All Episodes

How do you translate cybersecurity from a technical function into a true business priority? Today’s guest is a seasoned cybersecurity leader with deep enterprise experience. Introducing Chris Correia, CEO of CGS CyberDefense. Chris joins hosts Ernie Anderson and Graeme Payne to share how cybersecurity leaders must evolve from technologists into business storytellers who can align security with organizational priorities.He dives into why security conversations need to shift from tools to outcomes, how risk quantification enables better executive decision-making, and why organizational resiliency goes far beyond traditional cyber playbooks. Chris also shares leadership lessons from building teams, investing in the next generation, and creating long-term client relationships rooted in trust and value.Takeaways• Cybersecurity must be communicated in business terms. Chris emphasizes that security leaders need to translate technical concepts into business language to effectively engage executives and boards.• Risk quantification enables better decisions. He explains that framing security investments in terms of financial impact helps shift conversations from emotion to fact-based decision-making.• “Rules before tools” should guide security strategy. Organizations often overinvest in technology without building the right programs. Chris highlights the importance of designing the strategy first, then aligning tools to support it.• Organizational resiliency must extend beyond IT. Resiliency is not just a cybersecurity function. It requires coordination across the entire business, including roles like HR and operations, to ensure preparedness in real scenarios.• Testing and readiness must be continuous. Many organizations test disaster recovery or response plans too infrequently. Chris stresses the need for ongoing, practical testing to build real readiness.• AI must be used, but carefully validated. He notes that while AI is becoming essential, organizations must fact-check outputs and implement guardrails to avoid risk and misuse.• Relationships are central to consulting success. Chris highlights that long-term value comes from relationships, not transactions, and that trust is foundational in the consulting world. Quote of the Show:“You have to be able to tell the right story to the right audience.” - Chris CorreiaLinks:LinkedIn: https://www.linkedin.com/in/christopher-correia-/?skipRedirect=trueWebsite: https://cgscyberdefense.com/Ways to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550

How do you secure environments that are constantly changing, distributed, and increasingly difficult to see? Today’s guest is a forward-thinking cybersecurity leader focused on tackling modern visibility and infrastructure challenges. Introducing Clete Taylor, Senior Security Architect at Frost. Clete joins hosts Ernie Anderson and Graeme Payne to explore how evolving environments are reshaping the way organizations approach security.He shares how the shift to cloud and hybrid infrastructure has created blind spots that traditional tools struggle to address. The conversation dives into why visibility is foundational to security, how attackers exploit gaps in awareness, and what organizations must do to adapt. Clete also highlights the importance of proactive strategy, continuous monitoring, and aligning security practices with how modern systems actually operate. Takeaways:• You cannot secure what you cannot see. Modern environments are dynamic and distributed, making visibility the foundation of any effective security strategy. Without clear insight into systems and access, risk increases significantly.• Traditional security models are falling behind. Perimeter-based approaches were built for static environments. Today’s cloud and hybrid infrastructures require adaptive, continuously evolving security strategies.• Complexity creates opportunity for attackers. As systems grow more complex, gaps naturally emerge. Attackers are increasingly targeting these blind spots where monitoring and control are weakest.• Continuous monitoring is no longer optional. Security must operate in real time. Point-in-time assessments are not enough to detect or respond to threats in fast-moving environments.• Alignment between infrastructure and security is critical. Security strategies must reflect how systems are actually built and used. Misalignment creates inefficiencies and increases vulnerability.• Proactive thinking outperforms reactive defense. Organizations that anticipate risks and design for them early are far better positioned than those constantly reacting to incidents.Quote of the Show:“If you don’t have visibility, you’re making decisions in the dark.” - Clete TaylorLinks:LinkedIn: https://www.linkedin.com/in/cletetaylor13/Website: cletustaylor.comBook Link: https://www.amazon.com/dp/B0GG5VL3MQWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

