Why do organizations still struggle with cybersecurity despite more tools and innovation than ever before? Today’s guest is a seasoned cybersecurity executive with deep experience across enterprise and public sector environments. Introducing Merlin Namuth, CISO for the City and County of Denver. Merlin joins hosts Ernie Anderson and Graeme Payne to share why foundational security practices continue to be the biggest challenge for organizations today.
He dives into why core disciplines like asset management and vulnerability management are often overlooked despite being critical, how AI is both a force multiplier and a growing threat, and why leadership, communication, and continuous learning are essential in cybersecurity. Merlin also shares practical insights on building high-performing teams, developing talent, and staying relevant in an industry that is constantly evolving.
Takeaways:
- Foundational security practices remain the biggest gap. Merlin emphasizes that organizations still struggle with core areas like hardware asset management, software tracking, and vulnerability management, despite their importance to reducing risk.
- “Basic” security is not actually easy. He reframes “basic” controls as “foundational” because they are difficult to implement consistently at any scale, regardless of organization size.
- AI is both a force multiplier and a threat. AI improves detection and response capabilities, but adversaries are also using it to rapidly develop exploits, increasing the pace of threats.
- Cybersecurity requires constant learning. The field changes rapidly, and professionals must continuously invest time in learning new technologies, compliance changes, and evolving threats.
- Leadership requires trust, feedback, and self-reflection. Merlin highlights the importance of having a trusted inner circle that can provide honest feedback and help leaders improve over time.
- Attracting talent requires a strong team culture. In public sector environments where compensation may be lower, promoting the quality of the team and mission helps attract strong candidates.
- Security programs must align across the business. He discusses working closely with functions like legal and communicating risk in ways that resonate with broader organizational goals.
Quote of the Show:
- “I still see organizations just struggle with what I call the foundational elements of security.” - Merlin Namuth
Links:
- LinkedIn: https://www.linkedin.com/in/merlin-namuth/
- Website: SeeYourselfHere.org
Ways to Tune In:
- Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0
- Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297
- Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47
- iHeart Radio: https://iheart.com/podcast/319629841/