardrails, set permissions, write policies — and then the agent reasons around all of it in pursuit of whatever objective it was given. Naor used a concrete example: Cursor’s coding agent was explicitly told not to touch certain files. It generated a shell script to read them anyway. The guardrail didn’t fail. The model just decided the goal mattered more. That’s not a bug you can patch. I drew a parallel to user behavior analytics — establish a baseline of normal behavior, flag deviations. Naor said the analogy is reasonable, but the scale breaks it. You might have a thousand employees. In the near term, you could have a million agents operating on behalf of those employees. The insider threat model we built for humans simply wasn’t designed for that. Naor describes intent as the new perimeter. Identity became the perimeter when the network stopped being the boundary. Now, even a properly credentialed, least-privileged agent can do real damage if what it’s actually doing has drifted from what it was told to do. Capsule runs a fine-tuned small language model alongside the agent, comparing intended behavior against actual behavior in real time and flagging the gap. Zero Day Flaws Capsule has also published two zero-days to back this up. One involved Microsoft Copilot Studio — they called it ShareLeak. The other involved Salesforce Agentforce, which they called PipeLeak. Both are indirect prompt injection vulnerabilities, and Naor walks through how they actually work in the episode. What stood out to me wasn’t just the vulnerabilities themselves, but how different the disclosure process was compared to a traditional software bug. Microsoft’s engineering team needed two weeks to fully understand the attack surface — partly because AI vulnerabilities aren’t reliably reproducible. Non-determinism is a problem for the attacker trying to exploit consistently and for the vendor trying to confirm the fix. Naor compared this to Adobe Flash. Flash was so fundamentally susceptible to manipulation that the industry eventually decided the right answer was to stop using it. He doesn’t think that’s where we land with AI agents — the business value is too high — but the underlying point is that language models have structural vulnerabilities that can’t be fully engineered away. You need ongoing runtime protection, not a one-time fix. Multi-agent orchestration is where this gets more complicated. As agents increasingly work in coordination with other agents, the attack surface multiplies. Naor made a comparison to botnets — a coordinated network where some agents create noise while others do the actual damage somewhere else. It’s not a theoretical concern. Capsule is already building research around it. One interesting and concerning statistic: 72% of enterprises are already deploying AI agents. Only 29% have AI-specific security controls. Naor’s explanation for the gap isn’t budget — it’s confusion. Security leaders don’t know what their exposure looks like yet, and some are operating under the assumption that built-in platform governance is enough. It’s not. Guardian Agents Gartner has already coined a category for what Capsule is building: guardian agents. AI watching AI. Naor addresses the obvious question that raises — doesn’t a guardian agent just introduce another attack surface? — and his answer is more nuanced than you might expect. We closed by talking about pace. I’ve stopped framing these conversations around five-year predictions. The question that actually matters right now is six months. Naor has a clear-eyed take on where things are heading, and it’s worth hearing. The full episode is available on major podcast platforms and on YouTube.

Fresh off RSAC 2026, I sat down with Ramin Farassat, Chief Product Officer at Menlo Security, to work through what agentic AI is actually doing to the enterprise attack surface. Menlo has spent 13 years focused specifically on browser security. The idea is that the browser, not the endpoint, not the network perimeter, is where most enterprise work happens and most exposure lives. That was already a hard enough problem. Then you add AI agents into the mix. The Next Billion "Users" The framing Ramin kept coming back to is that the next billion users aren't going to be human. That's not a marketing line — it reflects something real about where agent adoption is heading. Think about how passwords and IP addresses scaled. In 2005, you could probably count both on your hands. Now your home router has 110 devices on it, and your iPhone has hundreds of saved passwords. Agents are going to follow the same curve, just faster. The average employee probably doesn't intend to deploy 25 agents. But they'll get there without really noticing. What makes this particularly thorny from a security standpoint is that agents aren't just scaled-up users. They have their own quirks. They'll take the path of least resistance, which sounds fine. However, your agent may start finding pathways into folders you didn't know were accessible. They can be manipulated in ways a human would immediately recognize as suspicious. And they can talk to other agents — meaning an agent you locked down to read-only can potentially find a workaround through another agent that has write access. Ramin walked through real examples of exactly that happening. The Identity Question We also got into the identity question, which I don't think the industry has a clean answer to yet. If I spin up ten agents to work on my behalf, are they ten separate identities? Does each one get its own credentials? Ramin has a specific take on how Menlo approaches this — and it's different from just handing every agent its own ID. I'll let him explain it rather than summarize it badly. There's also a policy and accountability angle that I think is underexplored. A lot of organizations are actively pushing employees to adopt AI agents — not just allowing it, but setting productivity targets around it. When you mandate something, and then an agent goes off the rails, the question of who's responsible gets murky in a hurry. We talked through that, and I don't think there are easy answers. Ramin shared something he heard directly from multiple CISOs at RSAC: they know there are agents running in their environment. They just don't know who built them, where they are, or what applications they're connecting to. Because an agent using someone's credentials looks exactly like that person to the network. There's no easy way to tell the difference. That's the problem set we spent 45 minutes unpacking in this episode of the TechSpective Podcast. If you're thinking about agentic AI in your environment — or you're already dealing with it, whether you planned to or not — this episode is worth your time. Watch or listen to the full episode.

