CISO Series Podcast Episode Summary

Episode: "AI Is Very Efficient at Making Us Forget the Value of Humans"

Date: January 20, 2026
Hosts: David Spark, Andy Ellis
Guest: Jacob Combs (CISO, Tandem Diabetes Care)

1. Episode Overview

In this episode, the panel explores how artificial intelligence (AI) is reshaping the relationship between cybersecurity, business operations, and human talent. Amid ongoing challenges between security practitioners and vendors, the discussion delves into persistent gaps in security tooling, sales transparency, the realities of "best of breed" tool sprawl, and the shifting dynamics AI introduces—both as a force for productivity and a new risk vector. The conversation emphasizes the importance of cooperation between technical leaders and business teams, warns against over-reliance on platforms and AI, and ultimately argues for a blend of human expertise and technological advancement.

2. Key Discussion Points & Insights

A. Learning Through Observation in Security and Sales [00:00–05:13]

Best Advice in Security:
Jacob Combs shares the improv-inspired advice to say "yes" instead of "no" to business requests, becoming an enabler versus a gatekeeper.

"Instead of becoming the gatekeeper, you become an enabler." (Jacob Combs, 00:03)
Lessons from Observing Effective Salespeople:
Andy Ellis describes how an observant approach to selling—identifying customer needs and offering only relevant features, not overselling—applies equally inside organizations.

"Only sell what is needed to solve the problem... Do not waste your political capital on pie in the sky fairy tales." (Andy Ellis, 03:39)
Being Personable Matters:
Interpersonal skills and genuine engagement are highlighted as central to building trust and closing deals.

B. The AppSec Vendor Gap: Misaligned Solutions [05:32–09:59]

Mismatch Between Vendor Offerings and Real-World Needs:
Vendors often develop products based on theoretical models, failing to integrate with the actual workflows of modern organizations, where security responsibilities straddle both software and security teams.
Governance vs. Operational Ownership:
Andy points out that while security teams are held accountable for code security, only software teams can implement changes—leaving a persistent gap only solvable at the CEO/board level.
One-size-fits-all Solutions Don't Work:
Jacob emphasizes the complexity and variability of tech stacks in organizations (especially those with legacy components), making integration and customization of security tools a major challenge.

C. Understanding Security Sales and the Value of Honesty [10:05–16:58]

Honesty Over Hype:
CISOs value transparency about what a vendor's product can and can't do, as overselling erodes trust.

"Every CISO I know respects honesty more than bravado." (Rinki Sethi, quoted by David Spark, 10:05)
POCs and Easy Integration:
Jacob requires proof-of-concept (POC) trials and flexible integration/decommissioning for all major tools to force vendor honesty and value creation.
Overselling—A Problem from Top Down:
Andy identifies that aggressive KPIs and field marketing masquerading as sales drive overselling and create a bad experience for buyers.
What Makes a True Platform?:
Andy offers a practical definition that a platform should have more than three separate, interchangeable entry points for products; otherwise, vendors shouldn't claim they are platforms.

D. "What's Worse?" Game: AI Embrace vs. AI Over-Reliance [18:37–25:16]

Scenario 1: Security team refuses to use AI tools, lagging behind attackers.
Scenario 2: HR hires only juniors, assuming AI will do the heavy lifting.
Debate & Insights:
Andy argues that a security team's refusal to learn and adapt with AI would be worse, as they become disconnected from business needs and innovation.
Jacob contends over-relying on junior staff guided by AI could have unintended long-term consequences, including loss of expertise and context.

E. The Realities and Potentials of AI in Business Enablement [27:00–32:26]

AI as a Productivity Multiplier:
Both Jacob and Andy observe significant productivity gains from using AI, freeing decision-makers to focus on risk conversations and enabling deeper collaboration.
Pitfalls of Bolt-on AI:
Attempts to "AI-wash" existing workflows typically don't work; success comes from redesigning processes around AI from the ground up.
Human Context Remains Essential:
Andy stresses that AI should enhance, not replace, human judgment. For example, executives can use AI to rapidly regain context for decision-making, but ultimate direction must remain with people.