How do organizations stay secure when identity, access, and infrastructure are more distributed than ever before? Today’s guest is a seasoned cybersecurity leader focused on modern identity and cloud security challenges. Introducing Joe Mendygral, Senior Director at TBD Cyber. Joe joins hosts Ernie Anderson and Graeme Payne to explore how identity has become the core battleground in cybersecurity. He also delves into how cloud environments, AI, and evolving attack methods are forcing organizations to rethink how they detect and respond to threats.Joe shares practical insights on visibility, detection, and why traditional security approaches are struggling to keep up with modern environments. The conversation highlights the growing importance of understanding user behavior, securing identities, and building adaptive security strategies that evolve alongside threats.Takeaways:• Identity is now the primary attack surface. As organizations move to cloud-first environments, attackers are increasingly targeting identities instead of infrastructure. Securing who has access is now more important than securing where access happens.• Visibility gaps create the biggest risks. Many organizations lack a clear understanding of who has access to what across systems. Without visibility, it becomes nearly impossible to detect or respond to threats effectively.• Detection must evolve beyond traditional methods. Signature-based and perimeter-focused security models are no longer sufficient. Modern environments require behavior-based detection that can identify anomalies in real time.• Cloud complexity increases security challenges. As infrastructure becomes more distributed, security becomes harder to manage. Organizations must adapt their strategies to account for dynamic environments and decentralized access.• AI is changing both offense and defense. AI is enabling faster detection and response, but it is also being used by attackers to scale and automate threats. Security teams must evolve just as quickly to stay ahead.• Security requires continuous adaptation. There is no static solution to cybersecurity. Organizations must continuously refine their strategies, tools, and processes to keep up with an ever-changing threat landscape.Quote of the Show:“If you don’t understand identity and behavior, you don’t understand your risk.” - Joe MendygralLinks:LinkedIn: https://www.linkedin.com/in/joe-mendygral-0846a82/Website: https://www.tbdcyber.comWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

How do cybersecurity leaders manage risk, talent, and rapid innovation as AI transforms both threats and defenses? Today’s guest is a seasoned cyber intelligence leader and strategic risk advisor. Introducing Steve Bay, Vice President of Cybersecurity and Chief Information Security Officer at Coretelligent. Steve joins hosts Ernie Anderson and Graeme Payne to share how AI is reshaping the cybersecurity landscape and what leaders must do to stay ahead. He also delves into talent challenges, evolving threat dynamics, and the importance of balancing innovation with governance in a rapidly changing environment.Steve shares insights from his journey into cybersecurity, his experience in intelligence and enterprise security, and his perspective on how organizations can navigate uncertainty while building resilient security programs. Takeaways:AI is the biggest disruptor in cybersecurity today:AI is transforming how both defenders and attackers operate. Organizations must understand how employees are using AI tools and how threat actors are leveraging them to exploit vulnerabilities.Governance of AI is critical but complex:Banning AI is not realistic and can create more risk than it solves. Leaders must focus on thoughtful governance that enables innovation while protecting data and systems.The cybersecurity talent market is evolving rapidly:There is a disconnect between hiring expectations and market reality. Companies want experienced talent at entry-level cost, while skilled professionals still struggle to find the right roles.AI may reshape entry-level career paths:As AI automates more foundational work, organizations must rethink how they develop junior talent and build future cybersecurity leaders.Cost pressure is forcing smarter security strategies:Organizations must balance delivering high-quality security with tight budgets. This requires prioritization, efficiency, and a clear understanding of business risk.Curiosity and adaptability are essential for leaders:Steve highlights that the pace of change requires continuous learning. Leveraging tools like AI for daily awareness can help leaders stay informed without being overwhelmedQuote of the Show:“We need to figure out how to harness AI and maximize it for the good of society, not try to ban it.” - Steve BayLinks:LinkedIn: https://www.linkedin.com/in/steven-bay-8005865/Website: https://www.core.techWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