Ransomware has been a persistent headline topic for years now. As a result, a lot of people have probably gotten numb to it. I know I had. It starts to feel like background noise — another attack, another breach, another company paying out. So when I sat down with Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet, he started walking through the numbers from Fortinet's latest Global Threat Landscape Report. That got my attention again. The data isn't background noise. In fact, it's a pretty clear signal. This shows that things are getting more serious, not less. Derek has been tracking the threat landscape for over 25 years, 22 of them at Fortinet, where he leads the FortiGuard Labs threat intelligence team. That kind of tenure is rare in this industry. Furthermore, it gives him a long view that's useful when you're trying to understand whether a trend is real or just noise. In this case, the ransomware numbers are real. The reasons behind them are more interesting than the headlines usually get into. Part of what we talked about is how the economics and tactics of cybercrime have shifted. It's not just that there are more attacks. It's that the attacks are more targeted and more deliberate. They are increasingly supported by tools that make sophisticated operations accessible to a much wider pool of threat actors. The AI angle here is real. In addition, Derek gets specific about what that actually looks like in practice — not in a theoretical sense, but in terms of tools that exist right now. He also discusses what they cost. There's also a metric from the report that I think should probably get more attention than it does. It has to do with how fast attackers move once a vulnerability becomes public knowledge. The window has gotten tight enough that some of the conventional wisdom around patching and response timelines doesn't really hold up anymore. Because of this, we talked through what that means for defenders. We also discussed what a more realistic approach looks like. One thing I appreciated about the conversation is that Derek didn't make it all sound hopeless. There's a practical framework for thinking about defense that he walks through — one that accepts the reality that you're never going to eliminate all your risk. It focuses instead on identifying and closing the exposures that actually matter most. Consequently, that's a more useful starting point for most organizations than trying to chase everything at once. We also got into some of the work Fortinet does that goes beyond building security products — specifically around disrupting cybercriminal infrastructure and working with law enforcement and international partners to hold threat actors accountable. Derek mentioned something toward the end of the conversation that I hadn't heard before. Specifically, it was a new initiative that takes a pretty different approach to gathering intelligence on cybercrime networks. Worth listening to. And because it's the TechSpective Podcast, we did eventually go off-script. There was a brief Star Trek tangent. There were house plants. That's just how these go. The full episode is below. If you work in security or are responsible for making decisions about security at your organization, it's worth the time.

