In this episode of Chasing Entropy, host Dave Lewis, Global Advisory CISO at 1Password, sits down with Adrian Sanabria—Principal Researcher at the Defenders Initiative and founder of Destroyed by Breach—for a wide-ranging and candid conversation about the challenges, myths, and future of cybersecurity.

From Help Desk to Hacking the Narrative

Adrian shares his unconventional journey into the cybersecurity world, tracing it back to retail tech support and internet help desk gigs where he developed resilience, empathy, and a knack for communication. He talks about how early experiences handling confused customers over phone lines laid the groundwork for a career in community engagement, public speaking, and eventually running B-Sides Knoxville.

Debunking Security Myths

Adrian doesn’t pull punches. From phishing simulations and forced password resets to the overhyped impact of breaches, he challenges many “best practices” that persist in cybersecurity. He notes that while the industry once operated on instinct and guesswork, we now have decades of actionable data—but still struggle to act on it meaningfully.

“Less than 100 CVEs each year actually matter. Out of tens of thousands.”
– Adrian Sanabria

Agentic AI, Shadow IT, and the Next Frontier

The conversation turns to emerging threats and opportunities, particularly around Agentic AI and open-source vulnerabilities. Adrian warns that while companies rush to adopt automation and AI tools, they’re often ignoring foundational problems—like identity management and shadow IT—that have plagued organizations for decades.

Policy, Priorities, and the Security Industry’s Missed Opportunity

Both Dave and Adrian agree: governments are stepping in with cybersecurity policies because the security industry has failed to manage its own narrative. Marketing budgets, FUD, and vendor agendas have diluted the voice of practitioners. The episode urges listeners to advocate for more grounded, evidence-based conversations in the field.

What’s Next and What Matters Most

As AI hype barrels forward, Adrian sees it as both a distraction and an opportunity. “It’s useful tech,” he says, “but we’re not using it wisely.” Instead of slow, GPU-hungry processes, he calls for smarter automation and attention to patterns that really matter.

He also reflects on his own growth: learning to play to strengths, managing ADHD, and finding fulfilling work that delivers real feedback.

Final Advice for Aspiring Cybersecurity folks

“Stop trying to be good at everything. Find what you’re already good at, and build on that.”

Adrian closes with advice that’s equal parts practical and personal, encouraging newcomers to the field to be self-aware, adaptable, and unafraid to seek help—be it professional diagnosis or community mentorship.

Listen & Subscribe

Wherever you get your podcasts. Like, subscribe, all that sort of jazz, and stay tuned for next week’s episode of Chasing Entropy.