How can cybersecurity leaders translate technical threats into real business decisions without losing executive alignment or strategic clarity? Today’s guest is a thoughtful cybersecurity strategist and business-focused security leader. Introducing Jimmy Lummis, Director and Business Information Security Officer at IHG Hotels & Resorts. Jimmy joins hosts Ernie Anderson and Graeme Payne to discuss how modern security leaders must bridge the gap between technical teams and executive leadership. He also explores the realities of cyber risk quantification, the role of AI in modern threat landscapes, and why translating cybersecurity into business language is essential for effective decision making.TakeawaysCybersecurity is ultimately about managing risk, not eliminating it. Jimmy explains that no organization can achieve perfect security. The real responsibility of leaders is determining what level of risk the business is willing to accept and aligning security investments accordingly.Cyber risk must be translated into business language. Technical discussions about vulnerabilities and controls do not resonate with executives. Effective security leaders frame cyber threats in terms of financial impact, operational disruption, and strategic risk.AI introduces both opportunity and new threat vectors. Organizations are racing to adopt AI, but threat actors are also leveraging these tools. Security leaders must balance innovation with responsible oversight and risk awareness.Traditional cybersecurity problems still matter. While emerging technologies grab headlines, many breaches still occur due to longstanding issues like identity management, patching, and basic security hygiene.Security leaders must act as translators between worlds. Jimmy emphasizes the importance of bridging the gap between engineers and executives. Leaders who can interpret technical realities in business terms help organizations make better strategic decisions.Cyber risk quantification helps prioritize security investments. Quantifying risk allows organizations to make informed tradeoffs about where to allocate resources and which threats pose the greatest potential impact.Quote of the Show:“Cybersecurity is not about eliminating risk. It’s about deciding what level of risk the business is willing to accept” - Jimmy LummisLinks:LinkedIn: https://www.linkedin.com/in/jimmylummis/Website: http://www.ihgplc.comWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

In this episode of Cyber Smokehouse, hosts Ernie and Graeme sit down with David Nolan, Principal Advisor at Apex Advisors, to explore how organizations must rethink cybersecurity as digital environments grow more complex and interconnected.David shares why the traditional concept of a network perimeter is rapidly disappearing as organizations adopt cloud platforms, distributed workforces, and connected technologies. As a result, security leaders must move beyond reactive defense and focus on building resilience, visibility, and strategic alignment across the entire digital ecosystem. The conversation explores how cybersecurity must evolve from a purely technical discipline into a business leadership priority, how organizations can anticipate emerging threats, and why security culture plays a critical role in protecting modern systems.Takeaways:Cybersecurity Must Be a Business Priority: Security is no longer confined to the IT department. Organizations that integrate cybersecurity into strategic decision making are better positioned to manage risk and protect critical operations.The Network Perimeter Has Disappeared: With cloud infrastructure, remote work, and third-party integrations becoming the norm, organizations must move beyond perimeter-based security models and focus on identity, access control, and system visibility.Visibility Is the Foundation of Protection: Leaders cannot defend systems they cannot see. Strong monitoring, telemetry, and system awareness allow organizations to detect vulnerabilities and respond faster to emerging threats.Security Culture Starts at the Top: Effective cybersecurity depends on leadership setting expectations around accountability, awareness, and responsible behavior across the organization.Proactive Security Prevents Major Failures: Organizations that prioritize threat modeling, risk assessments, and preventative controls reduce the likelihood and impact of security incidents.Collaboration Strengthens Defense: Cybersecurity today requires coordination between leadership, technology teams, operational stakeholders, and external partners to protect complex digital ecosystems.Quote of the Show:“Security cannot be an afterthought. It has to be built into the way organizations design systems, processes, and culture from the beginning.” - David NolanLinks:LinkedIn: https://www.linkedin.com/in/david-c-nolan/Ways to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