Everyone is talking about agentic AI. And that's part of the problem. Over the last couple of years, the term has gone the way of every other buzzword in tech — slapped onto products and platforms regardless of whether it actually applies. Marketing departments are busy. As Adi Kuruganti, Chief AI and Development Officer at Automation Anywhere, put it, we sat down to record the latest TechSpective podcast episode. When marketing departments get busy, clarity tends to suffer. Automation Anywhere has been in the automation space for over a decade. They helped create the Robotic Process Automation category. So, Adi has a longer view on this than most. He knows what automation looked like before the AI wave hit. He also has a pretty specific definition of what an agent actually is — one that rules out a lot of what's currently being marketed as agentic AI. That distinction has real consequences. When you're automating routine, low-stakes tasks, some ambiguity is tolerable. But when you're talking about healthcare workflows, financial processes, or anything touching sensitive customer data, the difference between a rules-based automation and a probabilistic AI agent matters. Getting that wrong isn't just a technical problem. In fact, it can be a compliance problem, a liability problem, or worse. We also get into accountability. When an AI agent takes an action — reads a document, makes a decision, updates a record — who's responsible for that outcome? It's a question a lot of organizations are still working through. The answer is more nuanced than it first appears. Adi has a clear perspective on this, shaped by what Automation Anywhere sees across its customer base of more than 5,000 enterprises. Data privacy comes up, too. Giving an AI agent access to the context it needs to actually be useful means sharing information with it. But in regulated industries, that creates real constraints. How do you give an agent enough to work with without exposing data it shouldn't touch? It's a real problem for a lot of enterprises right now. We talk through how organizations are navigating it. And then there's the question of trust — specifically, how much autonomy you give an agent before a human needs to review what it's doing. The answer isn't as straightforward as "always have a human check the work." Adi makes a point here that I think a lot of people in the AI SOC space would recognize immediately. If you've been following the agentic AI conversation and wondering how much of it is real versus noise, this episode is worth your time. Adi doesn't oversell where the technology is. He's direct about what still needs to mature before agentic process automation can scale the way people expect it to. And he knows the difference between a real shift and a rebranding exercise. The TechSpective podcast is available on all major podcast platforms. You can also watch the full episode on YouTube.

Cloud was supposed to make everything easier. In some ways, it absolutely has. You can spin up infrastructure in minutes, scale on demand, and deploy globally without ever touching a piece of hardware. That’s a massive shift from the days when a “deployment” meant racking servers and hoping you sized things correctly six months in advance. But if you’ve actually been in the trenches—even recently—you know the reality is a little messier. Meet FluidCloud That’s where this episode of the TechSpective Podcast starts. I sat down with Harshit Omar, co-founder and CTO of FluidCloud, and we ended up digging into something that doesn’t get talked about enough: the gap between what cloud is supposed to be and what it actually looks like day to day. Because “the cloud” isn’t really a thing anymore. It’s a collection of platforms that all do roughly the same things… just differently enough to make your life harder. AWS, Azure, Google Cloud—they all check the same boxes at a high level. Compute, storage, networking, databases. But once you get past that surface layer, the differences start to matter. The way services are structured, the way they’re configured, the way they behave—it’s not interchangeable. Not even close. And that becomes a problem the moment you try to do anything beyond a single-cloud deployment. Multi-cloud sounds great in theory. Flexibility. Resilience. Avoiding vendor lock-in. All good things. But in practice, it usually means you’re juggling multiple sets of tools, multiple skill sets, and multiple ways of solving the same problem. Most teams don’t have deep expertise across multiple clouds. They might be strong in one. Maybe decent in a second. Beyond that, it gets thin fast. And even if you do have the talent, you’re still dealing with the reality that everything moves—constantly. New services, updated APIs, shifting best practices. What you knew a year ago doesn’t always map cleanly to what you’re doing today. The Need for Speed...and Control We also got into something I’ve seen play out over and over again—the tension between speed and control. Developers want to move fast. That’s their job. The cloud makes it easy to spin things up, try things out, and iterate quickly. But someone still has to manage cost, enforce security, and keep everything from turning into chaos. That responsibility doesn’t go away just because the infrastructure is abstracted. The old world had its limitations, but it was predictable. You knew what you had because you could point to it. Now, your environment can change in real time, and not always in ways you expect. That’s powerful, but it’s also a little dangerous if you don’t have the right visibility and controls in place. One of the more interesting parts of the conversation was looking ahead a bit—not in some five-year crystal ball way, but just where things seem to be heading. Right now, cloud providers still benefit from a certain amount of friction. Once you’re in, you’re kind of in. Moving workloads somewhere else is possible, but it’s not trivial. That friction keeps customers sticky. But what happens if that changes? What happens if moving between clouds becomes easy enough that it’s just… a choice? That’s not a small shift. If organizations can move workloads without a ton of overhead, it forces cloud providers to compete differently. It’s no longer about who you’re locked into. It’s about who actually delivers the best experience, performance, and cost. We’re not fully there yet, but you can see the direction things are going. This episode doesn’t try to wrap that up with a neat conclusion, because there isn’t one. It’s a real conversation about what’s working, what isn’t, and where things might be headed next. If you spend any time dealing with cloud, DevOps, or security, this will probably sound familiar.

