In this episode of the Chasing Entropy Podcast, host Dave Lewis sits down with Dr. Grigorios Fragkos, widely known as Dr. Greg, a cybersecurity veteran with deep roots in academia, government, and enterprise defense. From the early days of building near real-time threat detection systems to orchestrating national-level cyber defense initiatives, Dr. Greg shares a dynamic perspective on the ever-evolving cybersecurity landscape.

From Hacking Curiosity to PhD Pioneering

Dr. Greg opens up about his journey from tinkering with software engineering to earning a PhD focused on near real-time threat assessment using IDS data, a field he was ahead of by more than a decade. He candidly recounts the challenges of building AI-driven assessment engines long before the rise of today’s agentic AI approaches.

The Rise of Agentic AI & Its Impact

The conversation takes a deep dive into agentic AI, systems that can plan, reason, and execute. Dr. Greg argues for its use in advancing cybersecurity defense rather than offense, noting that current hype often ignores ethical applications. Both he and Dave stress the importance of separating the thinking layer of AI from raw processing power, an idea Greg proposed in his PhD work and sees finally coming to fruition.

Redefining the Role of the CISO

With experience leading cybersecurity efforts across industries and nations, Dr. Greg challenges the conventional definition of a CISO. He advocates for the emergence of a Chief Cybersecurity Officer, a broader role encompassing AI threats, cyber resilience, and critical infrastructure protection. He also cautions aspiring CISOs: “Don’t do it for the title. Do it because you believe in the mission.”

M&A Cyber Due Diligence: The Ugly Truth

Drawing from real-world mergers and acquisitions experience, Dr. Greg reveals the hidden pitfalls of cyber due diligence. From rubber-stamped security audits to outright neglect of breach indicators, he offers a sobering view into how risk is often underestimated or deliberately ignored during high-stakes deals.

Global Cybersecurity Culture & B-Sides Athens

Greg also explores how culture shapes cybersecurity practices around the world—from risk ownership misunderstandings to wildly differing maturity levels. He shares his passion project: B-Sides Athens, a thriving community-driven conference that’s celebrated its 10th year of inclusive, high-quality knowledge sharing.

Final Wisdom: Education, Not Just Certification

In closing, Dr. Greg pushes back against the growing narrative that university degrees no longer matter in cybersecurity. While certifications are valuable, he emphasizes that academic journeys foster critical thinking, understanding of fundamentals, and intellectual discipline—all essential in a fast-changing field.

Don’t forget to like, subscribe, and share this episode! Got thoughts or questions? Join the conversation on social media using #ChasingEntropy.

In this episode of the Chasing Entropy Podcast, host Dave Lewis sits down with the incomparable Javvad Malik, security advocate, Guinness World Record holder, and co-host of the Host Unknown podcast. What follows is a dynamic, humorous, and insightful conversation that spans decades of cybersecurity experience, unconventional career moves, and the art of connecting with people on stage, on camera, and in the boardroom.

From Banks to Blogging: Javvad’s Cybersecurity Origin Story

Javvad reflects on his start in the late ’90s at a UK bank—when password management involved envelopes and binders, not vaults and biometrics. From there, his journey took him through consulting, industry analysis (thanks to Wendy Nather’s nudge), and eventually into advocacy and content creation with KnowBe4. His career, fueled by curiosity and storytelling, shows just how many paths there are into (and through) the world of security.

Communication That Cuts Through the Noise

Javvad and Dave dive into the recurring theme of miscommunication in cybersecurity. Why do so many security pros still struggle to resonate with non-technical audiences? Javvad argues it’s about meeting people where they are whether that’s through TikTok trends, clear analogies, or a bit of humor. Rather than blame users for not “getting it,” he encourages listening to what people are really asking and addressing their concerns with empathy and clarity.

A Guinness World Record, Just for Fun

Javvad shares the backstory behind his tongue-in-cheek claim to fame: setting a Guinness World Record for the most views on a cybersecurity awareness video within 24 hours. It’s not about vanity, it’s about grabbing attention and delivering value. Humor, he explains, is the safest and most effective vehicle for driving engagement in a world awash with FUD.

The Host Unknown Podcast & Having Fun With Security

Dave and Javvad also talk about Host Unknown, the podcast Javvad co-hosts with Tom Langford and Andy. Part satire, part serious, the show exemplifies how cybersecurity content doesn’t have to be dry or fear-based to be effective. The key: build trust, stay authentic, and have a good laugh along the way.

