How can organizations cut through security tool sprawl and focus on what truly reduces cyber risk? Today’s guest is a veteran cybersecurity leader with more than 25 years of experience helping global enterprises protect their data and operations. Introducing Erik Hart, Chief Information Security Officer at Cushman & Wakefield and former security leader at organizations including CrowdStrike and Mimecast. Erik joins the show to discuss why vulnerability management must become more data-driven, how identity has emerged as the new firewall, and where AI and automation can meaningfully reduce risk. He also shares leadership insights on challenging outdated security practices, prioritizing what matters most to the business, and building security programs that scale with modern, cloud-first organizations.
Takeaways:
- Platform consolidation must be intentional. Moving toward “platformization” can simplify operations, but only if organizations clearly understand which capabilities add real value.
- Vulnerability management is a data problem, not a scanning problem. Fewer than 10% of vulnerabilities are actively exploited, making prioritization and business context essential.
- Risk-based decisions beat severity scores. A lower-scored vulnerability exposed to the internet may pose more real risk than a higher-scored internal issue.
- Security is increasingly driven by analytics. Combining telemetry from tools like EDR, email security, identity platforms, and threat intelligence provides a clearer, more actionable risk picture.
- Identity is the new firewall. In a SaaS-first, remote-enabled world, strong identity controls matter more than traditional perimeter defenses.
- Leadership requires responsiveness and trust. Eric emphasizes being accessible, empowering teams to run with ideas, and challenging outdated norms.
- Business literacy is critical for security leaders. Understanding finance, budgeting, and risk quantification is essential to gaining executive buy-in and long-term funding.
Quote of the Show:
- “I’ve never worked in an organization where there was no risk. Cybersecurity is about understanding which risks actually matter to the business”. - Erik Hart
Links:
- LinkedIn: https://www.linkedin.com/in/emhart1/
- Company website: https://www.cushmanwakefield.com/en
Ways to Tune In:
- Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0
- Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297
- Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47
- iHeart Radio: https://iheart.com/podcast/319629841/
- Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550
- YouTube: https://www.youtube.com/@CyberSmokehouse