AI agents are moving from answering questions to taking action. That changes everything for identity and access management.

In this episode, Ken Huang joins Matt to break down why traditional IAM was not built for agentic AI, where service accounts and OAuth scopes fall short, and what CISOs should do now to govern agents before they hit production at scale.

Episode Links

• Ken's substack
• Ken's paper from 2011 on AI (he was way ahead!)
• NIST AI RMF

In this episode, Michael Piacente shares insights on career transitions in IT and security, the evolving role of CISOs, and the impact of AI on security talent and practices. Discover how community, storytelling, and strategic hiring shape the future of cybersecurity leadership.

Resources

The 2026 Global CISO Leadership Report

Hitch Partners

NIST AI Framework

Send a text

Kelly Bissell shares his extensive experience in cybersecurity, from early internet security challenges to the transformative impact of AI and machine learning. Discover practical insights on risk management, organizational culture, and the future roles of cybersecurity professionals in an AI-driven world.

Emerging AI Standards

• https://www.aiuc-1.com/
• https://cloudsecurityalliance.org/ai-safety-initiative

The book Matt couldn't remember: https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0385249462

Send a text

In this conversation, Nicole Dove shares her unique journey into the cybersecurity field, highlighting her transition from a finance and audit background to becoming a leader in information security at Riot Games. She discusses the importance of continuous learning, the challenges of writing a book on cybersecurity, and the evolving role of Business Information Security Officers (BISOs) in aligning security with business goals. Nicole emphasizes the need for innovative problem-solving and relationship management in cybersecurity, while also reflecting on her personal routines for maintaining sharpness in her role.

Send a text

In this conversation, Rinki Sethi, a seasoned cybersecurity leader, shares her journey from being a CISO at major companies to her current role at Upwind Security. She discusses the evolving landscape of cybersecurity, the impact of AI, and the importance of community in the industry. Rinki emphasizes the need for strong communication skills for CISOs, the significance of evaluating company culture before taking on new roles, and the necessity of leveraging AI to enhance cybersecurity programs. She also highlights the importance of personal growth and building supportive networks within the cybersecurity community.

Send a text

In this month's installment, Toni De La Fuente shares his journey into cybersecurity, detailing his early experiences with computers and his passion for hacking. He discusses the creation of Prowler, an open-source cloud security tool, and its differences from commercial solutions. The conversation explores cloud security challenges, the importance of open-source solutions, and the dynamics of scaling a startup. Toni also emphasizes the significance of passion in one's career and offers advice for aspiring tech professionals.

And yes...we also talk about his LOVE for Iron Maiden ;-)

Send a text

In this episode, Matt interviews Bel Lepe, CEO and co-founder of Cerby, discussing the challenges and opportunities in identity security. They explore the significance of disconnected applications, the impact of shadow IT, and the importance of automation and AI in enhancing security practices. Bel shares insights from his previous experience at Ooyala and the lessons learned in building Cerby, including the recent Series B funding and future plans for the company.

Takeaways

• Disconnected applications pose significant risks in identity management.
• Shadow IT is becoming a major part of the IT landscape, not just a side issue.
• The startup journey involves learning from past experiences and adapting strategies.
• The human element remains a critical factor in cybersecurity incidents.

Send a text

In this conversation, Tammy Klotz discusses her journey as a leader and author, focusing on her book 'Leading with Empathy and Grace.' She shares insights on the importance of empathy, vulnerability, and authenticity in leadership and the challenges and rewards of writing a book. The discussion highlights the significance of acknowledging personal lives in the workplace and the foundational role of trust in professional relationships. If you are an aspiring leader in Cyber, this episode is for you. Tammy shares her secrets to successful leadership.

Send a text

In this conversation, MK Palmore shares insights from his diverse leadership journey, spanning the Marine Corps, FBI, and cybersecurity. He emphasizes the importance of a people-centered leadership approach, the balance between technical and leadership skills, and the significance of effective communication. MK reflects on his experiences, the impact of mentorship, and the lessons learned from both successes and failures in leadership roles. MK highlights the challenges in attracting diverse talent to cybersecurity and the necessity of nurturing new professionals. He concludes with insights on continuous learning and the importance of maintaining a beginner's mindset.

Takeaways

• Diverse experiences shape leadership philosophy.
• Mentorship plays a significant role in professional development.
• Silence from leaders can lead to assumptions and uncertainty.
• Leaders should increase communication during times of uncertainty.
• Maintaining a mindset of continuous learning is vital for personal growth.

Chapters

00:00
Introduction to Leadership and Music

02:57
Diverse Leadership Experiences

06:05
The Importance of People-Centered Leadership

09:05
Technical Skills vs. Leadership Skills

11:49
Communication as a Leadership Skill

14:53
Learning from Mistakes in Communication

18:01
The Impact of Silence in Leadership

20:44
Navigating Uncertainty in Leadership

25:06
Bridging the Gap: Technical and Business Communication

30:22
Building Personal Brand and Eminence

32:53
Overcoming Barriers in Cybersecurity Talent Acquisition

38:31
Staying Sharp: Continuous Learning and Adaptability

Send a text

In this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity.

Takeaways

• The Honeynet Project was born from a need for cyber threat intelligence.
• Security culture is broader than security awareness; it encompasses attitudes and beliefs.
• Changing the environment is key to changing organizational culture.
• AI can be leveraged to enhance communication and simplify security policies.
• Positive interactions with security teams build a stronger security culture.

Chapters
00:00 From Military to Cybersecurity Pioneer
03:04 The Birth of the Honeynet Project
05:59 Understanding the Human Element in Security
09:13 Security Culture vs. Security Awareness
11:51 Changing Organizational Culture for Security
14:46 Practical Steps for Security Teams
17:55 Leveraging AI in Security Culture
21:11 Measuring Success in Cybersecurity Training

Send a text

In this conversation, Dr. Chase Cunningham, aka Dr. Zero Trust, shares his unique journey into the cybersecurity field, emphasizing the importance of purpose and self-care in a high-stress industry. He discusses the challenges of implementing zero trust strategies in organizations, the significance of understanding offensive tactics to enhance defensive measures, and the need for systemic change in national cybersecurity. Dr. Zero Trust also provides valuable advice for aspiring cybersecurity professionals, highlighting the supportive community and the importance of continuous learning.

Takeaways

• Zero Trust is a strategy, not a product.
• Self-care is critical in high-stress environments.
• Understanding offensive tactics is essential for defense.
• Start small when implementing Zero Trust.