This is Cyber Smokehouse. Join Ernie and Graeme as they grill the minds, dig into the experience, and serve up the stories of leaders in cybersecurity. Cyber Smokehouse is sponsored by TBDCyber, a cybersecurity strategy consulting firm.
All Episodes

Latest Episodes

All Episodes
#22

Predictive Cyber Risk - Tim and Suzanne O’Neil - Cyber Smokehouse - Episode #22

Most security programs are built around understanding what has already happened, but what if organizations could begin anticipating cyber threats before they materialize? In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne welcome Tim and Suzanne O'Neil, founders of AigisPoint Predictive Intelligence. Drawing on decades of experience spanning enterprise security architecture, military leadership, entrepreneurship, and business strategy, they discuss their approach to predictive cyber risk, how AI and machine learning are reshaping threat modeling, and the realities of building an innovative cybersecurity startup.From balancing innovation with security to understanding AI's limitations, this conversation explores how organizations can begin thinking beyond reactive cybersecurity while remaining grounded in practical risk management. Takeaways:Traditional threat modeling remains largely static, creating an opportunity to apply AI and machine learning to forecast potential cyber threats before they emerge rather than relying solely on historical attack data.Publicly available sources, including industry reports, breach investigations, and threat intelligence, contain valuable information that can be combined with modern analytical techniques to identify emerging trends instead of simply documenting the past.Building innovative cybersecurity products requires leaders to constantly balance investment decisions, innovation, and acceptable business risk, recognizing that organizations cannot fund every initiative simultaneously.Early-stage cybersecurity companies face the challenge of proving value through customer adoption while simultaneously developing secure, production-ready platforms and meeting investor expectations.AI should be viewed as an enabling technology, not an infallible decision-maker. Human oversight remains essential because AI systems can still produce flawed outcomes and require validation before being trusted in security-critical environments.As AI automates more routine security analysis, cybersecurity roles will continue to evolve rather than disappear, creating demand for new specialties as adversaries increasingly leverage AI-driven techniques.Entrepreneurship in cybersecurity requires technical expertise alongside resilience, adaptability, and a willingness to navigate uncertainty while transforming innovative ideas into commercially viable products.Quote of the Show:“Currently everybody's looking backwards.” - Suzanne O’NeilLinks:LinkedIn: https://www.linkedin.com/in/suzanne-oneil-7490643b8/  linkedin.com/in/tim-o-22774918/?skipRedirect=true Website: https://www.aigispoint.net/Ways to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 
#21

Managing Risk at Scale - John Rogers - Cyber Smokehouse - Episode #21

Cybersecurity leaders today face a challenge that extends far beyond technology: keeping pace with constant change. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with John Rogers, Chief Information Security Officer and Head of Technology Risk at MSCI. Drawing on experience spanning consulting, financial services, and executive security leadership, John shares his perspective on AI governance, third-party risk management, board communication, and the growing complexity facing security teams.Listeners will gain practical insights into how organizations can approach AI governance, communicate cyber risk effectively to executives and boards, rethink traditional third-party risk practices, and prepare for a future where security leaders must balance innovation with increasingly complex threats. Takeaways:The speed of change remains one of the biggest challenges facing security leaders today, with AI accelerating both innovation and the barrier to entry for attackers.AI governance starts with visibility. Before organizations can govern AI effectively, they need an inventory of where AI systems and agents actually exist across the business.Citizen development creates opportunities for innovation but also introduces new security responsibilities that many non-technical users may not fully understand.Effective board communication requires focusing on risk, change, and business impact rather than diving into highly technical details that executives may not find actionable.Traditional third-party risk management approaches often rely heavily on questionnaires that may not provide meaningful security insight, highlighting the need for more risk-focused evaluation methods.Security teams are continually playing catch-up as new technologies emerge, while foundational controls such as encryption and access management remain consistently important.Cybersecurity professionals entering the field should embrace AI tools rather than fear them, as familiarity with AI is rapidly becoming a critical skill regardless of technical background.Quote of the Show:“It's impossible to be an expert at everything.” - John RogersLinks:LinkedIn: https://www.linkedin.com/in/johnsrogers/Website: http://www.msci.comWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 
#19

Foundation First - Michael Myint - Cyber Smokehouse - Episode #19

Most cybersecurity conversations start with technology. Michael Myint starts with the foundation. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Michael Myint, a cybersecurity executive whose thirty year career spans Big Four consulting, global enterprises, and high growth healthcare startups. He has built programs from scratch, led organizations through public incidents, and mentored security leaders who have gone on to surpass him. You will walk away with a sharper view of where AI is genuinely changing the threat landscape, why vendor consolidation is coming, whether organizations are ready or not, and what separates the security professionals who rise from the ones who stall. Takeaways:Board communication lives or dies on business relevance. Phishing rates and patch counts belong in the appendix. Metrics tied to revenue, speed to delivery, and product outcomes are what earn executive attention and budget support.AI is disrupting the entry level pipeline in ways the industry has not fully reckoned with. New practitioners who rely on prompt engineering without foundational knowledge will struggle when things break and nobody knows why.Vendor consolidation is coming. The era of niche tools for every sliver of the security stack is giving way to platforms that cover more ground at lower cost, and leaders who get ahead of that shift will be better positioned.Quantum computing combined with AI capabilities is a legitimate long term concern. Nation state actors are already better resourced than most enterprises, and that gap only widens as quantum matures.The CISO is not the department of no. Security leaders who lean on restriction and compliance theater lose credibility quickly. The ones who earn trust show up with solutions and speak the language of the business.Building future leaders requires giving real ownership, not just tasks. Cross training across security functions and evaluating people on program outcomes rather than activity is what develops professionals who can eventually lead on their own.A foundational background still matters before moving into a cybersecurity role. Understanding networking, identity, and how systems actually work provides context that no certification shortcut can replace.Quote of the Show:“"Be curious, dig a lot, be a go-getter, be a problem solver, take ownership."- Michael MyintLinks:LinkedIn: https://www.linkedin.com/in/michaelmyint/Website: https://adapthealth.com/Ways to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 
#18