Everybody's got an AI strategy. Every platform claims to be AI-powered. Every vendor deck has a slide about how their product uses machine learning to deliver transformative outcomes. Most of it is still theater. I had a conversation with David DeSanto, CEO at Anaconda, recently for the TechSpective Podcast, and what struck me most was how honest he was about where enterprise AI actually stands. Not where vendors want it to be. Not where the headlines say it is. Where it actually is. A lot of organizations have run pilots. Some have solid proof-of-concept projects. A handful have built internal tools that genuinely save teams time. But very few have moved AI into real production across the business. There's a big difference between "we're experimenting" and "this is how we work now." That gap is where most companies are stuck---and it's not because the technology doesn't work. The demo almost always looks good. A model produces useful output. A prototype saves someone a few hours. The problem shows up when you try to scale that across an enterprise environment. Suddenly you're dealing with data governance questions, security concerns, reliability issues, and a fundamental trust problem: can we actually rely on what this thing produces? Those issues don't show up in the demo. Open source plays an interesting role here. It's always been central to the data science world, and that hasn't changed. Developers and data scientists are still experimenting constantly---new models, new frameworks, new workflows. Open ecosystems make that possible. But they also create real headaches for organizations trying to manage dependencies, maintain security, and keep things consistent across teams. Innovation versus governance. That's the tension nobody has fully figured out yet. Something else worth noting: AI is changing what technical expertise actually means. Tasks that required specialized skills a few years ago can now be partially automated. That sounds like it should reduce the need for expertise---but it mostly just moves where that expertise matters. Technical teams spend less time writing code from scratch and more time framing problems, evaluating outputs, and validating results. Knowing how to ask the right question---or spot when an AI's answer is subtly wrong---can matter more than generating the answer in the first place. That's a real shift in how those jobs work, and most organizations are still figuring out how to adapt. Trust is the underlying issue running through all of this. Organizations can't treat AI like a magic box that produces correct answers. They need to understand how models work, how their data is being used, and how outputs are generated. Without that visibility, it's hard to rely on AI for anything that actually matters. And the challenge isn't really technical. The technology works well enough. What's hard is building the infrastructure, governance, and culture around it---getting security teams, data scientists, developers, and business leaders to actually work together instead of operating in separate lanes. That collaboration doesn't happen naturally. It has to be built deliberately. AI also tends to change the process, not just speed it up. Teams aren't just doing the same work faster---they're working differently, exploring problems differently, testing ideas differently. Machines are becoming collaborators in that process rather than just tools. Adapting to that takes time. The organizations that figure it out won't be the ones with the most advanced AI technology. They'll be the ones that put in the unglamorous work---governance frameworks, cross-team alignment, careful validation of what the AI actually produces. That's less exciting than the vendor pitch. But it's closer to what real progress looks like.