On AI, Creativity & the Mundane

The duo wraps up with a candid chat about AI’s role in cybersecurity and content creation. While both share concerns about disingenuous use of generative AI, they remain hopeful that AI can offload tedious work and leave humans to focus on creativity and strategy if implemented thoughtfully and securely.

Final Thoughts

Javvad leaves listeners with this advice:

• Be curious.
• Ask questions.
• Share your voice, even if it’s still evolving.

Cybersecurity may be more complex and crowded than ever, but the human element connection, storytelling, and community remains the most powerful defense against entropy.

In this episode of the Chasing Entropy Podcast, I speak with Mark Hillick, CISO at Brex, about the changing role of security leaders in a world shaped by AI, rapid innovation, and shifting business expectations. From building security culture at Riot Games to navigating Silicon Valley’s AI gold rush, Hillick offers grounded insight into what it takes to lead a modern, business-aligned security team.

1. Security as a Business Enabler

Hillick shares his journey from infrastructure engineer to CISO, emphasizing that the best security teams don’t just protect—they enable. By integrating early, communicating clearly, and avoiding gatekeeping, security becomes a trusted partner, not a blocker.

2. The Role of Empathy and Trust

Drawing from his experiences across industries and geographies, Hillick highlights how trust is built—and lost. He discusses the trauma some teams bring from past negative security experiences and why empathy and explicit communication matter more than ever.

3. AI: Hype, Hope, and Risk

Hillick identifies AI as the third major paradigm shift of his career. He outlines how AI is reshaping internal productivity, operational efficiency, and product development—but warns that many organizations are repeating old security mistakes by moving too fast without proper safeguards.

4. The Sales Dilemma

Dave and Mark discuss the fine line between outreach and overreach in cybersecurity sales. Hillick shares candid stories—from being bombarded with cold calls to salespeople contacting his spouse—and makes the case for respectful, empathetic sales practices.

5. Advice for the Next Generation

For those entering the field, Mark keeps it simple:

• Show up.
• Work hard.
• Stay curious.
• Be kind.

This episode is a must-listen for security practitioners, leaders, and anyone curious about the future of cybersecurity leadership in the age of AI. It’s a real, unfiltered conversation—minus the FUD, plus a healthy dose of dry humor.

Don’t forget to subscribe, rate, and share!

Link: https://www.buzzsprout.com/2497520/episodes/17430216-chasing-entropy-episode-010-empathy-ai-and-the-evolution-of-security-with-mark-hillick

In this week's episode of the Chasing Entropy Podcast, 1Password’s Global Advisory CISO, Dave Lewis, sits down with longtime friend and cybersecurity luminary Brian Honan, founder and CEO of BH Consulting. From his roots in the early days of IT to advising governments and shaping policy at the European level, Brian brings a storied career and sharp insights into how the industry has evolved, and where it’s headed next.

From Mainframes to Modern Threats

Brian walks us through his unconventional journey into cybersecurity, dating back to the 1980s when formal education in the field didn’t exist. What started as a role supporting those "fad" personal computers quickly evolved into a career grounded in discipline, curiosity, and continuous learning. His foundational experience in IT, he explains, has been crucial in understanding how systems work and how to secure them.

Advice for Aspiring Security Professionals

For those breaking into the field, Brian offers timeless advice: curiosity, patience, and humility are key. Degrees may get your foot in the door, but demonstrating a genuine passion through blogging, open-source contributions, or volunteering at conferences like B-Sides is what sets you apart.

The Rise of Agentic AI and Shadow IT

The conversation shifts to emerging challenges, particularly agentic AI and its implications on enterprise security. Brian emphasizes that security teams must shift from saying “no” to enabling business outcomes securely. He shares a startling example of an unauthorized AI note-taker infiltrating a sensitive corporate meeting highlighting the real-world risks of unsanctioned tech.

Data Sovereignty in a Globalized World

One of the episode’s most thought-provoking segments delves into data sovereignty. Brian outlines how geopolitical tensions and regulatory mismatches (like the GDPR vs. U.S. data laws) are introducing new forms of risk. He shares alarming examples, including a prosecutor at the International Criminal Court losing access to Microsoft services underscoring how governments may “weaponize” data control.

Defending Against the Unseen

To wrap up, Dave and Brian discuss how attackers are increasingly exploiting legitimate software and tools—not just traditional malware. Security teams must now detect "unusual good" behavior, not just the known bad. That means strengthening endpoint detection, monitoring network anomalies, and having a robust SOC (internal or outsourced) to handle the complexity.

Final Takeaway

Brian’s message is clear: as threats evolve, so must defenders. The secret? Stay curious, be patient, and never lose your sense of humour.

