CyberWire Daily – CISO Perspectives Season Finale: Leading Security in a Brave New World

Podcast: CyberWire Daily
Host: Ethan Cook (N2K Networks) with guest Kim Jones
Date: December 30, 2025

Episode Overview

The season finale of CISO Perspectives brings host Ethan Cook together with showrunner Kim Jones for a reflective conversation on the trends, challenges, and insights discussed throughout the season. Focusing on the “brave new world” of cybersecurity, the hosts explore the evolving landscape shaped by AI, quantum technologies, and the intertwined forces of business, innovation, and operational risk. The conversation also touches on the perennial balance between securing environments and enabling business growth, and the critical need to retain cybersecurity fundamentals in a rapidly changing industry.

Key Discussion Points and Insights

1. AI’s Rapid Ascent and Cultural Impact

Hype and Overextension:
- AI is now almost a mandatory buzzword in cybersecurity. Skepticism around its use is often met with dismissal.
- (Kim Jones, 03:19) “It almost seems today that if you are a naysayer regarding AI, you're treated as a Luddite or an ignoramus... What I do not believe we are effectively doing is recognizing the potential challenges and problems that exist out there, because we are all leaping to 'It has to be AI'... Without understanding the potential ramifications, the potential threats.”
Data Surrender and Risk:
- Comparison to Google’s model of trading free services for data, which is now used to train AI (04:30–05:50).
- Users have unwittingly surrendered valuable data, setting a precedent for similar risk exposure in AI adoption.
- Notable regulatory changes, such as Google’s updated terms and the automatic use of customer data in AI, went largely unchallenged.
Fears About Haphazard Adoption:
- Tech industry often follows a “ready, fire, aim” approach.
- AI brings opportunity, but quickly deploying it without due consideration for risk may have explosive consequences.
- (Kim Jones, 07:34) “Frankly, we're building crap is what it amounts to. And we're heading down a path where that possibility exists.”
Shadow AI:
- Employees inevitably use AI tools, sometimes without organizational approval, making management and control challenging.
- (Ethan Cook, 08:44) “Shadow AI is a thing. If you don’t get ahead of it, your employees are absolutely going to be using it with or without your approval…”
Best Practices and Caution:
- Structured, formal adoption plans are needed; governance, legal, and technological expertise are essential for successful integration.
- Example: UMD’s heavily monitored, permissioned AI program; Intuit’s AI governance led by a CISO with legal expertise.
- (Kim Jones, 14:04) “The challenge that we have is we're now being placed... because of an artificial sense of urgency. If we slow down enough to do this, we're standing in the way. This is the same challenge we've been facing for decades... Just faster.”

Memorable Segment

(Kim Jones, 09:39) “AI is not the Antichrist. AI is not skydiving. We have to figure out how to adopt the tools... That is a different animal from what Shop has done... started asking questions of interviewees as to what can you do that AI can't? Why should I hire you?... Those are very different approaches.”

2. Quantum Computing: Approaching Reality but a Different Path

Quantum Still On the Horizon, but Closer than Ever:
- Quantum computers now exist outside academia but are not ready for mass-market adoption (17:44).
- Immediate impacts are largely B2B (business-to-business); consumer impacts will be indirect for now.
Practical Steps for CISOs:
- Asset analysis: Identify quantum-vulnerable assets (pre-quantum encryption, key storage, disentanglement ability).
- Early migration to quantum-assured encryption is recommended to avoid last-minute scrambles akin to GenAI adoption.
- (Kim Jones, 17:44) “If we begin to take that level of approach now, we won't see that scramble when the time comes.”
AI vs. Quantum – A Consumer vs. Enterprise Revolution:
- AI went straight to consumers, fueling urgency and market hype.
- Quantum’s initial changes will be enterprise-focused—large pharmas, analytics giants, governments.
- Concerns about “harvest now, decrypt later” attacks, but large corporations’ incentives differ from nation-states.
- (Kim Jones, 21:02) “The impact of AI and the scramble... is because it went directly to the consumer... I don't think Quantum is going to have that level of consumer-based impact versus business-based impact.”

3. The Business of Cyber and Innovation

Balancing Innovation, Security, and Business Reality:
- True security must enable, not cripple, business.
- Investment decisions (VC/PE) are not just about hearing the right pitch, but about strategic alignment and market survivability.
- (Kim Jones, 27:33) “Us securing the environment to a point where the business fails is a gesture and stupidity. And we need to change that perspective.”
The Venture Capital Perspective:
- VCs sometimes reject superior security solutions for portfolio protection.
- Security leaders must actively communicate needs to investors to align R&D and funding.
- Time horizons differ: CISOs often think 1–5 years out; VCs plan for longer-term returns.
Founder Commitment:
- VCs are wary of founders (academics, serial entrepreneurs) not “all-in.” If you want big funding, you must be fully committed.
- (Ethan Cook, 33:26) “If someone's looking for money, they're all in, they're ready to go... I always thought it was OK, we're going VC, let's get everyone involved on this.”

