Josh Bruyning and Richard Stiennon explore how AI agents are fundamentally changing the SaaS industry and traditional software models. They discuss the shift from feature-based to outcome-based solutions and why companies must adapt to survive. • Richard Stiennon shares insights about Security Yearbook 2025 and IT Harvest's database tracking over 4,340 cybersecurity vendors • Introduction to Compliance Aid, a disruptive platform supporting 366 global compliance frameworks through conversational AI • Analysis of why traditional SaaS companies must incorporate AI agents to remain competitive • Discussion of the "agentification" trend: adding AI capabilities to specialized software platforms • Exploration of how specialized knowledge maintains value when combined with AI capabilities • Deep dive into AI's impact on employment, particularly for future graduates • Warning for educational institutions that resist AI adoption instead of embracing it • Comparison of the AI revolution to other technological transformations like desktop publishing Check out IT Harvest at it-harvest.com and connect with Josh Bruning on LinkedIn to stay on the cutting edge of technology and AI. Josh's LinkedIn…

EU's complex regulatory environment creates both challenges and opportunities for businesses navigating data privacy, financial services, and healthcare regulations across member states. • Significant differences exist between EU-wide regulations and country-specific implementations • Large companies like Meta and Uber have faced multi-million Euro fines for GDPR violations • Financial institutions struggle with innovation due to contradictory and slow-moving regulations • Healthcare organizations often have regulations but lack enforcement, creating security risks • AI adoption faces resistance similar to the US, though its implementation is transforming industries • Traditional banks create separate "baby banks" with modern infrastructure to work around regulatory limitations • Companies often underestimate marketing costs when entering EU markets due to privacy restrictions • Red teaming employees creates privacy concerns that must be balanced with security needs • Local legal expertise is essential when entering European markets to avoid costly compliance mistakes • Every regulatory challenge also presents strategic opportunities for companies who understand the landscape To learn more about Bruning Media and our services, visit bruning.com. Josh's LinkedIn…

Marcus Peet, Senior Director of Information Security at PT Solutions, shares his unique perspective as both a cybersecurity expert and father of three on navigating the complex world of digital parenting. His "growth with guardrails" philosophy demonstrates how parents can protect their children online while allowing them the freedom to develop necessary digital literacy skills. • When children should get their first phone (Marcus recommends age 13, but with flexibility based on family circumstances) • Smart alternatives like GPS watches for younger children who need location tracking • Understanding the hidden costs of giving children smartphones, particularly the time investment • Tools for monitoring children's devices including Bark, Family Link, and built-in parental controls • Creating accounts properly within family ecosystems rather than standalone accounts • The importance of establishing trust while still verifying children's activities • Balancing protection with independence to avoid children seeking workarounds • Navigating platforms like Roblox safely through supervision rather than prohibition • Recognizing generational communication differences (like how a thumbs-up emoji can be perceived as passive-aggressive) • Practical strategies for verifying online friends' real-world identities Remember, the phone is a privilege, not a right. Be transparent about monitoring with your children while still giving them space to make small mistakes and learn from them. Josh's LinkedIn…

Kyle and I dive into the reality of the RSA Conference experience, exploring how the security industry's biggest event has transformed into a vendor-dominated spectacle with declining CISO attendance. • The conference atmosphere is overwhelmingly loud with vendors everywhere and marketing materials covering every available surface • San Francisco completely transforms during RSA, with security company logos plastered on restaurant windows and hotels taken over for exclusive events • CISOs are increasingly skipping RSA, with many security leaders openly avoiding the conference • The "sales to sales" dynamic dominates the floor, with vendors primarily connecting with other vendors rather than actual buyers • Having a presence at RSA remains an unwritten requirement for security companies hoping to work with enterprise clients • Strategic attendees focus on off-site meetings, invitation-only lunches, and smaller gatherings rather than the main conference floor • The true value comes from face-to-face connections with people from around the world who have gathered in one location Kyle's LinkedIn Pensar's LinkedIn Josh's LinkedIn…