Listen now to hear two seasoned pros explore the tension between innovation and risk, and why embracing change, rather than fearing it, is essential in cybersecurity.

In this compelling episode of the Chasing Entropy Podcast, I sit down with none other than Thom Langford, EMEA CTO at Rapid7 and “twice-recovering CISO,” for an honest and often humorous deep-dive into the lived realities of cybersecurity professionals.

Finding Purpose in Security

Thom reflects on his unconventional path into cybersecurity, entering the field two decades into his tech career and quickly realizing he had found his “tribe.” From his early days wrangling VAX/VMS systems to leading security teams, his journey underscores the importance of mentorship, curiosity, and persistence.

Burnout, Mental Health & Imposter Syndrome

This episode doesn’t shy away from the emotional toll of cybersecurity. Both Thom and Dave speak candidly about the mental load that comes with defending digital infrastructure, from career burnout to imposter syndrome. Thom offers relatable stories including hiding in a bathroom stall to avoid public speaking—and shares how vulnerability, perspective, and humour became his coping tools.

Security Isn’t Funny, But It Can Be Fun

Thom’s approach to security education is rooted in humor and storytelling, which he argues improves information retention and builds connection. He shares insights from The Host Unknown Podcast and reminds us that just because security is serious doesn’t mean it has to be dry. Laughter, he says, is often the best way to tackle hard truths.

Reducing Friction, Building Better UX

A recurring theme is the need to reimagine user experience in cybersecurity. Thom advocates for intuitive, low-friction security that doesn’t require justification, just like locking your front door or putting on a seatbelt. When secure behaviours are second nature, we’ve truly succeeded.

Advice for Newcomers

To those entering the field, Thom’s message is clear: you don’t have to be technical to make a difference. Whether managing risk, policy, or compliance, every role matters. He also urges senior professionals to manage their calendars more assertively for sanity’s sake.

Where to Find Thom Langford

• 🎧 Host Unknown Podcast
• 📸 TomLangford.photography
• 📝 Blog at TomLangford.com
• 💼 LinkedIn

Catch the full episode to hear two seasoned CISOs pull back the curtain on the cybersecurity industry with wit, wisdom, and just the right amount of entropy.

In this insightful episode of Chasing Entropy, host Dave Lewis welcomes cybersecurity veteran Allison Miller to explore the intersections of fraud, risk, complexity, and AI in the ever-evolving digital landscape.

Allison brings two decades of experience spanning enterprise cybersecurity, anti-fraud, and advanced product risk. From traditional financial institutions to cloud-native startups, her work bridges how technology enables connection—and how those same systems can be exploited.

She shares her early fascination with communication networks, her journey through IRC, payphone hacks, and digital commerce, and how those formative experiences shaped her career.

Key Topics Covered

Chasing Risk and Complexity

• Fraud as a window into system weaknesses — Allison explains why fraud fascinates her: it’s about understanding how things can go wrong even when the code is working as designed.
• She discusses how payment systems, platform identity abuse, and communication channels become targets precisely where their value lies.

The Role of AI in Cybersecurity

• AI as a detection tool: Building on her background in detection technologies, Allison sees AI as the next step in a lineage of data-driven defenses.
• Three key AI applications:
  → Detection
  → Investigation assistance
  → Automation in Security Operations Centers (SOCs)
• CISO responsibilities: While AI governance is still evolving, Allison highlights parallels with AppSec and suggests that product risk programs must incorporate AI security and safety.
• Agentic AI and emerging risks: She warns that autonomous agents, while powerful, introduce new layers of system complexity that require holistic monitoring—simple components can combine into chaotic behaviors.

Future of Cybersecurity Leadership

• Cloud, mobile, and multi-cloud continue to challenge traditional security models, requiring CISO teams to expand their skills and embrace innovation.
• CISOs are now “chasing complexity” as much as they’re defending against it.

Advice for Aspiring Cybersecurity Professionals

• Follow your curiosity rather than a linear career path.
• Focus on interesting problems—your unique perspective will create opportunities.
• Embrace networking and open conversations to accelerate learning and growth.

Quote of the Episode:
"Follow your curiosity. You can bring your interests into almost any job description—and that's where real opportunity lies." — Allison Miller

Tune in to this episode for a candid discussion that peels back the layers of how risk, fraud, and AI are shaping the cybersecurity front lines.

Subscribe to the Chasing Entropy Podcast for more real talk with the minds driving cybersecurity forward.