"AI writes fine... You need somebody to go in and say, does this match our narrative?" (Andy Ellis, 29:46)
Concrete Use Cases:
Documentation, threat intelligence, context gathering, and executive briefings are cited as areas where AI can "pull the heavy lifting".

F. Tool Sprawl and Consolidation in Security [32:26–34:14]

Best-of-breed Tool Proliferation:
Rapid technology evolution has led to specialized tools, but at the cost of complexity, visibility gaps, and disjointed risk management.
Solution Approach:
Internal discussions about exposure management—visibility, correlation of signals, cross-domain context—are recommended to maximize investment return and promote effective tool consolidation.

G. Are Large Enterprises Winning at Security? [34:33–39:37]

Study Findings:
Latest Scientia IRIS research shows large firms statistically have less risk, while smaller firms’ risk has doubled.
Caveat on Data:
Andy warns that reporting bias may skew these results—large enterprises are more guarded in public disclosures.
Structural Advantages of Scale:
Large organizations can form specialized teams (e.g., "center of excellence for Identity Access Management") and maintain solutions over time, while SMBs struggle with sustaining resources.
Democratization Through Tools:
MDR (managed detection and response) and AI are seen as leveling the playing field, helping smaller orgs increase efficacy and maturity.
“Security Poverty Line” as a Nuanced Issue:
The gap is real but may also exist within large organizations themselves, especially among neglected business units.

3. Notable Quotes & Moments

The Value of Observation

"We had a sales rep...He would go to a customer and you'd find out what their problem was and he would sell them one feature...What it taught me from the security side is when you're selling projects internally, only sell what is needed to solve the problem."
— Andy Ellis, [02:33–03:39]
Transparency in Sales

"Is your product good enough that if somebody knew exactly how it worked, they would still be willing to buy it...that's what you should be selling."
— Andy Ellis, [13:14]
AI and Human Value

"It turns out that AI is changing the relationships of CISOs with the rest of the C suite...AI is changing the relationships...for cybersecurity to be seen as a business enabler."
— David Spark, [27:00]
Pitfalls of Over-Reliance on AI

"If you're hiring just junior people...relying on AI all the time...It's going to have a potentially worse result in the future."
— Jacob Combs, [23:24]

4. Timestamps for Important Segments

[00:00] Best security advice—"become an enabler, not a gatekeeper"
[02:33] Lessons from observing sales and applying to security
[05:32] The persistent gap between AppSec vendor models and real-world needs
[10:05] CISOs value honesty in vendor sales, not feature exaggeration
[13:14] Andy's approach: Vendors should sell to exactly their best-fit customers
[18:42] "What's Worse?"—Security teams refusing AI vs. AI-enabling under-experienced hires
[27:00] Real-world examples: How AI increases productivity and risk engagement
[32:26] Tool sprawl, visibility, and exposure management challenges
[34:33] Research: Large businesses fare better than SMBs in incidents—but why?
[39:49] Show close and sponsor information

5. Summary Tone & Style

The conversation is lively, honest, and pragmatic—with good-natured joking (often about job titles and industry clichés), a candid look at uncomfortable truths in vendor relations, and a nuanced appreciation for the human side of tech and security. Panelists share personal stories, debate with good humor (especially during the "What's Worse?" game), and consistently circle back to the importance of trust, clarity, and valuing human expertise alongside technology.

For listeners new or familiar, this episode brings practical wisdom on integrating AI into security functions, navigating the vendor landscape, and maintaining a human edge in an increasingly automated industry.

CISO Series Podcast Episode Summary

Episode: "AI Is Very Efficient at Making Us Forget the Value of Humans"

Date: January 20, 2026
Hosts: David Spark, Andy Ellis
Guest: Jacob Combs (CISO, Tandem Diabetes Care)

1. Episode Overview

2. Key Discussion Points & Insights

A. Learning Through Observation in Security and Sales [00:00–05:13]

Best Advice in Security:
Jacob Combs shares the improv-inspired advice to say "yes" instead of "no" to business requests, becoming an enabler versus a gatekeeper.

"Instead of becoming the gatekeeper, you become an enabler." (Jacob Combs, 00:03)
Lessons from Observing Effective Salespeople:
Andy Ellis describes how an observant approach to selling—identifying customer needs and offering only relevant features, not overselling—applies equally inside organizations.

"Only sell what is needed to solve the problem... Do not waste your political capital on pie in the sky fairy tales." (Andy Ellis, 03:39)
Being Personable Matters:
Interpersonal skills and genuine engagement are highlighted as central to building trust and closing deals.

B. The AppSec Vendor Gap: Misaligned Solutions [05:32–09:59]

Mismatch Between Vendor Offerings and Real-World Needs:
Vendors often develop products based on theoretical models, failing to integrate with the actual workflows of modern organizations, where security responsibilities straddle both software and security teams.
Governance vs. Operational Ownership:
Andy points out that while security teams are held accountable for code security, only software teams can implement changes—leaving a persistent gap only solvable at the CEO/board level.
One-size-fits-all Solutions Don't Work:
Jacob emphasizes the complexity and variability of tech stacks in organizations (especially those with legacy components), making integration and customization of security tools a major challenge.

C. Understanding Security Sales and the Value of Honesty [10:05–16:58]

Honesty Over Hype:
CISOs value transparency about what a vendor's product can and can't do, as overselling erodes trust.

"Every CISO I know respects honesty more than bravado." (Rinki Sethi, quoted by David Spark, 10:05)
POCs and Easy Integration:
Jacob requires proof-of-concept (POC) trials and flexible integration/decommissioning for all major tools to force vendor honesty and value creation.
Overselling—A Problem from Top Down:
Andy identifies that aggressive KPIs and field marketing masquerading as sales drive overselling and create a bad experience for buyers.
What Makes a True Platform?:
Andy offers a practical definition that a platform should have more than three separate, interchangeable entry points for products; otherwise, vendors shouldn't claim they are platforms.

D. "What's Worse?" Game: AI Embrace vs. AI Over-Reliance [18:37–25:16]

Scenario 1: Security team refuses to use AI tools, lagging behind attackers.
Scenario 2: HR hires only juniors, assuming AI will do the heavy lifting.
Debate & Insights:
Andy argues that a security team's refusal to learn and adapt with AI would be worse, as they become disconnected from business needs and innovation.
Jacob contends over-relying on junior staff guided by AI could have unintended long-term consequences, including loss of expertise and context.

E. The Realities and Potentials of AI in Business Enablement [27:00–32:26]

AI as a Productivity Multiplier:
Both Jacob and Andy observe significant productivity gains from using AI, freeing decision-makers to focus on risk conversations and enabling deeper collaboration.
Pitfalls of Bolt-on AI:
Attempts to "AI-wash" existing workflows typically don't work; success comes from redesigning processes around AI from the ground up.
Human Context Remains Essential:
Andy stresses that AI should enhance, not replace, human judgment. For example, executives can use AI to rapidly regain context for decision-making, but ultimate direction must remain with people.

"AI writes fine... You need somebody to go in and say, does this match our narrative?" (Andy Ellis, 29:46)
Concrete Use Cases:
Documentation, threat intelligence, context gathering, and executive briefings are cited as areas where AI can "pull the heavy lifting".

F. Tool Sprawl and Consolidation in Security [32:26–34:14]

Best-of-breed Tool Proliferation:
Rapid technology evolution has led to specialized tools, but at the cost of complexity, visibility gaps, and disjointed risk management.
Solution Approach:
Internal discussions about exposure management—visibility, correlation of signals, cross-domain context—are recommended to maximize investment return and promote effective tool consolidation.

G. Are Large Enterprises Winning at Security? [34:33–39:37]

Study Findings:
Latest Scientia IRIS research shows large firms statistically have less risk, while smaller firms’ risk has doubled.
Caveat on Data:
Andy warns that reporting bias may skew these results—large enterprises are more guarded in public disclosures.
Structural Advantages of Scale:
Large organizations can form specialized teams (e.g., "center of excellence for Identity Access Management") and maintain solutions over time, while SMBs struggle with sustaining resources.
Democratization Through Tools:
MDR (managed detection and response) and AI are seen as leveling the playing field, helping smaller orgs increase efficacy and maturity.
“Security Poverty Line” as a Nuanced Issue:
The gap is real but may also exist within large organizations themselves, especially among neglected business units.

3. Notable Quotes & Moments

The Value of Observation

"We had a sales rep...He would go to a customer and you'd find out what their problem was and he would sell them one feature...What it taught me from the security side is when you're selling projects internally, only sell what is needed to solve the problem."
— Andy Ellis, [02:33–03:39]
Transparency in Sales

"Is your product good enough that if somebody knew exactly how it worked, they would still be willing to buy it...that's what you should be selling."
— Andy Ellis, [13:14]
AI and Human Value

"It turns out that AI is changing the relationships of CISOs with the rest of the C suite...AI is changing the relationships...for cybersecurity to be seen as a business enabler."
— David Spark, [27:00]
Pitfalls of Over-Reliance on AI

"If you're hiring just junior people...relying on AI all the time...It's going to have a potentially worse result in the future."
— Jacob Combs, [23:24]

4. Timestamps for Important Segments

[00:00] Best security advice—"become an enabler, not a gatekeeper"
[02:33] Lessons from observing sales and applying to security
[05:32] The persistent gap between AppSec vendor models and real-world needs
[10:05] CISOs value honesty in vendor sales, not feature exaggeration
[13:14] Andy's approach: Vendors should sell to exactly their best-fit customers
[18:42] "What's Worse?"—Security teams refusing AI vs. AI-enabling under-experienced hires
[27:00] Real-world examples: How AI increases productivity and risk engagement
[32:26] Tool sprawl, visibility, and exposure management challenges
[34:33] Research: Large businesses fare better than SMBs in incidents—but why?
[39:49] Show close and sponsor information

wavePod

AI Is Very Efficient at Making Us Forget the Value of Humans

Powered by Wave AI

Summary

CISO Series Podcast Episode Summary

Episode: "AI Is Very Efficient at Making Us Forget the Value of Humans"

1. Episode Overview

2. Key Discussion Points & Insights

A. Learning Through Observation in Security and Sales [00:00–05:13]

B. The AppSec Vendor Gap: Misaligned Solutions [05:32–09:59]

C. Understanding Security Sales and the Value of Honesty [10:05–16:58]

D. "What's Worse?" Game: AI Embrace vs. AI Over-Reliance [18:37–25:16]

E. The Realities and Potentials of AI in Business Enablement [27:00–32:26]

F. Tool Sprawl and Consolidation in Security [32:26–34:14]

G. Are Large Enterprises Winning at Security? [34:33–39:37]

3. Notable Quotes & Moments

4. Timestamps for Important Segments

5. Summary Tone & Style

Summary

CISO Series Podcast Episode Summary

Episode: "AI Is Very Efficient at Making Us Forget the Value of Humans"

1. Episode Overview

2. Key Discussion Points & Insights

A. Learning Through Observation in Security and Sales [00:00–05:13]

B. The AppSec Vendor Gap: Misaligned Solutions [05:32–09:59]

C. Understanding Security Sales and the Value of Honesty [10:05–16:58]

D. "What's Worse?" Game: AI Embrace vs. AI Over-Reliance [18:37–25:16]

E. The Realities and Potentials of AI in Business Enablement [27:00–32:26]

F. Tool Sprawl and Consolidation in Security [32:26–34:14]

G. Are Large Enterprises Winning at Security? [34:33–39:37]

3. Notable Quotes & Moments

4. Timestamps for Important Segments

5. Summary Tone & Style