Healthcare cybersecurity is no longer just about compliance, it’s about resilience.In this episode of Cyber Smokehouse, hosts Ernie and Graeme sit down with Hugo Lai, Chief Information Security Officer at Temple Health, to explore how healthcare organizations can protect patient care in an era of AI adoption, ransomware threats, and relentless budget pressure.Hugo shares practical insights from leading enterprise security programs inside one of the most operationally complex industries. From managing medical device risk to embedding daily threat intelligence briefings into team culture, this conversation dives deep into what modern cyber leadership looks like when lives are on the line.Key TakeawaysResilience Over Compliance: HIPAA may focus on privacy, but today’s healthcare security must prioritize operational continuity and patient care even during disruption.Budget Discipline Builds Trust: Security leaders who spend intentionally and align with organizational priorities are more likely to secure sustained executive support.AI Requires Guardrails, Not Roadblocks: Instead of blocking AI adoption, security teams must create safe, approved environments that enable responsible use.Operational Preparedness Is Critical: Tabletop exercises, manual fallback training, and daily threat briefings ensure teams are ready when systems fail.Medical Device Security Is Risk Management: Visibility, segmentation, configuration control, and cross-functional collaboration are essential to managing IoT and clinical device risk.Leadership Is Personalization: Understanding individual team members’ motivations and empowering them appropriately drives performance and retention.Learning Never Stops: In a rapidly evolving threat landscape, cybersecurity leaders must invest in continuous learning for themselves and their teams.Quote of the Show:“We cannot completely eliminate all the risks out there, but it’s important that you have a strategy and you’re making sound decisions when managing risks.”Links:LinkedIn: https://www.linkedin.com/in/hugolai/Website: https://www.templehealth.orgWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

In this episode of Cyber Smokehouse, hosts Ernie and Graeme sit down with Wade Myers to explore the leadership discipline required to navigate modern cyber risk. Wade shares why complexity is the enemy of effective security programs, how executives must think about tradeoffs instead of perfection, and why clarity, not control, is the real advantage in today’s threat landscape.The conversation dives into decision-making under uncertainty, aligning cybersecurity with business priorities, and the importance of building teams that can operate confidently in high pressure environments. Wade unpacks how security leaders can move beyond compliance thinking and instead focus on meaningful risk management that strengthens resilience across the organization. Takeaways:Cybersecurity is a decision-making discipline, not a toolset. Effective programs are built on sound judgment, prioritization, and alignment with business objectives—not simply the deployment of more technology.Risk cannot be eliminated, only managed intelligently. Leaders must move away from the illusion of total control and instead build frameworks that allow them to evaluate tradeoffs clearly and respond with confidence.Complexity is the hidden threat. Overly layered controls, unclear ownership, and bloated processes create blind spots. Simplification improves visibility, accountability, and response speed.Clarity at the executive level determines program success. When leadership understands what matters most, resources are deployed strategically instead of reactively.Security must support business velocity. The strongest programs protect critical assets while enabling innovation and operational momentum.Resilience outperforms perfection. Organizations that plan for disruption, rehearse response, and empower teams to act decisively outperform those chasing zero incidents.Culture shapes security outcomes. Clear communication, ownership, and psychological safety allow teams to raise risks early and act before issues escalate.Quote of the Show:“Cybersecurity isn’t about eliminating risk, it’s about making intelligent decisions under uncertainty.”Links:LinkedIn: https://www.linkedin.com/in/wade-myers-b287833/Website: https://www.equifax.com/Ways to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

In this episode of Cyber Smokehouse, hosts Ernie and Graeme sit down with Damian Apone, cybersecurity executive and practitioner with deep experience building and operating security programs inside complex organizations.Damian brings a grounded, real-world perspective on why cybersecurity initiatives often fail, not because of missing tools, but because of misalignment between people, process, and technology. He shares hard-earned lessons on operationalizing cyber resilience, managing risk in imperfect environments, and helping leaders move beyond checkbox compliance toward security programs that actually work in practice. The conversation covers executive communication, prioritization, realistic threat modeling, and why resilience, not perfection, is the goal. Takeaways:Cybersecurity failures rarely stem from missing tools. Most breakdowns occur in the handoffs between people, processes, and technology where ownership is unclear and assumptions go unchallenged.Resilience matters more than perfection. Effective security programs assume disruptions will happen and focus on detection, response, and recovery rather than trying to prevent every possible incident.Security must function in real-world conditions. Controls and processes should reflect how teams actually work under pressure, not how frameworks assume they operate in ideal scenarios.Prioritization is essential to managing risk. Organizations must clearly define which assets and threats matter most to avoid spreading security efforts too thin.Executive understanding drives program success. When leaders grasp tradeoffs and business impacts, security initiatives are more likely to be funded, supported, and followed.Compliance is a baseline, not a strategy. Checking boxes may satisfy auditors, but it does not guarantee resilience or meaningful risk reduction.Cyber programs must continuously evolve. Threats, technology, and business priorities change, security strategies must adapt accordingly to remain effective.Quote of the Show:“Resilience isn’t about preventing every failure; it’s about being ready when failure happens.”Links:LinkedIn: https://www.linkedin.com/in/damian-apone-csm-mba-pmp-a45a97/Website: http://genpt.comWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

