Podcast Summary: CISO Series Podcast – “Now That You Mention It, I HAVE Heard Some Hype Around These AI Tools”

Date: September 23, 2025
Hosts: David Spark, Mike Johnson, Andy Ellis
Guest: Erwin Lopez, CISO, SLAC National Accelerator Laboratory
Sponsor: ThreatLocker

Episode Overview

This episode centers on the practical implications—and hype—surrounding the surge of AI tools in cybersecurity, and how security professionals can distinguish hype from true value. The hosts and guest navigate the double-edged sword of AI, the challenges leading CISOs face, emotional investment in homegrown security tools, and what modern identity protection must look like as attackers increasingly “log in” rather than hack in. The episode layers real-world stories, personal anecdotes, and lively debates, making it essential listening for anyone grappling with the rapid evolution of cyber threats and technologies.

Key Discussion Points & Insights

1. The AI Hype and Its Real Impact in Cybersecurity

Incremental vs. Transformational Value
- Justin Warren (via David Spark) highlights that while there is a lot of hype, progress with AI in cyber is often incremental: automating documentation, improving incident response policy, etc.
- Recent exploits (like GitHub’s MCP server via prompt poisoning) show AI can scale both “good and bad” rapidly.
Experimentation Phase
- Mike Johnson advocates embracing experimentation, drawing parallels with the early “wild west” days of cloud and mobile computing:
  
  “Some of these things are going to fail spectacularly. Most are going to be somewhere between huge improvements and spectacular failures. But I really think the thing that we need to get comfortable with is the idea of experimentation.” (06:06)
AI as a Force Multiplier
- Erwin Lopez cautions that AI multiplies both defender and attacker capabilities:
  
  “Bad guys are going to [be] utilizing the same tools we’re trying to use... We open up our own [attack surface] to new types of vulnerabilities.” (07:30)
- Erwin recounts a personal story where ChatGPT helped synthesize disparate medical data, leading to a vital real-life diagnosis missed by his doctors:
  
  “When I ended up putting [my medical data] into ChatGPT, it gave me a lot of different options... I talked to my doctor and said, ‘Could I get a liver MRI?’ which actually led to a real diagnosis that I did have a blood clot in my liver.” (08:58)

2. CISO Burnout: Constantly Having to “Sell” Security

A Reddit user laments being tired of convincing their organization to care; the crew discusses how burnout is often tied to endlessly repeating the same message rather than boredom per se.
Erwin Lopez finds motivation in building programs and technical hands-on work, despite the frustrations:

“The constant need to sell security and translate risk for the business is exhausting... But for me personally, staying connected to the technical expertise is what keeps me motivated.” (11:55)
Mike Johnson frames it as a universal problem:

“We’re not going to change human nature. So we need to find our mechanisms to cope with it... Do some self-care, because you’re not going to change it.” (13:13)

3. What’s Worse? AI Vendor Risk & Internal Breaches

Scenario A: Unvetted third-party AI provider is breached; data exposure unknown.
Scenario B: Internal AI feature breached via prompt injection; data exposure unknown.
Debate:
- Mike Johnson prioritizes reputational risk: internal breaches hit harder publicly.
  
  “If I think about ‘it’s my breach’ versus ‘somebody else’s breach’, the reputation impact is greater if it’s my breach.” (18:05)
- Erwin Lopez notes the potential for deeper escalation when a breach happens internally—think lateral movement.
  
  “If it’s my breach, it could lead to other nefarious activities like lateral movement...” (18:45)
- Both agree: Neither situation is good, but nuance matters.

4. Modern Identity Attacks: Logging In, Not Hacking In

The roundtable notes attackers rarely “hack”—instead, they log in using stolen credentials (Tom Etheridge, CrowdStrike).
Erwin’s Playbook:
- Assume breach high-fidelity surveillance: “The traditional hardened perimeter... no longer works.”
- Multi-factor authentication (phish-resistant)
- EDR + identity protection + honeypots for lateral movement detection
- Behavioral business rules to spot anomalies
- Zero Trust mindset
Mike Johnson explains the role of “initial access brokers” who only collect and sell credentials, making detection and prosecution difficult:

“There are actors called initial access brokers... all they do is collect credentials and session tokens, and then sell them. That’s been going on for years now.” (25:40)

5. The IKEA Effect: Letting Go of What We Build

Security teams are often emotionally tied to custom-built SIEM rules and detection logic—even when superior solutions exist.
Mike Johnson introduces pets vs. cattle analogy (originally by Sunil Yu): treat internal tools as disposable “cattle,” not emotionally significant “pets.”

