Super Cyber Fridays!
Join us TOMORROW, Friday [08-01-25], for "Hacking the Talent Myth"

Join us Friday, August 1, 2025, for “Hacking the Talent Myth: An hour of critical thinking about why the ‘skills shortage’ might be a hiring problem.”

It all begins at 1 PM ET/10 AM PT on Friday, August 1, with guests Mike Lockhart, CISO, EagleView, and Mathew Biby, director of cybersecurity, TixTrack. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register now

Defense in Depth
How Can AI Provide Useful Guidance from Fragmented Security Data?

How poorly fragmented is our security data? We've got a lot of it. But connecting to it and having it understand each other, especially as we're using AI, is quite daunting. If all this data was talking to each other, it would be fantastic. We could gain greater insight into what's happening in our environments.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is their sponsored guest, Matt Eberhart, CEO, Query.

Listen to the full episode here.

Quality over quantity in AI decision-making

The effectiveness of AI in cybersecurity hinges more on data quality and focus than on volume and sophistication. Daniel Gorecki of NGC Risk emphasized that successful AI implementation requires "an informed decision" rather than simply choosing between "educated guesses vs trusted facts." He argued for using "less data, that is accurate to work off of" and stressed the importance of understanding threat models and risk appetites to focus on data that matters for decision-making. This approach optimizes the decision path regardless of whether AI is involved. Ezra Ortiz, Peraton, raised a crucial question about AI collaboration, asking whether different AI systems communicate with each other before making decisions, similar to how humans naturally call partners to ask "Are you seeing X?" when making security assessments.

Process before technology

Organizations may be implementing AI in the wrong order, potentially masking fundamental operational problems. Matt Muller, field CISO at Tines, questioned whether companies are "applying AI to the right SecOps processes in the first place," warning that using AI models to close false positive alerts might mask "a flawed detection engineering process." He observed that many organizations follow a "model > data > process" decision-making sequence but would achieve better results by flipping that approach around. Evan Powell of Deep Tempo reinforced this perspective, noting that even significant improvements must work within "existing workflows that form in part to address the poor fidelity and lock-in-based business models of prior cybersecurity systems."

The connectivity challenge

AI's security effectiveness is fundamentally limited by its ability to understand relationships and context across disparate systems. Kunal Pachauri of Amazon argued that "AI in security is only as smart as the data and relationships it can see," advocating for graph-based security models that can connect "siloed data across identity systems, endpoints, cloud assets, threat intel, and more" into a single, queryable context. Without this "relationship-aware foundation that represents real-world attack paths and trust boundaries," even the best LLMs become "just blind copilots." Valentina Brysina of Digital Pipl echoed this sentiment, arguing that "the next real innovation isn't another copilot, it's solving interoperability across the stack." Matt Svensson of GetReal added a practical constraint, noting that "centralized ingestion of data won't scale to meet this change" and that data needs to be searched where it naturally resides.

The context complexity paradox

Building truly effective AI security systems requires solving fundamental data integration challenges that go far beyond simple collection. Ashish Popli of Defendermate highlighted the complexity involved, explaining that gathering relevant context is just the beginning; the "completely different and much harder task" involves aligning, normalizing, deduplicating, and organizing data to minimize hallucinations and guesswork. While he acknowledged that "context isn't cheap, nor is inference," Popli believed that successfully combining these elements could produce "mind-blowing, liberating" results that might finally "reduce the asymmetry between offense and defense."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Query

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University.

Thanks to our Cyber Security Headlines sponsor, Dropzone AI

Cyber chatter from around the web...
Jump in on these conversations

“What are some of the most underrated/overlooked skills in cybersecurity?” (More here)

“Passkeys won't be ready for primetime until Google and other companies fix this.” (More here)

“How are you approaching endpoint security for contractors/agents on unmanaged laptops?” (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [08-01-25] Hacking the Talent Myth

• [08-08-25] Hacking Toxic Culture

• [08-15-25] Hacking Burnout

• [08-22-25] Hacking Tabletop Exercises

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.