Cybersecurity Today – RSAC Recap: Agentic AI and Interview with Commvault CISO Bill O'Connell

Host: Jim Love
Co-host: David Shipley
Guest: Bill O'Connell, Chief Security Officer, Commvault
Date: March 28, 2026

Episode Overview

This episode features a lively debrief from the RSA Conference (RSAC) 2026, centering on the shift from "zero trust" to "agentic AI" as the new industry buzzword. Jim Love and David Shipley dissect the hype, reality, and fallout of AI trends in cybersecurity, market economics, and the fundamental changes within the industry. The episode also features an in-depth interview with Bill O'Connell, Commvault’s CISO, exploring cyber resilience, the evolving role of CISOs, and the critical importance of backups and “resiliency operations” in the age of increasingly autonomous AI.

Key Themes & Insights

1. The Death of “Zero Trust” and the Rise of Agentic AI

(01:06–05:40)

David Shipley observes that "zero trust" has all but vanished from RSA, replaced by "agentic AI" as the industry's new darling.
Marketing frenzy around AI: “Some vendors...having a competition...to see how many times they could put AI in different ways on the same booth.” (02:04, Shipley)
“Agentic SOC” was the No. 1 term and product announcement everywhere at RSAC.
Concerns arise about autonomous AI's potential: “It unleashes the potential of the Star Trek like computer. We're fascinated by that. But it also can go wrong, as we have covered in hilariously bad ways.” (02:23, Shipley)

2. The Tech/Money Shift: AI Eats Cyber

(03:41–07:55)

Cybersecurity has, for 10–15 years, been the “coolest kid at SAS high school...easiest to raise money,” but is now losing favor to the explosive AI boom.
Major impact: Anthropic’s Open Claw debut immediately dropped cybersecurity stock prices by 5–8%.
“The whispers are starting to get louder about what AI is doing to cybersecurity company valuations...the tap I think is about to get closed.” (04:34, Shipley)
Industry faces consolidation: less money for cybersecurity start-ups, rising prices for buyers.
Jim Love links the AI product gold rush to rapid layoffs and industry disruption: “People are reducing staff in advance of anticipated AI benefits. And the last part of that sentence is important.” (09:03, Love)

3. AI’s Asymmetrical Impact: Attackers vs. Defenders

(09:35–11:44)

Strong consensus that AI disproportionately benefits attackers due to their speed, lack of constraints, and risk appetite: “AI. Generative AI tooling disproportionately by orders of magnitude favors attackers...I think it's closer to 80-20.” (09:35, Shipley)
Real-world demo: “Tammy Harper just gave me a demo earlier today of a brand new phishing as a service platform...able to tap into every single one of these latest models...” (10:05, Shipley)
Defensive AI is necessary, but defenders are disadvantaged by bureaucracy, slow adoption, and competing demands.

4. RSAC Floor Vibes: Spectacle vs. Substance

(11:47–14:05)

Booths increasingly resemble entertainment setpieces: castles, dragons, western saloons, 50s neon diners—and even a wrestling ring (by Commvault).
Shipley sees this as a troubling sign: “We're using spectacle as an industry and I think that's a warning sign.” (13:12, Shipley)
Standout: Mind Guard’s 90s dorm-themed booth, a metaphor for how early the industry is in AI security, and how much catching up is left: “We are at right now with AI where we were in the late 1990s with cybersecurity.” (14:00, Shipley paraphrasing Aaron Portnoy)

Interview: Bill O’Connell, Chief Security Officer, Commvault

(17:09–37:06)

Commvault’s Mission and Cyber Resilience

Bill O’Connell introduces Commvault as a 27-year veteran in data backup, with a pivot to cyber resilience under new leadership. “Everything has to sound cool. But, yeah, it's about helping companies figure out what are their most important workloads and make sure that they can be resilient.” (17:41, O’Connell)

