Tired of the buzzword bingo flooding the cybersecurity industry? So is Zlatko Unger. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Zlatko Unger, CISO Expert at Wiz, for a no-nonsense conversation that cuts straight through the AI noise and gets back to what actually matters in security. With over 18 years of experience spanning security, risk, privacy, and compliance, Zlatko brings the kind of hard-earned perspective that only comes from building and scaling security programs in the real world.
From the growing complexity of identity and access management to the supply chain gaps that keep him up at night, Zlatko lays it all out plainly. You will walk away with a clearer picture of where AI is genuinely useful in security programs, where technical debt is quietly piling up while everyone chases the next shiny thing, and what it takes to lead remote security teams and communicate risk to a board that may not want to hear it. This one is packed with substance, humor, and the kind of candid insight you rarely get on a stage at RSA.
Takeaways:
- AI hype is creating real operational risk. Organizations are rushing to adopt AI tools without the due diligence needed to understand what they are allowing or what risks are being introduced.
- Foundational security is being deprioritized. Technical debt keeps accumulating and legacy threats are still getting through because teams are too distracted by what is new to fix what is old.
- The AI agent space is where the near-term security value lives. Agentic tools that surface information faster and offer action suggestions are more meaningful than the AI-powered SOC marketing dominating the RSA floor.
- Identity and access management is growing more complex, not less. There is no standard across SaaS platforms for how permissions and scoping work, leaving serious gaps in logs, accountability, and access control.
- Supply chain and third-party risk still has massive gaps. Security teams often cannot trace where their data goes beyond the first layer of vendors, and AI black boxes embedded in vendor tools are making this harder.
- Cloud security has matured, but smaller organizations are still the weak point. Larger organizations have developed stronger muscle memory for secure cloud configuration, while smaller businesses are still stumbling into basic misconfigurations.
- Communicating risk to the board requires speaking their language. Translating technical risk into financial impact and tailoring the message to each stakeholder's function is what gets attention and drives action.
- Building strong teams means distributing hiring judgment. A committee-based interview process that includes different perspectives and gives staff a real voice in the final decision helps catch what any one interviewer might miss.
- Remote team culture requires intentional effort. In-person offsites, consistent communication, and encouraging team members to get outside and interact with people are all essential to keeping a remote team healthy.
- A course correction is coming on AI. Zlatko predicts organizations will hit a wall trying to replace too many functions with AI and will ultimately swing back toward valuing people who know how to use it rather than replacing people with it.
Quote of the Show:
- “Using AI in every way, shape, or form creates a tremendous amount of risk across the organization.” - Zlakto Unger
Links:
- LinkedIn: https://www.linkedin.com/in/zlatkounger/
- Website: https://www.wiz.io
Ways to Tune In:
- Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0
- Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297
- Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47
- iHeart Radio: https://iheart.com/podcast/319629841/