LinkedIn: Allison Miller, Founder & Principal, Cartomancy Labs

Website: Cartomancy Labs

Newsletter: Futurecast

In this episode of Chasing Entropy, I sit down with cybersecurity trailblazer Wendy Nather for an honest, insightful, and occasionally hilarious conversation that spans career origin stories, hammer metaphors, and how empathy is the secret weapon of modern security leadership.

From Swiss Banks to Strategy

Wendy Nather’s journey into cybersecurity is anything but conventional. From wrangling Unix systems at a Swiss bank to being unexpectedly appointed head of EMEA security, her career has been a series of “say yes and figure it out later” moments. Her creation of the security strategist role at Duo (where she helped bring Dave onboard) laid the groundwork for today’s Advisory CISO model—distinct from field CISOs and rooted in trust-building and strategic influence.

Understanding the Security Poverty Line

Wendy unpacks her now-famous concept of the “security poverty line,” a lens for understanding how underfunded, understaffed organizations struggle to meet industry best practices. It's a call to move beyond judgment and toward practical empathy—especially when small businesses with outdated gear and little budget become backdoor vulnerabilities in the broader digital ecosystem.

The Human Side of Cybersecurity

The conversation dives deep into the need for empathy, especially at the CISO level. Wendy argues that real leadership in security isn’t about technical perfection—it’s about understanding people, building influence, and leading with compassion. For those just entering the field, she reminds listeners that many roles in cybersecurity today didn’t even exist a decade ago, and that we’re all still “making this up as we go.”

Agentic AI, Zero Trust, and a Spoon

The pair also reflect on the rise of agentic AI and its implications for zero trust architectures. Wendy challenges the assumption that AI introduces completely new risks, suggesting instead that it’s a matter of awareness, contract transparency, and figuring things out as a community. She also revisits her “spoon” analogy from past keynotes: good security design should be as intuitive as using a spoon—hard to mess up, universally usable.

Final Thoughts

Wendy closes with advice for veterans and newcomers alike: surround yourself with peers you trust, keep learning, and don’t buy into gatekeeping myths that overvalue technical credentials. What really matters is adaptability, collaboration, and understanding the bigger picture.

Subscribe to Chasing Entropy on your favourite podcast platform and join us next time as we continue to unravel the systems and stories shaping cybersecurity.

In this episode of Chasing Entropy, host Dave Lewis, Global Advisory CISO at 1Password, sits down with Adrian Sanabria—Principal Researcher at the Defenders Initiative and founder of Destroyed by Breach—for a wide-ranging and candid conversation about the challenges, myths, and future of cybersecurity.

From Help Desk to Hacking the Narrative

Adrian shares his unconventional journey into the cybersecurity world, tracing it back to retail tech support and internet help desk gigs where he developed resilience, empathy, and a knack for communication. He talks about how early experiences handling confused customers over phone lines laid the groundwork for a career in community engagement, public speaking, and eventually running B-Sides Knoxville.

Debunking Security Myths

Adrian doesn’t pull punches. From phishing simulations and forced password resets to the overhyped impact of breaches, he challenges many “best practices” that persist in cybersecurity. He notes that while the industry once operated on instinct and guesswork, we now have decades of actionable data—but still struggle to act on it meaningfully.

Agentic AI, Shadow IT, and the Next Frontier

The conversation turns to emerging threats and opportunities, particularly around Agentic AI and open-source vulnerabilities. Adrian warns that while companies rush to adopt automation and AI tools, they’re often ignoring foundational problems—like identity management and shadow IT—that have plagued organizations for decades.

Policy, Priorities, and the Security Industry’s Missed Opportunity

Both Dave and Adrian agree: governments are stepping in with cybersecurity policies because the security industry has failed to manage its own narrative. Marketing budgets, FUD, and vendor agendas have diluted the voice of practitioners. The episode urges listeners to advocate for more grounded, evidence-based conversations in the field.

What’s Next and What Matters Most

As AI hype barrels forward, Adrian sees it as both a distraction and an opportunity. “It’s useful tech,” he says, “but we’re not using it wisely.” Instead of slow, GPU-hungry processes, he calls for smarter automation and attention to patterns that really matter.

He also reflects on his own growth: learning to play to strengths, managing ADHD, and finding fulfilling work that delivers real feedback.

Final Advice for Aspiring Cybersecurity folks

Adrian closes with advice that’s equal parts practical and personal, encouraging newcomers to the field to be self-aware, adaptable, and unafraid to seek help—be it professional diagnosis or community mentorship.

Listen & Subscribe

Wherever you get your podcasts. Like, subscribe, all that sort of jazz, and stay tuned for next week’s episode of Chasing Entropy.