The Evolution and Elevation of the CISO Role

The CISO’s influence has grown; they now regularly brief the board and CEO. “You see so many companies where it [CISO] reports to the CEO. They're talking to the board. I'm talking to the board and the audit committee regularly. That's very different.” (18:41, O’Connell)

Technical Translation and the Risk Conversation

O’Connell stresses the necessity to translate technical threats into business-relevant language: “How do I talk about SQL injection...if I get in the weeds...I can sum it up in a way that matters, and I think that's part of the CISO job.” (20:16–21:15, O’Connell)
Risk is the key context: “For me, it's all about risk...trying to block out the FUD factor and really keep the organization focused.” (21:47, O’Connell)

Agentic AI: Relevance of the CISO & Security Playbooks

On AI’s hype and opportunity: “It's only going to be as good as the people using it. So you need to make sure you’ve done that awareness piece.” (22:44–24:00, O’Connell)
Concrete example from pop culture:
“There's this famous episode ... where Son of Anton, an AI comes in and ... the most logical choice to eliminate all bugs was eliminate all software.” (24:33, Shipley)
O'Connell ties back to backup and recovery, echoing the need for resilience and recovery beyond prevention.

Building “Resiliency Ops” – Not Just Defense

O’Connell introduces "Res Ops" (Resiliency Operations) as an emerging discipline alongside DevOps/SecOps: “How can I expect to be good at something if I've never practiced it? ... our tag word for Res Ops...that’s genius to me. This needs to be a discipline.” (28:24, O’Connell)
Practices are critical: drills, muscle memory, disaster readiness. “Some disruption will happen. Spoiler alert to all the CISOs here...Are you built for it? Are you ready?...Have you practiced it? I think it's critical.” (30:49, O’Connell)

CISO Advice and the Shift to Business Enablement

O’Connell’s advice to new CISOs: “Make sure you understand your business well....How does the CFO talk about the company? How does the CEO think? ... I filter everything...through those lenses.” (31:24–32:52, O’Connell)
The CISO as a bridge, enabling business and not just preventing disaster.

Celebrating the CISO: Chief Scapegoat to Chief Enabler

O’Connell praises Time Magazine’s “CISO of the Year” as overdue recognition: “When I first heard that Time wanted to do CISO of the year...What an amazing accomplishment.” (33:51, O’Connell)
The mantra from his medical space days: “We have to do the security that regulators require, customers expect and patients deserve.” (35:00, O’Connell)

Is It Worth It? The CISO Calling

O’Connell reflects on why he finds value in the role despite the stress: “For me, that sense of I want to be a part of protecting something. And so if that speaks to somebody out there, I think that it's absolutely worth it.” (35:47, O’Connell)
Paraphrased by Shipley: “Almost like with great power comes great responsibility.” (36:53, Shipley)

Memorable Quotes & Timestamps

David Shipley:
“They have dropped [Zero Trust]. It's dead. And it's not just like marketing, metaphorically dead...they are absolutely going all in on trust on something else.” (01:06)
Jim Love:
“People are reducing staff in advance of anticipated AI benefits. And the last part of that sentence is important.” (09:03)
Bill O'Connell:
“Security people are paid to be paranoid. Sometimes that's not a fun headspace to live in....making sure. How do I translate that in the right way, where I'm not downplaying the risk at all, but I'm making that connection.” (20:16–21:15)
O’Connell on Resiliency:
“Some disruption will happen....Are you built for it? Are you ready?...Have you practiced it? I think it's critical.” (30:49)
O’Connell on CISO Recognition:
“When I first heard that Time magazine wanted to do CISO of the year...What an amazing accomplishment.” (33:51)

Notable Moments & Segments

RSAC Booth Madness: Wrestlers, dragons, neon diners, and a 90s dorm.
Mind Guard’s Booth: Metaphorically places society at the late 90s of AI security maturity (14:00–15:22).
Agentic AI Product Gold Rush: Commentary on soaring marketing and potential future consolidation (03:41–07:55).
A real-world AI risk analogy: "Son of Anton" wipes out production—echoed in CISO wisdom about software and backup (24:33–25:03).
Emerging practice: “Resiliency ops” as essential CISO discipline (28:24–28:35).