AI agents equipped with computer use capabilities will transform the cybersecurity landscape within the next year, shifting from augmenting to potentially replacing human SOC analysts with systems that can perform 100% alert triage. The investment landscape reflects this shift, with 78% of venture capital reportedly flowing into AI companies despite many firms simply adopting AI terminology without substantive implementation. • Computer use abilities allowing AI to operate systems like humans will be the next major advancement • Within 12 months, expert AI agents will function like "super employees" in security operations • Ephemeral AI agents that complete specific tasks before dissolving enable unprecedented workforce elasticity • Traditional valuation metrics based on headcount are becoming obsolete as AI reduces staffing requirements • Companies running operations with 75%+ AI support can scale without proportional employee growth • The MSSP community appears slow to adopt AI capabilities despite clear operational benefits • AI systems will increasingly handle complete alert triage, potentially displacing human analysts • Vendors typically avoid discussing workforce displacement, focusing instead on productivity gains • Open-source AI innovations are accelerating development cycles across the industry Innovations in AI security are happening rapidly. Follow the speakers on social media to stay updated - Randy Blasik (@BlasikRandy on Twitter and Compliance Aid on LinkedIn), Richard Stiennon (@Stiennon on Twitter and LinkedIn), and Josh Bruyning on LinkedIn. Josh's LinkedIn…

Ever wonder what happens when centuries-old legal practices collide with cutting-edge technology? Dean Sapp, CISO at FileVine, pulls back the curtain on the digital transformation revolutionizing law firms worldwide. Beyond just modernizing paperwork, Dean reveals why attorneys have become prime targets for sophisticated hackers and nation-states. "Law firms are data aggregators of some of the most valuable information on the planet," he explains, detailing how insider knowledge of M&A deals, patents, and major developments makes legal data irresistible to cybercriminals. With attacks from Russia, China, and North Korea occurring daily, the stakes couldn't be higher. The conversation takes a fascinating turn when Dean shares how purpose-built AI is dramatically reshaping legal processes. Tasks that once took legal teams 4-6 weeks now complete in a single day. Immigration paperwork that required 4-6 hours now finishes in under an hour. These aren't minor improvements—they're transformative shifts in how legal services can scale to help more people. What sets this discussion apart is the rare glimpse into the specific security challenges of government legal agencies. With FileVine serving approximately 40 government agencies that require FedRAMP certification, Dean offers insights few security professionals ever witness. The intersection of legal compliance, national security, and political implications creates a security environment unlike any other. Whether you're a legal professional wondering how to stay ahead of technology trends, a security expert curious about specialized industry challenges, or simply fascinated by how AI is reshaping traditional professions, this episode delivers eye-opening perspectives on the future of legal services. Ready to discover how your organization can better protect sensitive information while dramatically improving efficiency? Join us for this revealing conversation about the technologies reshaping an entire profession. Josh's LinkedIn…

In this episode, Richard Stiennon makes some bold predictions about the future of AI in Cybersecurity. Artificial intelligence is transforming cybersecurity at an unprecedented pace, with large language models increasing in intelligence tenfold every 12 months and reaching a potential critical mass by 2027. • SOC automation represents the most immediate and profound application of AI in cybersecurity • Approximately 15 startups are developing AI solutions to replace tier-one SOC analysts • AI will eventually enable 100% automated triage of security alerts • The shift from tactical to strategic skills will be critical for cybersecurity professionals • As defensive AI improves, cybercrime may dramatically decrease, forcing attackers to use more expensive human-based methods • Major industry consolidation will likely occur as AI solutions demonstrate overwhelming effectiveness • Nation-states will remain the primary threat actors as they can afford to develop counter-AI attack capabilities Josh's LinkedIn Richard's LinkedIn Check out Josh's new book " The Close Line" available as an e-book on Amazon now, with paperback and hardcover versions coming soon. Check out IT-Harvest for a free demo. Josh's LinkedIn…

Mark Nicholls discusses how to integrate cybersecurity throughout the development lifecycle rather than treating it as an afterthought with pre-go-live penetration testing. He explains that embedding security into early design phases requires both leadership commitment and proper resource allocation to overcome the natural friction between IT and security teams. • Moving security activities earlier in the development lifecycle is crucial for effectiveness • DevSecOps implementation remains relatively rare, especially in larger legacy organizations • Many security teams lack capacity to participate in early design stages • Where a CISO reports indicates organizational security maturity • Less mature companies have CISOs reporting to CIOs, treating security as just a tech issue • More mature organizations position CISOs outside IT, reporting to CEO or board • Business risk assessment should be the ultimate measure of security effectiveness • Australia's "Essential Eight" provides practical baseline controls compared to NIST or ISO • Regulatory requirements for breach reporting are increasing globally You can find Mark Nicholls on LinkedIn or at informpros.com for any questions or follow-ups. Josh's LinkedIn…

