In this week's episode of the Chasing Entropy Podcast, 1Password’s Global Advisory CISO, Dave Lewis, sits down with longtime friend and cybersecurity luminary Brian Honan, founder and CEO of BH Consulting. From his roots in the early days of IT to advising governments and shaping policy at the European level, Brian brings a storied career and sharp insights into how the industry has evolved, and where it’s headed next.

From Mainframes to Modern Threats

Brian walks us through his unconventional journey into cybersecurity, dating back to the 1980s when formal education in the field didn’t exist. What started as a role supporting those "fad" personal computers quickly evolved into a career grounded in discipline, curiosity, and continuous learning. His foundational experience in IT, he explains, has been crucial in understanding how systems work and how to secure them.

Advice for Aspiring Security Professionals

For those breaking into the field, Brian offers timeless advice: curiosity, patience, and humility are key. Degrees may get your foot in the door, but demonstrating a genuine passion through blogging, open-source contributions, or volunteering at conferences like B-Sides is what sets you apart.

The Rise of Agentic AI and Shadow IT

The conversation shifts to emerging challenges, particularly agentic AI and its implications on enterprise security. Brian emphasizes that security teams must shift from saying “no” to enabling business outcomes securely. He shares a startling example of an unauthorized AI note-taker infiltrating a sensitive corporate meeting highlighting the real-world risks of unsanctioned tech.

Data Sovereignty in a Globalized World

One of the episode’s most thought-provoking segments delves into data sovereignty. Brian outlines how geopolitical tensions and regulatory mismatches (like the GDPR vs. U.S. data laws) are introducing new forms of risk. He shares alarming examples, including a prosecutor at the International Criminal Court losing access to Microsoft services underscoring how governments may “weaponize” data control.

Defending Against the Unseen

To wrap up, Dave and Brian discuss how attackers are increasingly exploiting legitimate software and tools—not just traditional malware. Security teams must now detect "unusual good" behavior, not just the known bad. That means strengthening endpoint detection, monitoring network anomalies, and having a robust SOC (internal or outsourced) to handle the complexity.

Final Takeaway

Brian’s message is clear: as threats evolve, so must defenders. The secret? Stay curious, be patient, and never lose your sense of humour.

Listen now to hear two seasoned pros explore the tension between innovation and risk, and why embracing change, rather than fearing it, is essential in cybersecurity.