Final Thoughts

The episode captures a snapshot of a cybersecurity world rocked by agentic AI’s rapid rise. It emphasizes the changing economics, mounting pressures on the defender community, and the new market realities compelling consolidation and higher costs. The interview with Bill O’Connell provides a grounded practitioner’s perspective on leadership, risk, effective communication, and the critical role of backup and recovery — positioning the modern CISO not only as a risk manager but also as an essential business enabler and leader worthy of recognition and respect.

Key Timestamps

Shift in Buzzwords (Zero Trust → Agentic AI): 01:06
Market/Economics & AI Disruption: 03:41–07:55
Job Losses & Layoffs Trend: 09:03
AI's Asymmetric Benefit: 09:35–11:44
RSAC Booths & Mind Guard Metaphor: 11:47–15:22
Bill O’Connell Interview Starts: 17:09
CISO Role & Risk Communication: 18:03–22:22
Backups, Recovery, and Res Ops: 24:33–28:35
CISO Recognition & Worth: 33:39–36:53

Listener Prompt:
Got thoughts on the CISO journey or the rise of agentic AI? Share your comments with the show at technewsday.com or chime in on YouTube.

Cybersecurity Today – RSAC Recap: Agentic AI and Interview with Commvault CISO Bill O'Connell

Host: Jim Love
Co-host: David Shipley
Guest: Bill O'Connell, Chief Security Officer, Commvault
Date: March 28, 2026

Episode Overview

Key Themes & Insights

1. The Death of “Zero Trust” and the Rise of Agentic AI

(01:06–05:40)

David Shipley observes that "zero trust" has all but vanished from RSA, replaced by "agentic AI" as the industry's new darling.
Marketing frenzy around AI: “Some vendors...having a competition...to see how many times they could put AI in different ways on the same booth.” (02:04, Shipley)
“Agentic SOC” was the No. 1 term and product announcement everywhere at RSAC.
Concerns arise about autonomous AI's potential: “It unleashes the potential of the Star Trek like computer. We're fascinated by that. But it also can go wrong, as we have covered in hilariously bad ways.” (02:23, Shipley)

2. The Tech/Money Shift: AI Eats Cyber

(03:41–07:55)

Cybersecurity has, for 10–15 years, been the “coolest kid at SAS high school...easiest to raise money,” but is now losing favor to the explosive AI boom.
Major impact: Anthropic’s Open Claw debut immediately dropped cybersecurity stock prices by 5–8%.
“The whispers are starting to get louder about what AI is doing to cybersecurity company valuations...the tap I think is about to get closed.” (04:34, Shipley)
Industry faces consolidation: less money for cybersecurity start-ups, rising prices for buyers.
Jim Love links the AI product gold rush to rapid layoffs and industry disruption: “People are reducing staff in advance of anticipated AI benefits. And the last part of that sentence is important.” (09:03, Love)

3. AI’s Asymmetrical Impact: Attackers vs. Defenders

(09:35–11:44)

Strong consensus that AI disproportionately benefits attackers due to their speed, lack of constraints, and risk appetite: “AI. Generative AI tooling disproportionately by orders of magnitude favors attackers...I think it's closer to 80-20.” (09:35, Shipley)
Real-world demo: “Tammy Harper just gave me a demo earlier today of a brand new phishing as a service platform...able to tap into every single one of these latest models...” (10:05, Shipley)
Defensive AI is necessary, but defenders are disadvantaged by bureaucracy, slow adoption, and competing demands.