Notable Quote

(Kim Jones, 29:52) “If we are going to complain that we're not seeing investment in those companies that meet our needs, we have to show up and communicate those needs to venture capitalists... If we want to solve the problem, we gotta show up and we don't do that as well as we should.”

4. Challenges and Opportunities for Today’s and Tomorrow’s CISOs

Recap of the “Brave New World” Theme:
- Season’s goal was to dive deeply into issues (identity, fraud, regulation, AI, quantum) often overlooked by practicing CISOs.
- Intent: Equip both new and experienced security leaders with practical knowledge and perspectives beyond the monthly incident or latest legislation.
Optimism Amidst Adversity:
- The “CISO temperament” is perpetual optimism—standing in the gap, daily, against overwhelming odds.
- (Kim Jones, 35:19) “Every ceso, in my opinion, is a consummate optimist... and you get up, you know, battered and bruised and do the same damn thing the next day.”
The Crisis of Losing Cyber Fundamentals:
- Worry about newer professionals lacking critical thinking and foundational system knowledge, instead leaning on tools and search engines for solutions.
- Growing use of AI in generating code and answers risks compounding technical debt and vulnerabilities.
- (Kim Jones, 36:54) “If you don't understand the basic fundamentals of how the system works, your ability to effectively secure it will be limited. And as tools make it easier for us to get answers... our need to understand those pieces and parts will continue to diminish.”
Call to Action:
- More experienced professionals must actively help shape the next generation—educate, set standards, and directly participate, not merely complain.
- (Kim Jones, 40:58) “We need to show up, tell people what we want and participate in the process rather than just complain and watch things continue to fall by the wayside.”

Notable Quotes & Timestamps

AI Evangelism and Consequences:
- Kim Jones (10:08): “I have great people who are evangelizing and telling me what's going to go wrong if we don't adopt now. But these same people aren't contributing to the solution... when the shit hits the fan, the rest of us have to clean up.”
AI Hype Cycle:
- Ethan Cook (12:00): “If you don't see on a cyber page AI somewhere, you are losing the race... It's all perfect, it's all going to change the world. And reality is... most of these companies... are going to fail or get swallowed up.”
Quantum Reality Check:
- Kim Jones (17:44): “Quantum computers exist now... Are you going to go down to your local Best Buy and buy one within the next year to 4 years? Prob. Not.”
The Need for Professionalism:
- Kim Jones (14:04): “This is a case where professionalism has to win, even at the expense of careerism. You know what you need to do... Don't ignore it. Educate yourself, make sure educating your constituents out there, and do the job we're being paid for.”
The Optimist’s Burden:
- Kim Jones (35:19): “Every ceso... is a consummate optimist... you get up underfunded, very tired, not enough sleep… and you get up and go stand in the gap and say, yeah, we can take them.”
On Fundamentals and the Next Generation:
- Kim Jones (37:18): “Our continuing diminishment of the need to understand how things work... is going to represent a significant challenge within the next 10 years of our ability to secure the environment.”

Key Segment Timestamps

AI Culture, Risks & Hype: 03:13 – 13:22
Managing Inevitable Adoption & Governance: 13:22 – 16:49
Quantum Computing Discussion: 16:49 – 25:31
Cyber Business, VC, and Entrepreneur Challenges: 26:27 – 33:46
Season Reflections, Optimism, and Fundamentals: 34:28 – 41:58

Episode Tone

Frank, pragmatic, and infused with both healthy skepticism (especially around hype) and persistent optimism for the security profession.
Emphasis on realism—balancing technology’s promise with operational realities, and cautioning against neglecting foundational skills.

Final Takeaways

AI and Quantum are disruptive, but require thoughtful, measured adoption to avoid unintended risks.
Security and business objectives are inseparable: true success means safeguarding while enabling growth.
Venture and innovation must be shaped by operators' input, not just investor interests.
Cyber professionals must recommit to fundamentals and proactively steward the next generation of leaders.
Despite daunting challenges, the optimism and dedication of experienced CISOs will continue to drive the industry forward—but only if they engage, educate, and participate.

For listeners who missed the season, this episode offers a distilled masterclass in not only the “what” and “why” of today’s security challenges, but the “how” CISOs must navigate both technology hype cycles and fundamental operational realities to protect and enable the organizations they serve.