I spend a lot of time talking with people in cybersecurity. Founders, analysts, CISOs, researchers. One thing that comes up again and again is that the problem space keeps getting bigger. Not just more threats—more complexity. That’s really the thread running through my recent TechSpective Podcast conversation with Clarence Chio, co-founder and CEO of Coverbase. Security used to be easier to conceptualize. Not easier to solve, necessarily—but easier to frame. You had networks, endpoints, users, and a perimeter. Protect the edge. Monitor what’s inside. Respond when something goes wrong. That model doesn’t really exist anymore. Today, most organizations operate in environments that span multiple clouds, dozens or hundreds of SaaS applications, APIs everywhere, and automated workflows connecting everything together. Identities are everywhere too—human users, service accounts, machine identities, AI agents. The number of things acting inside a system has exploded. And every one of those things represents potential risk. Clarence and I spent a good part of the conversation talking about how that shift changes the nature of cybersecurity. It’s less about building walls and more about understanding behavior. Who is doing what? What systems are interacting? What’s normal, and what isn’t? That sounds simple, but it’s actually one of the hardest problems in security right now. The environment changes constantly. New tools get deployed. Developers spin up services. AI models start interacting with data pipelines and APIs. Keeping track of it all is a challenge. Then there’s the AI angle. AI is showing up everywhere right now—on both sides of the security equation. Security vendors are embedding AI into their platforms to analyze data faster and automate responses. At the same time, attackers are experimenting with AI to generate malware, improve phishing, and automate reconnaissance. But one thing Clarence pointed out—and I agree—is that AI doesn’t magically solve security problems. If anything, it tends to amplify whatever processes already exist. If your visibility is poor, AI doesn’t fix that. If your governance is weak, automation can actually make the problem worse. Technology alone rarely fixes systemic problems. Another part of the discussion that stood out to me was the human side of security. It’s easy to focus on tools because that’s what vendors sell. But effective security programs depend heavily on the people running them. Security professionals need to understand the technology, obviously. But they also need context and judgment. They need to know how systems interact and how changes ripple across an environment. And maybe most important, they need the freedom to question assumptions. That’s something Clarence emphasized during the conversation. In fast-moving technology environments, curiosity and critical thinking matter. Security teams can’t just follow checklists. They have to understand how systems behave and be able to spot when something doesn’t look right. Which brings us back to complexity. The attack surface keeps growing. Infrastructure is more distributed. AI and automation are adding new layers of capability—and new layers of risk. There’s no single tool that solves that. What organizations can do is build better visibility, invest in people, and develop security programs that are designed to adapt rather than assume the environment will stay stable. That’s easier said than done, but it’s the direction things are moving. If you’re working in security—or just trying to make sense of how AI and modern infrastructure are reshaping risk—I think you’ll find the conversation interesting. Clarence brings a thoughtful perspective, and we cover a lot of ground without getting lost in buzzwords. You can listen to the full episode of the TechSpective Podcast or watch the discussion on YouTube.

Trust on the internet used to be a fairly simple calculation. You looked for familiar names, recognizable brands, maybe a blue checkmark, and you made a judgment call. Today, that math often fails. AI has changed the game. Deepfakes are convincing. Entire personas can be spun up in minutes. Fraud doesn’t look sloppy anymore—it looks professional. And in many cases, it looks exactly like the people and platforms we already rely on. That’s the backdrop for my latest episode of the TechSpective Podcast, where I sat down with Oscar Rodriguez, who leads product efforts around trust at LinkedIn. The conversation quickly moved past features and announcements and into a much bigger question: how do we decide who to trust online when it’s getting harder to tell what’s real? LinkedIn has become my primary social platform over the past few years—partly by default, partly by design. As other platforms drifted further into chaos, LinkedIn positioned itself as the place where professional identity still mattered. But even there, the ground is shifting. The platform is more social than it used to be. The conversations are broader. And the risks are higher. In this episode, we dig into that evolution—not just how LinkedIn has changed, but why it’s changing and what that means for the people using it every day. We talk about professionalism as a concept, how it’s expanded beyond résumés and job postings, and why trying to rigidly police what “belongs” on a professional platform misses the point. At the same time, we don’t ignore the downside of that openness. One of the recurring themes in our conversation is signal versus noise. When you’re interacting with people you don’t know—often several degrees removed from your own network—what clues do you rely on to decide whether someone is legitimate? Mutual connections? Profile history? Gut instinct? Verification badges? Those signals matter more than ever, and not just on LinkedIn. As Oscar explains, trust has become a portable problem. We’re constantly being asked to prove who we are, where we work, or whether we belong—often across dozens of platforms that don’t talk to each other. That friction creates opportunity for abuse, but it also forces a conversation about how trust should work at internet scale. We also get into how AI is accelerating the arms race. The same tools that make it easier to create content and connect at scale also make it easier to deceive. Fraudsters don’t need to sound unprofessional anymore. Bots don’t look like bots. And “doing your own research” is a lot harder when expertise itself can be convincingly faked. Rather than offering simple answers, this episode focuses on the trade-offs. How much friction is acceptable in the name of safety? What does verification actually prove—and what doesn’t it prove? Should trust be assessed once, or continuously? And who ultimately bears responsibility when things go wrong: the platform, the user, or both? Listen to or watch the full episode of the TechSpective Podcast with Oscar Rodriguez to hear the full conversation.