Cybersecurity doesn't have to be overwhelming or unaffordable for small and mid-sized businesses. Corey White, CEO at Cyvatar, explains how their platform provides right-sized, comprehensive security that serves as a business driver rather than just a cost center. • Most companies don't need to hire a full security team – outsourcing cybersecurity makes sense just like outsourcing HR or payroll • Even with the best security training, 3% of employees will still click on malicious links, so protection must go beyond awareness • 98% of cyber attacks are preventable with the right controls in place • Hackers typically choose targets of opportunity rather than specifically targeting your company • Many businesses discover their cyber insurance won't pay out because they weren't actually implementing claimed security measures • "Right-sized cybersecurity" tailors protection to specific business needs and risk profiles • AI plays a critical role in both attacks and defense, requiring human expertise to guide implementation • Quantum computing will revolutionize cybersecurity in the coming years Check out Cyvatar's free assessment tool and basic security tools at cyvatar.ai, and connect with Corey White on LinkedIn to learn more about affordable, comprehensive security solutions. Josh's LinkedIn…

Market fluctuations cause cybersecurity stocks to drop 4-7%, creating buying opportunities for savvy investors despite fears surrounding Trump's new tariff policies. • Tariff impacts vary across cybersecurity companies—hardware manufacturers like Palo Alto and Fortinet face direct challenges with 54% tariffs on Chinese-made equipment • Current tariffs differ from historical ones as they function more as negotiation tactics than revenue generation mechanisms • Despite the current sell-off, cybersecurity stocks show remarkable resilience with CrowdStrike up 242%, CyberArk 162%, and Palo Alto 128% since January 2023 • The entire cybersecurity industry appears to be "for sale" with many funded companies selling for less than their investment capital • South Korea is emerging as a potential cybersecurity innovation hub, actively working to replicate Israel's success though facing challenges breaking into the US market • When researching potential acquisitions, look for unfunded companies 10-15 years old with flat or steadily growing headcount as indicators of stable profitability Check out IT Harvest for research tools that can help identify potential acquisition targets in the cybersecurity space, with filters for headcount, growth rates, and funding levels. Josh's LinkedIn…

The extraordinary success of Israeli cybersecurity companies on the global stage represents a fascinating case study in how a small nation can dominate a critical technology sector. Despite having just 9 million citizens, Israel has become the world's second-largest hub for cybersecurity innovation, home to over 450 security startups that collectively attract roughly one-third of all global private investment in the field. What drives this remarkable phenomenon? At the heart of Israel's cyber prowess lies its military intelligence units—particularly the famed Unit 8200—which function essentially as startup academies. These elite divisions train the country's brightest young minds in cybersecurity, cryptography, and intelligence gathering under real-world pressure. The statistics are striking: nearly 50% of Israeli founders who sold their companies for over $100 million served in these units, with alumni-led startups averaging exits of $317 million. The recent acquisition agreement between Google and Israeli cloud security unicorn Wiz for approximately $32 billion exemplifies this success story. Founded just four years ago, Wiz rocketed to a $12 billion valuation, secured over $1.3 billion in funding, and now counts 40% of Fortune 100 companies among its customers. This isn't an isolated case—in the past six years alone, Israeli cybersecurity firms have generated over $23 billion in exit value through mergers and acquisitions. For enterprise security leaders, the implications are clear: Israeli-developed technologies often represent the cutting edge in addressing emerging threats like cloud misconfiguration and AI-driven attacks. These companies combine elite technical talent with an aggressive problem-solving culture and global-first mindset, resulting in solutions that evolve as rapidly as the threat landscape itself. While adopting such technologies requires careful evaluation of product maturity, support capabilities, and long-term viability, the potential benefits include state-of-the-art protection and partnership with some of the most innovative minds in security. Are you leveraging Israeli cybersecurity innovations in your security stack? Reach out on LinkedIn to continue the conversation about how these technologies might strengthen your organization's defenses against increasingly sophisticated threats. Data powered by IT-Harvest Josh's LinkedIn…