4. RSAC Floor Vibes: Spectacle vs. Substance

(11:47–14:05)

Booths increasingly resemble entertainment setpieces: castles, dragons, western saloons, 50s neon diners—and even a wrestling ring (by Commvault).
Shipley sees this as a troubling sign: “We're using spectacle as an industry and I think that's a warning sign.” (13:12, Shipley)
Standout: Mind Guard’s 90s dorm-themed booth, a metaphor for how early the industry is in AI security, and how much catching up is left: “We are at right now with AI where we were in the late 1990s with cybersecurity.” (14:00, Shipley paraphrasing Aaron Portnoy)

Interview: Bill O’Connell, Chief Security Officer, Commvault

(17:09–37:06)

Commvault’s Mission and Cyber Resilience

Bill O’Connell introduces Commvault as a 27-year veteran in data backup, with a pivot to cyber resilience under new leadership. “Everything has to sound cool. But, yeah, it's about helping companies figure out what are their most important workloads and make sure that they can be resilient.” (17:41, O’Connell)

The Evolution and Elevation of the CISO Role

The CISO’s influence has grown; they now regularly brief the board and CEO. “You see so many companies where it [CISO] reports to the CEO. They're talking to the board. I'm talking to the board and the audit committee regularly. That's very different.” (18:41, O’Connell)

Technical Translation and the Risk Conversation

O’Connell stresses the necessity to translate technical threats into business-relevant language: “How do I talk about SQL injection...if I get in the weeds...I can sum it up in a way that matters, and I think that's part of the CISO job.” (20:16–21:15, O’Connell)
Risk is the key context: “For me, it's all about risk...trying to block out the FUD factor and really keep the organization focused.” (21:47, O’Connell)

Agentic AI: Relevance of the CISO & Security Playbooks

On AI’s hype and opportunity: “It's only going to be as good as the people using it. So you need to make sure you’ve done that awareness piece.” (22:44–24:00, O’Connell)
Concrete example from pop culture:
“There's this famous episode ... where Son of Anton, an AI comes in and ... the most logical choice to eliminate all bugs was eliminate all software.” (24:33, Shipley)
O'Connell ties back to backup and recovery, echoing the need for resilience and recovery beyond prevention.

Building “Resiliency Ops” – Not Just Defense

O’Connell introduces "Res Ops" (Resiliency Operations) as an emerging discipline alongside DevOps/SecOps: “How can I expect to be good at something if I've never practiced it? ... our tag word for Res Ops...that’s genius to me. This needs to be a discipline.” (28:24, O’Connell)
Practices are critical: drills, muscle memory, disaster readiness. “Some disruption will happen. Spoiler alert to all the CISOs here...Are you built for it? Are you ready?...Have you practiced it? I think it's critical.” (30:49, O’Connell)

CISO Advice and the Shift to Business Enablement

O’Connell’s advice to new CISOs: “Make sure you understand your business well....How does the CFO talk about the company? How does the CEO think? ... I filter everything...through those lenses.” (31:24–32:52, O’Connell)
The CISO as a bridge, enabling business and not just preventing disaster.

Celebrating the CISO: Chief Scapegoat to Chief Enabler

O’Connell praises Time Magazine’s “CISO of the Year” as overdue recognition: “When I first heard that Time wanted to do CISO of the year...What an amazing accomplishment.” (33:51, O’Connell)
The mantra from his medical space days: “We have to do the security that regulators require, customers expect and patients deserve.” (35:00, O’Connell)

Is It Worth It? The CISO Calling

O’Connell reflects on why he finds value in the role despite the stress: “For me, that sense of I want to be a part of protecting something. And so if that speaks to somebody out there, I think that it's absolutely worth it.” (35:47, O’Connell)
Paraphrased by Shipley: “Almost like with great power comes great responsibility.” (36:53, Shipley)