CyberWire Daily – CISO Perspectives Season Finale: Leading Security in a Brave New World

Podcast: CyberWire Daily
Host: Ethan Cook (N2K Networks) with guest Kim Jones
Date: December 30, 2025

Episode Overview

Key Discussion Points and Insights

1. AI’s Rapid Ascent and Cultural Impact

Hype and Overextension:
- AI is now almost a mandatory buzzword in cybersecurity. Skepticism around its use is often met with dismissal.
- (Kim Jones, 03:19) “It almost seems today that if you are a naysayer regarding AI, you're treated as a Luddite or an ignoramus... What I do not believe we are effectively doing is recognizing the potential challenges and problems that exist out there, because we are all leaping to 'It has to be AI'... Without understanding the potential ramifications, the potential threats.”
Data Surrender and Risk:
- Comparison to Google’s model of trading free services for data, which is now used to train AI (04:30–05:50).
- Users have unwittingly surrendered valuable data, setting a precedent for similar risk exposure in AI adoption.
- Notable regulatory changes, such as Google’s updated terms and the automatic use of customer data in AI, went largely unchallenged.
Fears About Haphazard Adoption:
- Tech industry often follows a “ready, fire, aim” approach.
- AI brings opportunity, but quickly deploying it without due consideration for risk may have explosive consequences.
- (Kim Jones, 07:34) “Frankly, we're building crap is what it amounts to. And we're heading down a path where that possibility exists.”
Shadow AI:
- Employees inevitably use AI tools, sometimes without organizational approval, making management and control challenging.
- (Ethan Cook, 08:44) “Shadow AI is a thing. If you don’t get ahead of it, your employees are absolutely going to be using it with or without your approval…”
Best Practices and Caution:
- Structured, formal adoption plans are needed; governance, legal, and technological expertise are essential for successful integration.
- Example: UMD’s heavily monitored, permissioned AI program; Intuit’s AI governance led by a CISO with legal expertise.
- (Kim Jones, 14:04) “The challenge that we have is we're now being placed... because of an artificial sense of urgency. If we slow down enough to do this, we're standing in the way. This is the same challenge we've been facing for decades... Just faster.”

Memorable Segment

(Kim Jones, 09:39) “AI is not the Antichrist. AI is not skydiving. We have to figure out how to adopt the tools... That is a different animal from what Shop has done... started asking questions of interviewees as to what can you do that AI can't? Why should I hire you?... Those are very different approaches.”

2. Quantum Computing: Approaching Reality but a Different Path

Quantum Still On the Horizon, but Closer than Ever:
- Quantum computers now exist outside academia but are not ready for mass-market adoption (17:44).
- Immediate impacts are largely B2B (business-to-business); consumer impacts will be indirect for now.
Practical Steps for CISOs:
- Asset analysis: Identify quantum-vulnerable assets (pre-quantum encryption, key storage, disentanglement ability).
- Early migration to quantum-assured encryption is recommended to avoid last-minute scrambles akin to GenAI adoption.
- (Kim Jones, 17:44) “If we begin to take that level of approach now, we won't see that scramble when the time comes.”
AI vs. Quantum – A Consumer vs. Enterprise Revolution:
- AI went straight to consumers, fueling urgency and market hype.
- Quantum’s initial changes will be enterprise-focused—large pharmas, analytics giants, governments.
- Concerns about “harvest now, decrypt later” attacks, but large corporations’ incentives differ from nation-states.
- (Kim Jones, 21:02) “The impact of AI and the scramble... is because it went directly to the consumer... I don't think Quantum is going to have that level of consumer-based impact versus business-based impact.”

3. The Business of Cyber and Innovation

Balancing Innovation, Security, and Business Reality:
- True security must enable, not cripple, business.
- Investment decisions (VC/PE) are not just about hearing the right pitch, but about strategic alignment and market survivability.
- (Kim Jones, 27:33) “Us securing the environment to a point where the business fails is a gesture and stupidity. And we need to change that perspective.”
The Venture Capital Perspective:
- VCs sometimes reject superior security solutions for portfolio protection.
- Security leaders must actively communicate needs to investors to align R&D and funding.
- Time horizons differ: CISOs often think 1–5 years out; VCs plan for longer-term returns.
Founder Commitment:
- VCs are wary of founders (academics, serial entrepreneurs) not “all-in.” If you want big funding, you must be fully committed.
- (Ethan Cook, 33:26) “If someone's looking for money, they're all in, they're ready to go... I always thought it was OK, we're going VC, let's get everyone involved on this.”

Notable Quote

(Kim Jones, 29:52) “If we are going to complain that we're not seeing investment in those companies that meet our needs, we have to show up and communicate those needs to venture capitalists... If we want to solve the problem, we gotta show up and we don't do that as well as we should.”

4. Challenges and Opportunities for Today’s and Tomorrow’s CISOs

Recap of the “Brave New World” Theme:
- Season’s goal was to dive deeply into issues (identity, fraud, regulation, AI, quantum) often overlooked by practicing CISOs.
- Intent: Equip both new and experienced security leaders with practical knowledge and perspectives beyond the monthly incident or latest legislation.
Optimism Amidst Adversity:
- The “CISO temperament” is perpetual optimism—standing in the gap, daily, against overwhelming odds.
- (Kim Jones, 35:19) “Every ceso, in my opinion, is a consummate optimist... and you get up, you know, battered and bruised and do the same damn thing the next day.”
The Crisis of Losing Cyber Fundamentals:
- Worry about newer professionals lacking critical thinking and foundational system knowledge, instead leaning on tools and search engines for solutions.
- Growing use of AI in generating code and answers risks compounding technical debt and vulnerabilities.
- (Kim Jones, 36:54) “If you don't understand the basic fundamentals of how the system works, your ability to effectively secure it will be limited. And as tools make it easier for us to get answers... our need to understand those pieces and parts will continue to diminish.”
Call to Action:
- More experienced professionals must actively help shape the next generation—educate, set standards, and directly participate, not merely complain.
- (Kim Jones, 40:58) “We need to show up, tell people what we want and participate in the process rather than just complain and watch things continue to fall by the wayside.”

Notable Quotes & Timestamps

AI Evangelism and Consequences:
- Kim Jones (10:08): “I have great people who are evangelizing and telling me what's going to go wrong if we don't adopt now. But these same people aren't contributing to the solution... when the shit hits the fan, the rest of us have to clean up.”
AI Hype Cycle:
- Ethan Cook (12:00): “If you don't see on a cyber page AI somewhere, you are losing the race... It's all perfect, it's all going to change the world. And reality is... most of these companies... are going to fail or get swallowed up.”
Quantum Reality Check:
- Kim Jones (17:44): “Quantum computers exist now... Are you going to go down to your local Best Buy and buy one within the next year to 4 years? Prob. Not.”
The Need for Professionalism:
- Kim Jones (14:04): “This is a case where professionalism has to win, even at the expense of careerism. You know what you need to do... Don't ignore it. Educate yourself, make sure educating your constituents out there, and do the job we're being paid for.”
The Optimist’s Burden:
- Kim Jones (35:19): “Every ceso... is a consummate optimist... you get up underfunded, very tired, not enough sleep… and you get up and go stand in the gap and say, yeah, we can take them.”
On Fundamentals and the Next Generation:
- Kim Jones (37:18): “Our continuing diminishment of the need to understand how things work... is going to represent a significant challenge within the next 10 years of our ability to secure the environment.”

Key Segment Timestamps

AI Culture, Risks & Hype: 03:13 – 13:22
Managing Inevitable Adoption & Governance: 13:22 – 16:49
Quantum Computing Discussion: 16:49 – 25:31
Cyber Business, VC, and Entrepreneur Challenges: 26:27 – 33:46
Season Reflections, Optimism, and Fundamentals: 34:28 – 41:58

Episode Tone

Frank, pragmatic, and infused with both healthy skepticism (especially around hype) and persistent optimism for the security profession.
Emphasis on realism—balancing technology’s promise with operational realities, and cautioning against neglecting foundational skills.

Final Takeaways

AI and Quantum are disruptive, but require thoughtful, measured adoption to avoid unintended risks.
Security and business objectives are inseparable: true success means safeguarding while enabling growth.
Venture and innovation must be shaped by operators' input, not just investor interests.
Cyber professionals must recommit to fundamentals and proactively steward the next generation of leaders.
Despite daunting challenges, the optimism and dedication of experienced CISOs will continue to drive the industry forward—but only if they engage, educate, and participate.

wavePod

Season finale: Leading security in a brave new world. [CISOP]

Powered by Wave AI

Summary

CyberWire Daily – CISO Perspectives Season Finale: Leading Security in a Brave New World

Episode Overview

Key Discussion Points and Insights

1. AI’s Rapid Ascent and Cultural Impact

Memorable Segment

2. Quantum Computing: Approaching Reality but a Different Path

3. The Business of Cyber and Innovation

Notable Quote

4. Challenges and Opportunities for Today’s and Tomorrow’s CISOs

Notable Quotes & Timestamps

Key Segment Timestamps

Episode Tone

Final Takeaways

Summary

CyberWire Daily – CISO Perspectives Season Finale: Leading Security in a Brave New World

Episode Overview

Key Discussion Points and Insights

1. AI’s Rapid Ascent and Cultural Impact

Memorable Segment

2. Quantum Computing: Approaching Reality but a Different Path

3. The Business of Cyber and Innovation

Notable Quote

4. Challenges and Opportunities for Today’s and Tomorrow’s CISOs

Notable Quotes & Timestamps

Key Segment Timestamps

Episode Tone

Final Takeaways