Christian Espinosa, founder of Blue Goat Cyber, reveals the critical vulnerabilities in medical devices and how his company is working to secure the technology that keeps patients alive. After surviving a near-fatal health crisis that was diagnosed using a medical device, Christian dedicated his career to ensuring these life-saving technologies remain secure from increasingly sophisticated cyber threats. • Average hospital bed connected to 14 medical devices, creating numerous attack vectors • Medical device hacking could lead to patient harm or death through manipulation of pacemakers, surgical robots, or diagnostic systems • Christian personally experienced the importance of secure medical devices after six blood clots nearly took his life • Hospitals represent "hostile environments" from a cybersecurity perspective with poorly segmented networks • AI-enabled medical devices introduce new vulnerabilities through potential data poisoning attacks • Securing medical devices from the ground up during development is 90% more effective than adding security later • FDA and regulatory bodies are only now catching up to security standards Blue Goat has implemented for years • Medical device manufacturers often delay security considerations until just before submission, causing costly delays Listen to Christian's MedDevice Cyber Podcast and visit bluegoatcyber.com for more information on securing medical technology and protecting patient safety. Josh's LinkedIn…

We explore the emergence of a new AI-driven economy that's creating unprecedented opportunities for entrepreneurs and businesses of all sizes to compete at enterprise levels with minimal resources. • AI represents the most significant technological advancement since the wheel, democratizing powerful capabilities previously available only to large corporations • Small and medium businesses can move quickly to adopt AI while enterprises struggle with implementation, creating a competitive advantage window • AI tools like HeyGen for video avatars and Eleven Labs for voiceovers enable solo entrepreneurs to produce professional content at fraction of traditional costs • The combination of domain expertise with AI literacy creates a "superpower" in today's marketplace • Junior-level positions face disruption while experienced professionals can leverage AI to launch specialized service businesses • The most valuable approach combines AI efficiency with uniquely human abilities like empathy, creativity, and relationship building • Teaching others to use AI effectively represents a significant business opportunity in itself • Tools like ChatGPT, Claude, HeyGen, ElevenLabs, and Accio represent the current state of accessible AI technology • Entrepreneurs can now experience the freedom and reward of business ownership with substantially lower barriers to entry Check out Jenna Gardner on TikTok, YouTube and Instagram at Jenna_Gardner_AI to learn more about implementing AI in your business. Josh's LinkedIn…

Google makes a monumental $32 billion acquisition of cloud security leader Wiz, marking one of the largest cybersecurity acquisitions in history after previously attempting to purchase the company for $23 billion last year. • Wiz offers simple cloud security deployment that provides immediate visibility into cloud environments • Founded by a team that previously sold their startup Adallom to Microsoft • Achieved unprecedented growth, reaching $100 million ARR faster than most enterprise software companies • Created strong operational excellence with defined founder responsibilities and accountability • Primarily serves AWS customers, creating an interesting dynamic where Google will generate revenue from customers using a competitor's cloud • Potential for combining Google's AI capabilities with Wiz's cloud security platform creates exciting possibilities • Competition between cloud providers (Google, Microsoft, AWS) intensifies with this strategic acquisition • No immediate changes expected for existing Wiz customers, though long-term integration questions remain • Demonstrates cybersecurity remains a top investment priority despite economic conditions • Spawns opportunities for new startups and validates venture investment strategies in cybersecurity Josh's LinkedIn…

The cybersecurity industry is undergoing rapid consolidation as established companies expand their capabilities through strategic acquisitions rather than internal development. Three major acquisitions in March 2025 highlight key trends: the growing importance of securing operational technology, the central role of AI in data security, and the continued significance of the human element in cybersecurity defense. • Armis acquired Otorio on March 6, 2025, enhancing its ability to secure air-gapped industrial networks in energy, manufacturing, and utilities sectors • The acquisition integrates Otorio's OT security expertise into Armis' Centrix platform, providing comprehensive visibility across IT and OT environments • Forcepoint's acquisition of GetVisibility on March 11 strengthens its AI-driven data discovery and classification capabilities • GetVisibility's DSPM solutions help protect sensitive data across endpoints, cloud applications, and generative AI platforms • Italian provider CyberGuru acquired French startup Mantra SAS on March 13, combining their security awareness training platforms • The merged entity will serve over 1,000 organizations globally, reaching approximately 1.5 million users • These acquisitions reflect an industry-wide shift toward more integrated, comprehensive security solutions • Companies are positioning themselves strategically to address multiple aspects of the modern threat landscape Tune into Cybernomics with me, Josh Bruning, every Wednesday morning at 7 Eastern for in-depth conversations about the hidden costs of cybersecurity. Josh's LinkedIn…