Memorable Quotes & Timestamps

David Shipley:
“They have dropped [Zero Trust]. It's dead. And it's not just like marketing, metaphorically dead...they are absolutely going all in on trust on something else.” (01:06)
Jim Love:
“People are reducing staff in advance of anticipated AI benefits. And the last part of that sentence is important.” (09:03)
Bill O'Connell:
“Security people are paid to be paranoid. Sometimes that's not a fun headspace to live in....making sure. How do I translate that in the right way, where I'm not downplaying the risk at all, but I'm making that connection.” (20:16–21:15)
O’Connell on Resiliency:
“Some disruption will happen....Are you built for it? Are you ready?...Have you practiced it? I think it's critical.” (30:49)
O’Connell on CISO Recognition:
“When I first heard that Time magazine wanted to do CISO of the year...What an amazing accomplishment.” (33:51)

Notable Moments & Segments

RSAC Booth Madness: Wrestlers, dragons, neon diners, and a 90s dorm.
Mind Guard’s Booth: Metaphorically places society at the late 90s of AI security maturity (14:00–15:22).
Agentic AI Product Gold Rush: Commentary on soaring marketing and potential future consolidation (03:41–07:55).
A real-world AI risk analogy: "Son of Anton" wipes out production—echoed in CISO wisdom about software and backup (24:33–25:03).
Emerging practice: “Resiliency ops” as essential CISO discipline (28:24–28:35).

Final Thoughts

Key Timestamps

Shift in Buzzwords (Zero Trust → Agentic AI): 01:06
Market/Economics & AI Disruption: 03:41–07:55
Job Losses & Layoffs Trend: 09:03
AI's Asymmetric Benefit: 09:35–11:44
RSAC Booths & Mind Guard Metaphor: 11:47–15:22
Bill O’Connell Interview Starts: 17:09
CISO Role & Risk Communication: 18:03–22:22
Backups, Recovery, and Res Ops: 24:33–28:35
CISO Recognition & Worth: 33:39–36:53

Listener Prompt:
Got thoughts on the CISO journey or the rise of agentic AI? Share your comments with the show at technewsday.com or chime in on YouTube.

RSAC Recap: Agentic AI and Interview With Commvault CISO Bill O'Connell

Summary

Cybersecurity Today – RSAC Recap: Agentic AI and Interview with Commvault CISO Bill O'Connell

Episode Overview

Key Themes & Insights

1. The Death of “Zero Trust” and the Rise of Agentic AI

2. The Tech/Money Shift: AI Eats Cyber

3. AI’s Asymmetrical Impact: Attackers vs. Defenders

4. RSAC Floor Vibes: Spectacle vs. Substance

Interview: Bill O’Connell, Chief Security Officer, Commvault

Commvault’s Mission and Cyber Resilience

The Evolution and Elevation of the CISO Role

Technical Translation and the Risk Conversation

Agentic AI: Relevance of the CISO & Security Playbooks

Building “Resiliency Ops” – Not Just Defense

CISO Advice and the Shift to Business Enablement

Celebrating the CISO: Chief Scapegoat to Chief Enabler

Is It Worth It? The CISO Calling

Memorable Quotes & Timestamps

Notable Moments & Segments

Final Thoughts

Key Timestamps

Summary

Cybersecurity Today – RSAC Recap: Agentic AI and Interview with Commvault CISO Bill O'Connell

Episode Overview

Key Themes & Insights

1. The Death of “Zero Trust” and the Rise of Agentic AI

2. The Tech/Money Shift: AI Eats Cyber

3. AI’s Asymmetrical Impact: Attackers vs. Defenders

4. RSAC Floor Vibes: Spectacle vs. Substance

Interview: Bill O’Connell, Chief Security Officer, Commvault

Commvault’s Mission and Cyber Resilience

The Evolution and Elevation of the CISO Role

Technical Translation and the Risk Conversation

Agentic AI: Relevance of the CISO & Security Playbooks

Building “Resiliency Ops” – Not Just Defense

CISO Advice and the Shift to Business Enablement

Celebrating the CISO: Chief Scapegoat to Chief Enabler

Is It Worth It? The CISO Calling

Memorable Quotes & Timestamps

Notable Moments & Segments

Final Thoughts

Key Timestamps