Rethinking Security Risk - Mea Clift - Cyber Smokehouse - Episode #18

Cybersecurity careers are rarely linear, and building effective security leadership requires more than technical expertise alone. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Mea Clift, CISO at Cengage, for a conversation about cybersecurity career growth, leadership, curiosity, and risk management.Mea shares insights on how professionals can find their place within the cybersecurity industry, why curiosity is essential for long-term success, and how passion drives deeper expertise. The discussion also explores misconceptions about the CISO role, business impact assessments, security risk, and the realities of operating modern security programs. Outside of cybersecurity, the conversation shifts into Mea’s approach to smoking and grilling, including charcoal setups, smoking techniques, and favorite recipes. Takeaways:Cybersecurity professionals should find a specialty they’re passionate about. Mea explains that broad interest alone is not enough to build a successful cybersecurity career and encourages people to identify the specific area that excites them most.Curiosity is critical for long-term success in security. The conversation highlights the importance of continuous learning because cybersecurity constantly evolves.Passion helps professionals stand out in competitive hiring environments. Mea discusses how enthusiasm, projects, networking, and deep subject knowledge differentiate candidates during interviews.Business impact assessments are an underrated security control. During the lightning round, Mea identifies business impact assessments as a security control that deserves more attention.Risk remains a major challenge within the security industry. Mea gives a concise answer of “Risk” when asked what the industry is getting completely wrong.There are misconceptions about what CISOs actually do. The discussion touches on common assumptions around the day-to-day work of CISOs and the operational realities behind security leadership roles.Smoking and grilling are part of Mea’s creative outlet outside work. Mea shares details about her charcoal and wood smoking setup, favorite smoking techniques, and favorite  recipes.Quote of the Show:“Life’s too short. You gotta follow your passion.” - Mea CliftLinks:LinkedIn: https://www.linkedin.com/in/mea-clift/Website: https://www.cengagegroup.com/Ways to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550 
#17

Cybersecurity Beyond Compliance - Matthew Mudry - Cyber Smokehouse - Episode #17

What happens when organizations scale rapidly through acquisition while simultaneously navigating AI adoption and evolving cyber risk?In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with Matthew Mudry, CISO at Alera Group, to discuss the operational realities of securing large-scale acquisitions, integrating fragmented environments, and managing cybersecurity risk during periods of aggressive growth.Matthew shares firsthand experiences standardizing security across acquired organizations, balancing business pressure with security due diligence, and navigating the growing complexity introduced by AI technologies. The conversation explores M&A integration challenges, data loss prevention, access control, AI governance, leadership communication, security roadmaps, and the future of the CISO role. Takeaways:M&A creates significant operational security complexity. Matthew discusses the challenge of integrating acquired businesses into standardized security platforms and processes.Security teams need earlier involvement in acquisitions. The conversation explores how organizations sometimes prioritize business growth before fully understanding integration and security risks.AI introduces both opportunity and risk. Matthew shares concerns around AI misuse, access control, data loss prevention, and adversarial use cases while also discussing opportunities to improve security operations using AI.Access control and DLP remain foundational. The episode repeatedly emphasizes the importance of strong access controls and data protection strategies when adopting AI technologies.Security leaders must communicate effectively with executives. Matthew discusses translating technical risk into measurable business reporting through roadmaps, metrics, and leadership engagement.Strong technical foundations matter for future leaders. Matthew advises aspiring cybersecurity leaders not to rush into management too early and stresses the importance of technical and risk management experience.Quantum computing is becoming a long-term concern. The conversation explores future risks around encryption, legacy data exposure, and long-term data retention.Quote of the Show:“What’s better than fighting AI with AI?” - Matthew MudryLinks:LinkedIn: https://www.linkedin.com/in/matthewmudry/Website: http://www.aleragroup.comWays to Tune In:Spotify: https://open.spotify.com/show/5LuXXqbK9k9rrVRFsdGzl0 Apple Podcasts: https://podcasts.apple.com/podcast/cyber-smokehouse/id1872442297 Amazon Music: https://music.amazon.com/podcasts/40a6c0da-242f-404b-8bd3-9f4997f19c47 iHeart Radio: https://iheart.com/podcast/319629841/ Podchaser: https://www.podchaser.com/podcasts/cyber-smokehouse-6356550