In this episode of Cyber Smokehouse, hosts Ernie and Graeme sit down with Gregg Barrow, a global cybersecurity leader at the forefront of quantum-safe computing, to explore one of the most underestimated threats facing organizations today: the coming impact of quantum computing on data security.The conversation dives into crypto-agility, inventorying cryptographic assets, leadership accountability, and the real risks of waiting too long. This episode challenges cybersecurity leaders to rethink long-term resilience in a world where yesterday’s “secure enough” quickly becomes tomorrow’s breach. Takeaways:Quantum computing poses a real, future threat to today’s encryption standards.Organizations must begin preparing now, not when quantum computers become mainstream.Crypto-agility, the ability to swap cryptographic algorithms quickly, is critical.Most companies don’t know where or how cryptography is embedded across their systems.Inventorying cryptographic assets is the first actionable step toward quantum readiness.Leadership must treat quantum security as a business risk, not just a technical one.Waiting for regulation or vendor mandates may leave organizations dangerously exposed.Quote of the Show:“Quantum computing is already here in pieces, and the implications for security are not as far away as people think.”Links:LinkedIn: https://www.linkedin.com/in/greggbarrow/Website: http://www.ibm.comWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 

How can organizations cut through security tool sprawl and focus on what truly reduces cyber risk? Today’s guest is a veteran cybersecurity leader with more than 25 years of experience helping global enterprises protect their data and operations. Introducing Erik Hart, Chief Information Security Officer at Cushman & Wakefield and former security leader at organizations including CrowdStrike and Mimecast. Erik joins the show to discuss why vulnerability management must become more data-driven, how identity has emerged as the new firewall, and where AI and automation can meaningfully reduce risk. He also shares leadership insights on challenging outdated security practices, prioritizing what matters most to the business, and building security programs that scale with modern, cloud-first organizations.Takeaways:Platform consolidation must be intentional. Moving toward “platformization” can simplify operations, but only if organizations clearly understand which capabilities add real value.Vulnerability management is a data problem, not a scanning problem. Fewer than 10% of vulnerabilities are actively exploited, making prioritization and business context essential.Risk-based decisions beat severity scores. A lower-scored vulnerability exposed to the internet may pose more real risk than a higher-scored internal issue.Security is increasingly driven by analytics. Combining telemetry from tools like EDR, email security, identity platforms, and threat intelligence provides a clearer, more actionable risk picture.Identity is the new firewall. In a SaaS-first, remote-enabled world, strong identity controls matter more than traditional perimeter defenses.Leadership requires responsiveness and trust. Eric emphasizes being accessible, empowering teams to run with ideas, and challenging outdated norms.Business literacy is critical for security leaders. Understanding finance, budgeting, and risk quantification is essential to gaining executive buy-in and long-term funding.Quote of the Show:“I’ve never worked in an organization where there was no risk. Cybersecurity is about understanding which risks actually matter to the business”. - Erik HartLinks:LinkedIn: https://www.linkedin.com/in/emhart1/ Company website: https://www.cushmanwakefield.com/en Ways to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 YouTube: https://www.youtube.com/@CyberSmokehouse 

This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.