“When [internal tools] outlive their usefulness, it’s time to move on. We shouldn’t be attached to them.” (29:23)
Erwin Lopez emphasizes the pain of replacement but also the perils of single points of failure and rising maintenance costs:

“You’ve put a lot of love and emotion and time into this... but when you’re paying the maintenance tax... maybe it’s time... but it can be very painful.” (30:45)
Both stress the need to periodically evaluate and migrate, even if difficult.

Notable Quotes & Memorable Moments

On Using AI for Personal Health:

“I used AIM LLMs to self-diagnose and find something the doctor could not find.”
— Erwin Lopez (09:39)
On CISO Burnout:

“At the end of the day, it is our job to care about cybersecurity... We’re not the only ones who face that.”
— Mike Johnson (13:13)
Classic Security Reality Check:

“Threat actors aren’t hacking in anymore, they’re logging in.”
— Reciting Tom Etheridge, CrowdStrike (23:45)
Engineering Attachment:

“You have to think of them [internal tools] as cattle. When they outlive their usefulness, it’s time to move on.”
— Mike Johnson (29:23)

Timestamps for Important Segments

04:54 – Guest Introduction: Erwin Lopez
05:12 – Main Topic: AI Hype, Risk & Real Value
07:30 – Erwin’s AI/Health Personal Anecdote
10:46 – Why CISOs Are Burning Out
16:20 – What’s Worse Scenario: AI Vendor vs. Internal Breach
23:45 – Identity Issues: Attackers “logging in”
27:34 – The IKEA Effect & Legacy Tool Attachment

Tone and Style

Conversational, candid, and seasoned with personal stories and humor. The show’s tone remains practical, supportive, and slightly irreverent (“What are these stupid kids doing? I’m an old man now.”), blending technical insights with human realities—fatigue, pride, and the challenge of letting go.

For security leaders grappling with AI, evolving identity threats, and the human side of cyber, this episode is an accessible, nuanced, and illuminating listen.

Podcast Summary: CISO Series Podcast – “Now That You Mention It, I HAVE Heard Some Hype Around These AI Tools”

Date: September 23, 2025
Hosts: David Spark, Mike Johnson, Andy Ellis
Guest: Erwin Lopez, CISO, SLAC National Accelerator Laboratory
Sponsor: ThreatLocker

Episode Overview

Key Discussion Points & Insights

1. The AI Hype and Its Real Impact in Cybersecurity

Incremental vs. Transformational Value
- Justin Warren (via David Spark) highlights that while there is a lot of hype, progress with AI in cyber is often incremental: automating documentation, improving incident response policy, etc.
- Recent exploits (like GitHub’s MCP server via prompt poisoning) show AI can scale both “good and bad” rapidly.
Experimentation Phase
- Mike Johnson advocates embracing experimentation, drawing parallels with the early “wild west” days of cloud and mobile computing:
  
  “Some of these things are going to fail spectacularly. Most are going to be somewhere between huge improvements and spectacular failures. But I really think the thing that we need to get comfortable with is the idea of experimentation.” (06:06)
AI as a Force Multiplier
- Erwin Lopez cautions that AI multiplies both defender and attacker capabilities:
  
  “Bad guys are going to [be] utilizing the same tools we’re trying to use... We open up our own [attack surface] to new types of vulnerabilities.” (07:30)
- Erwin recounts a personal story where ChatGPT helped synthesize disparate medical data, leading to a vital real-life diagnosis missed by his doctors:
  
  “When I ended up putting [my medical data] into ChatGPT, it gave me a lot of different options... I talked to my doctor and said, ‘Could I get a liver MRI?’ which actually led to a real diagnosis that I did have a blood clot in my liver.” (08:58)

2. CISO Burnout: Constantly Having to “Sell” Security

A Reddit user laments being tired of convincing their organization to care; the crew discusses how burnout is often tied to endlessly repeating the same message rather than boredom per se.
Erwin Lopez finds motivation in building programs and technical hands-on work, despite the frustrations:

“The constant need to sell security and translate risk for the business is exhausting... But for me personally, staying connected to the technical expertise is what keeps me motivated.” (11:55)
Mike Johnson frames it as a universal problem:

“We’re not going to change human nature. So we need to find our mechanisms to cope with it... Do some self-care, because you’re not going to change it.” (13:13)

3. What’s Worse? AI Vendor Risk & Internal Breaches

Scenario A: Unvetted third-party AI provider is breached; data exposure unknown.
Scenario B: Internal AI feature breached via prompt injection; data exposure unknown.
Debate:
- Mike Johnson prioritizes reputational risk: internal breaches hit harder publicly.
  