If you’ve been following trends in cybersecurity and enterprise tech, you already know that AI has become more than a buzzword—it’s a foundational shift. What may surprise you, though, is just how central identity has become in that evolution. In the latest episode of the TechSpective Podcast, I had the chance to speak with Naresh Persaud, Principal at Deloitte, who has spent more than two decades working in identity and cybersecurity. Today, he leads Deloitte’s Cyber AI Blueprint initiative—an effort aimed at reimagining cybersecurity from the ground up using AI. Our conversation explores why identity—something many people still think of as basic authentication—is now arguably the most critical pillar of AI-enabled cybersecurity. We dig into how identity data can enhance threat detection, simplify operations, and serve as the connective tissue across traditionally siloed cyber disciplines. And while we’ve all heard about identity’s role in credential theft and privilege abuse, Naresh takes it further—explaining how identity intersects with the very architecture of agentic AI systems. Spoiler: It’s not really about humans. The world of non-human identities—workloads, bots, agentic systems—has grown exponentially. That shift creates enormous opportunity but also opens up a wide new attack surface that most organizations aren’t yet equipped to secure. One of the key themes in this episode is context. Naresh emphasizes that identity provides context in a way no other signal can. Behavioral anomalies, access patterns, and workload telemetry are far more meaningful when filtered through the lens of identity. That’s especially important when adversaries increasingly rely on valid credentials to carry out attacks. In a world where everything looks like an insider threat, context is king. We also talk about where traditional security approaches fall short—and how cognitive cybersecurity changes the game. From simplifying the security stack to enabling faster, smarter decisions, AI (when paired with identity) is already showing promise in SOC operations and incident response. If that sounds a bit abstract, don’t worry—Naresh brings clarity with real-world examples and tangible insights. He connects the dots between AI, identity, and cyber maturity in a way that’s refreshingly grounded. Whether you’re a CISO, an identity architect, or just someone trying to stay ahead of the curve, there’s something in this conversation for you. One thing’s clear: AI is forcing us to rethink cybersecurity assumptions we’ve held for decades. And identity is no longer a sidekick in that story—it’s a strategic anchor. Check out the full episode wherever you get your podcasts—or watch the video version on YouTube. You’ll walk away with a deeper understanding of why identity matters more than ever—and how to position your organization for what comes next.

How do you know your cybersecurity investments are actually making you safer? That’s the question at the heart of the latest TechSpective Podcast episode, where Dr. Chase Cunningham—better known to many as “Dr. Zero Trust”—joins me for an unfiltered, candid conversation about the state of modern cybersecurity. And no, this isn’t a puff piece on policy frameworks or the latest silver bullet tool. If you’ve read Chase’s recent LinkedIn post “Misaligned Zero Trust Spend = 1999 Firewall FOMO, But Worse,” you already know where this is going: straight into the hard truths about how organizations are still getting Zero Trust fundamentally wrong. In his post, Chase makes a blunt observation that became the foundation for our discussion: too many companies treat Zero Trust like a shopping list—buying products instead of outcomes. “If your ‘Zero Trust’ line items don’t move incident frequency, blast radius, or time to contain, you’re not buying security—you’re buying feelings.” That line stood out to me and was part of why I reached out to invite Chase to join me on the podcast. No Silver Bullets, Just Smarter Questions This isn’t an episode full of buzzwords or vendor shout-outs. It’s a reminder that there’s no shortcut around the work. Whether we’re talking about identity-anchored access control, microsegmentation, or reducing dwell time through automation, Chase repeatedly returns to a central theme: strategy over spectacle. He compares some security spending habits to crash diets and “cyber fat pills”—quick fixes that sound great in a pitch deck but collapse under scrutiny. Just like with fitness, real security gains come from consistency, not gimmicks. We also explore the often-overlooked relationship between breach economics and stock price behavior—another area where Chase has done deep research. The myth that a breach will destroy a brand? It’s more complicated than that. Sometimes (pro tip: most of the time) the dip is a buying opportunity, not a death sentence. Why You Should Listen If you’re a CISO, security architect, board member—or just someone trying to make sense of your security stack—this conversation will challenge your assumptions in all the right ways. It’s part therapy session, part strategy clinic, and entirely grounded in real-world experience. Check out the full episode: