Summary5 min read

Podcast Summary: Securing the AI Era—Joshua Scott on Automation, Risk, and the Future of Cyber Defense

The Digital Executive – Ep 1159
Date: November 30, 2025
Host: Coruzant Technologies
Guest: Joshua Scott, VP of Security at Hydraulics

Episode Overview

In this episode, host Coruzant Technologies welcomes Joshua Scott, a seasoned cybersecurity leader and current VP of Security at Hydraulics. The conversation explores how security teams can thrive amid the rising complexity of data, automation, AI, multi-cloud environments, and rapidly evolving cyber threats. Scott offers his perspective on the critical capabilities, mindsets, and strategies security leaders need to turn risks into business value—and to keep pace in the AI era.

Key Discussion Points & Insights

1. Translating Security Risks for Business Leaders

Timestamp: 01:21 – 02:20

Speak the Business Language:
Joshua Scott emphasizes the need for CISOs and security leaders to communicate in terms executives and boards understand.

“Make sure that you’re speaking the business language… remove all the jargon, remove all the technical items and translate it to a business item. So downtime of an asset, loss of money, etc., that’s really the best way to get across the security risks to the business because they’ll understand it that way.” (Joshua Scott, 01:46)
Relate Risks to Pain Points:
Scott stresses understanding what keeps business leaders up at night and ensuring security messaging is tailored to those pain points.

2. Challenges of Securing Large-Scale Data

Timestamp: 03:03 – 03:52

Volume Isn’t Value Without Context:
Scott explains that protecting data at massive scale still hinges on the fundamentals:
- Knowing why the data is needed and how it’s used.
- Ensuring only valuable data is collected and retained.
- Prioritizing protections for sensitive, business-critical assets.
“Make sure that we’re actually generating data that’s… useful for us too. Even though we generate lots and lots of data, let’s make sure that the data is also useful and helpful for the business.” (Joshua Scott, 03:43)

3. Automation as the Key to Security at Scale

Timestamp: 04:31 – 05:57

Necessity of Automation:
Scott highlights that the growing volume and complexity of tech stacks (multi-cloud, AI, SaaS) demand automated security controls and monitoring.

“With the amount of work that we have within security… the only way to effectively manage multi cloud AI driven workflows… is finding ways to automate the security controls… monitoring, detection and response, basically as many aspects as you can.” (Joshua Scott, 04:31)
Prioritization through Automation:

“There’s a hundred things to do in security and we’re generally staffed to do about ten. That’s just the reality… if you can remove, take that number of 100 down to like 90 because you put in some automation, that’s a win.” (Joshua Scott, 04:56)

4. AI: Both a Tool and a Threat

Timestamp: 05:57 – 07:15

Leverage AI for Efficiency:
Scott encourages security teams to use AI not just within security workflows, but to design automations and accelerate script generation.

“AI is a great enabler, but it doesn’t mean that we need to be using actually AI in the workflow. We just need to be using AI to help us create some of those automations… identifying an email address, those kind of things. It can create scripts for you really easily.” (Joshua Scott, 05:57–06:20)
AI’s Dual Role:
AI empowers both defenders and attackers, demanding continuous adaptation by security teams.

5. The Future: AI-Driven Threats & Security Program Evolution

Timestamp: 06:27 – 08:21

AI-Generated Attacks Will Accelerate the Threat Landscape:

“It’s still going to be the same type of threats. It’s just they’re going to be moving significantly faster, they’re going to have a lot more capability.” (Joshua Scott, 06:57)
- Phishing becomes more convincing and harder to detect due to AI’s ability to perfect language and mimic legitimate communications.
- Supply chain compromise risks increase as AI can manipulate code at scale or exploit vulnerabilities in vendors or open-source projects.
AI as an Enabler for Attackers:

“AI is an enabler for not only the defenders, but also for the attackers. So I definitely see that increasing quite a bit over the next three to five years.” (Joshua Scott, 07:34)
Critical Security Focus:
Keeping pace with AI-driven threats by investing in automation, continuous monitoring, and adaptability in security programs.

Notable Quotes & Memorable Moments

“You’ve got to find those pain points that they understand as well. Find out what keeps them up at night… and make sure you’re addressing things in that language.” (Joshua Scott, 01:54)
“The reality is, there’s a hundred things to do in security and we’re generally staffed to do about 10… so if you can automate and remove some of that burden, it’s a win.” (Joshua Scott, 04:56)
“With AI, [attackers] have the ability to write really good phishing messages… these days with tools like AI, they can actually make things look as legitimate as anybody else creating it.” (Joshua Scott, 07:10)
“AI is an enabler for not only the defenders, but also for the attackers.” (Joshua Scott, 07:34)

Important Segment Timestamps

01:21 – Communicating security risks to business leaders
03:03 – Security challenges with massive data scale
04:31 – Automation to handle complexity
05:57 – Leveraging AI for security operations
06:47 – AI’s impact on attack techniques and the future threat landscape

Tone & Takeaways

The episode is practical and forward-thinking, with Joshua Scott’s straight-shooting advice echoing real-world leadership challenges:

Speak simply and business-first about security.
Automate relentlessly to stay ahead of threat and workload growth.
Acknowledge that AI will empower both defenders and attackers—adapt accordingly.
Prioritize data that matters and always link security to business value.

Listeners come away with actionable strategies for thriving in the era of AI-driven cyber threats and large-scale data environments.

Loading summary

Transcript16 lines

[00:00]
A
Foreign.
[00:09]
B
Welcome to Coruscant Technologies, home of the Digital Executive podcast. Do you work in emerging tech? Working on something innovative? Maybe an entrepreneur? Apply to be a guest at www.corazon.com brand welcome to the Digital Executive. Today's guest is Joshua Scott. Joshua Scott has spent nearly three decades in the trenches of security and technology, helping companies turn complex risks into clear business advantages. Today, as vice president of security at Hydraulics, he's responsible for protecting a platform that ingests data at mind bending scale terabytes to petabytes and delivers answers in seconds. His mission is simple. Make security a value driver, not a roadblock. At Hydraulics, the results speak for themselves. The company has redefined what's possible with log data, making it affordable to retain for years, lightning fast to search, and powerful enough to give consumers instant visibility into incidents. Trusted by forward thinking enterprises. Hydraulics combines performance and security in a way that's reshaping the data landscape. Well, good afternoon, Josh. Welcome to the show.
[01:20]
A
Hey, thanks for having me on.
[01:21]
B
Absolutely, my friend. I appreciate it. And you're hailing out of that Los Angeles area. I'm in Kansas City. Two hour time difference. But I appreciate you navigating time zones to get on the podcast. So, Josh, jumping into your first question, you're known for translating technical risk into actionable business decisions. What advice do you have for CISOs and security leaders who struggle to communicate effectively with executives or boards?
[01:47]
A
I think the biggest piece of advice I could give to anyone is make sure that you're speaking the business language. So we've got to turn those technical risks and some of the details that we ultimately provide and remove all the jargon, remove all the technical items and translate it to a business item. So downtime of an asset, loss of money, et cetera, that's really the best way to get across the security risks to the business because they'll understand it that way. And you got to find those pain points that they understand as well. Find out what keeps them up at night, find out their concerns and make sure you're addressing things in that language.
[02:20]
B
Thank you, I appreciate that. And being in technology for a lot of years, it was important, especially as you moved further up into, for example, the C suite. Gotta make sure you are speaking the business language, get rid of the acronyms, the jargon. You're not there to impress them. They want to better understand. And a lot of times it's about relating the risks to the financial bottom line. And I think that's really important. And then you also mentioned finding out their pain points, what can you do to help them? So I appreciate that. And Josh, Hydraulics processes data at enormous scale, terabytes to petabytes, with near instant search. From a security perspective, what are the biggest challenges when protecting data at that velocity and volume?
[03:04]
A
I think it's still the same type of concerns and challenges you have with any type of data set, right? Knowing understanding what the data is there for, understanding how to actually leverage that data. If it's SIM related data or log related data, you want to be able to actually use it because there's also, there's still a cost to all of that data. So getting the most value out of it and also making sure that it is still actually going into the platform and going there reliably and you're putting enough protections around that data so it's, are you using it well? Are you protecting it when it's actually in the, you know, the data store? And then are you getting the most value from it? Because there's so much data within security we've really got to be mindful of, hey, let's make sure that we're actually generating data that's actually going to be useful for us too. Even though we generate lots and lots of data, let's make sure that the data is also useful and helpful for the business.
[03:52]
B
Absolutely, I appreciate that. And there is especially hydrology processes, a ton of data. I was reading up on what it can do and the time frame it can do it, which is pretty cool. But understanding what the data is there for is important. Understanding the data itself, protecting that data and making sure that you're truly getting the value out of that data, as you mentioned. So I appreciate your insights. And Josh, security teams today are navigating multi cloud AI driven workloads and increasingly complex infrastructures. What capabilities or mindsets will separate the next generation of successful security leaders from the rest Automation.
[04:32]
A
I think with the amount of work that we have within security, within technology, the only way to effectively manage multi cloud AI driven workflows and just the complexity that we have with SaaS platforms and all of that is finding ways to automate the security controls that we have in place, the monitoring, the detection and response, basically as many aspects as you can. We've really got to think through all of that. I mean the analogy I often use is there's a hundred things to do in security and we're generally staffed to do about 10. That's just kind of the reality of it. So that means you have to prioritize effectively, but if you can remove, take that number of 100 down to like 90 because you put in some automation, that's a win. Right. Because we will only see more complexity and more clouds and more systems just as, as technology continues to evolve and we've got to find ways to stay ahead of the problem instead of continually falling behind.
[05:23]
B
Absolutely. And it's so timely. We talked about that. I just mentioned before we hit record on the podcast that I attended a CISO CIO event this week and he just learned so much from so many different people in different verticals about this. But automation was a key component of the discussion to manage all these multi cloud environments, the various complex infrastructures, et cetera. And with technology, automation and AI, we're certainly going to help our people out, but also be a little bit more focused on those higher level tasks when we can again automate some of those routine and mundane tasks.
[05:58]
A
Yeah, exactly. And even from an AI standpoint, we should be leveraging those types of tools to help us do some of that work. Right. AI is a great enabler, but it doesn't mean that we need to be using actually AI in the workflow. We just need to be using AI to help us create some of those automations, use AI to help us with some of the simple deterministic type items, identifying an email address, those kind of things. It can create scripts for you really easily. So that's we have the tools, we have the capabilities. Now it's just a matter of how do we actually use them to make a difference.
[06:27]
B
Absolutely. 100% agree. And Josh, the last question of the day, as you're looking ahead, what emerging threats or technology shifts, maybe AI generated attacks, identity misuse, supply chain breaches, data sovereignty pressure, are most likely to reshape how security programs operate over the next three to five years.
[06:47]
A
I definitely think the AI generated attacks are part of it, but at the end of the day they're still just a regular attack like anything else. It's just the cyber attackers are using it to automate, to simplify their workflows. No different than my previous answer on how do you actually make a difference within your security program. So I think it's still going to be the same type of threats. It's just they're going to be moving significantly faster, they're going to have a lot more capability. And when you look at like things like phishing for example. Right. With AI, they have the ability to write really good phishing messages. Whereas, you know, back in the day it was easy to spot a phishing message. Like, oh yeah, there's grammar issues, there's punctuation, whatever it happens to be. But these days with tools like AI, they can actually make things look as legitimate as anybody else creating it. So just AI is an enabler for not only the defenders, but also for the attackers. So I definitely see that increasing quite a bit over the next three to five years. And that also factors into identity misuse, supply chain breaches, because we're going to see more of that just because of the ability for AI to actually breach a supply chain. Right. To an open source project that starts getting used in a lot of places and then somebody gets compromised and they're able to quickly rewrite that and change things within the kind of, within your supply chain or even you're using a legitimate vendor who has an AI component and then there's some type of jailbreak or something along those lines where now something in your supply chain is actually compromised. So I definitely think there's going to be a lot of things that have AI related attacks in it, but it's not necessarily like AI itself that's going to be, it's the use of AI and the enablement from AI.
[08:21]
B
Absolutely, thank you. And you're absolutely right on that. AI is going to be an enabler. It's going to help automate tasks for the attackers. Right. The bad actors. But as you mentioned, these AI generated attacks may be more prevalent in the future, but they're not going to, they're still going to be similar as the human level attacks stuff that we need to be aware of. It's just a be a lot, probably a lot faster and more voluminous due to the way that they can leverage the technology and AI. So I really appreciate that and Josh, it was such a pleasure having you on today and I look forward to speaking with you real soon.
[08:56]
A
Yeah, definitely, like I enjoyed it. So look forward to talking again.
[08:59]
B
Bye for now.