  “If I think about ‘it’s my breach’ versus ‘somebody else’s breach’, the reputation impact is greater if it’s my breach.” (18:05)
- Erwin Lopez notes the potential for deeper escalation when a breach happens internally—think lateral movement.
  
  “If it’s my breach, it could lead to other nefarious activities like lateral movement...” (18:45)
- Both agree: Neither situation is good, but nuance matters.

4. Modern Identity Attacks: Logging In, Not Hacking In

The roundtable notes attackers rarely “hack”—instead, they log in using stolen credentials (Tom Etheridge, CrowdStrike).
Erwin’s Playbook:
- Assume breach high-fidelity surveillance: “The traditional hardened perimeter... no longer works.”
- Multi-factor authentication (phish-resistant)
- EDR + identity protection + honeypots for lateral movement detection
- Behavioral business rules to spot anomalies
- Zero Trust mindset
Mike Johnson explains the role of “initial access brokers” who only collect and sell credentials, making detection and prosecution difficult:

“There are actors called initial access brokers... all they do is collect credentials and session tokens, and then sell them. That’s been going on for years now.” (25:40)

5. The IKEA Effect: Letting Go of What We Build

Security teams are often emotionally tied to custom-built SIEM rules and detection logic—even when superior solutions exist.
Mike Johnson introduces pets vs. cattle analogy (originally by Sunil Yu): treat internal tools as disposable “cattle,” not emotionally significant “pets.”

“When [internal tools] outlive their usefulness, it’s time to move on. We shouldn’t be attached to them.” (29:23)
Erwin Lopez emphasizes the pain of replacement but also the perils of single points of failure and rising maintenance costs:

“You’ve put a lot of love and emotion and time into this... but when you’re paying the maintenance tax... maybe it’s time... but it can be very painful.” (30:45)
Both stress the need to periodically evaluate and migrate, even if difficult.

Notable Quotes & Memorable Moments

On Using AI for Personal Health:

“I used AIM LLMs to self-diagnose and find something the doctor could not find.”
— Erwin Lopez (09:39)
On CISO Burnout:

“At the end of the day, it is our job to care about cybersecurity... We’re not the only ones who face that.”
— Mike Johnson (13:13)
Classic Security Reality Check:

“Threat actors aren’t hacking in anymore, they’re logging in.”
— Reciting Tom Etheridge, CrowdStrike (23:45)
Engineering Attachment:

“You have to think of them [internal tools] as cattle. When they outlive their usefulness, it’s time to move on.”
— Mike Johnson (29:23)

Timestamps for Important Segments

04:54 – Guest Introduction: Erwin Lopez
05:12 – Main Topic: AI Hype, Risk & Real Value
07:30 – Erwin’s AI/Health Personal Anecdote
10:46 – Why CISOs Are Burning Out
16:20 – What’s Worse Scenario: AI Vendor vs. Internal Breach
23:45 – Identity Issues: Attackers “logging in”
27:34 – The IKEA Effect & Legacy Tool Attachment

Tone and Style

For security leaders grappling with AI, evolving identity threats, and the human side of cyber, this episode is an accessible, nuanced, and illuminating listen.

wavePod

Now That You Mention It I HAVE Heard Some Hype Around These AI Tools

Powered by Wave AI

Summary

Podcast Summary: CISO Series Podcast – “Now That You Mention It, I HAVE Heard Some Hype Around These AI Tools”

Episode Overview

Key Discussion Points & Insights

1. The AI Hype and Its Real Impact in Cybersecurity

2. CISO Burnout: Constantly Having to “Sell” Security

3. What’s Worse? AI Vendor Risk & Internal Breaches

4. Modern Identity Attacks: Logging In, Not Hacking In

5. The IKEA Effect: Letting Go of What We Build

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone and Style

Summary

Podcast Summary: CISO Series Podcast – “Now That You Mention It, I HAVE Heard Some Hype Around These AI Tools”

Episode Overview

Key Discussion Points & Insights

1. The AI Hype and Its Real Impact in Cybersecurity

2. CISO Burnout: Constantly Having to “Sell” Security

3. What’s Worse? AI Vendor Risk & Internal Breaches

4. Modern Identity Attacks: Logging In, Not Hacking In

5. The IKEA Effect: Letting Go of What We Build

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone and Style