TechSpective Podcast

There’s a question I’ve been sitting with lately: Are we prepared for what AI is about to expose in our organizations—not just technically, but operationally? In this episode of the TechSpective Podcast, I sit down with Kavitha Mariappan, Rubrik’s Chief Transformation Officer, to unpack some of the less flashy but arguably more urgent questions about enterprise security, AI readiness, and business continuity. If your organization is still treating identity as a login issue or AI as a future-state conversation, you might be missing the bigger picture. Kavitha doesn’t speak in clichés. She’s been in the trenches—engineering, scaling go-to-market teams, and now helping steer one of the fastest-evolving players in the data security space. Her perspective is shaped by decades of experience, but her focus is very much on the now: how to operationalize resilience at a time when every system, process, and even person has become a potential attack vector. One of the threads we pull on is the idea that resilience isn’t a fallback plan anymore—it’s the front line. And identity? That’s not just a security issue. It’s a dependency. If you can’t log in, you can’t recover. You can’t operate. You can’t pivot. The conversation touches on what it really means to build for resilience in a landscape where downtime isn’t just costly—it’s existential. We also explore what I’ll loosely call “AI exposure therapy”—not in the sense of experimenting with new models or shiny tools, but in understanding how AI is forcing companies to confront their structural weaknesses. What used to be considered internal inefficiencies are now potential vectors of attack. Technical debt isn’t just a performance issue—it’s a risk multiplier. Kavitha brings data to the table too—sharing insight from Rubrik Zero Labs on the alarming surge in identity-based attacks and why the majority of companies are still playing catch-up when it comes to securing what they can’t always see. It’s a wake-up call, but not a hopeless one. What made this conversation stand out to me wasn’t just the subject matter, but the way Kavitha frames the questions we should be asking: How do we architect for a world that’s already in flux? How do we define AI transformation when most businesses are still digesting digital transformation? And perhaps most critically, what needs to change inside the organization before the tech can even do its job? I won’t give away the full arc of the discussion, but here’s my pitch: If you’re leading, advising, or building for a company that handles sensitive data (hint: that’s all of us), this episode will challenge you to think differently about where resilience really begins—and what it’s going to take to build it into the DNA of your org. Listen to or watch the full episode here:

There’s something happening in cybersecurity right now that’s both exciting and a little disorienting. As generative and agentic AI take over headlines, conference keynotes, and investor decks, it’s easy to assume we’re on the verge of some great leap forward. The reality is more complicated—and more interesting. In the latest episode of the TechSpective Podcast, I had the chance to sit down with Sachin Jade, Chief Product Officer at Cyware, for a conversation that cuts through the buzzwords. We cover a lot of ground—from AI’s place in the SOC to the underrated power of relevance in threat intelligence—but what stuck with me most was this: the most transformative work happening in security right now doesn’t look like a revolution. It looks like simplification. Not simplification in the marketing sense—fewer dashboards, “single pane of glass,” etc.—but simplification where it actually matters: filtering noise, streamlining analysis, helping human analysts do their jobs better and faster. There’s a growing recognition among smart security leaders that “flashy” features might demo well, but if they don’t reduce burnout, improve signal-to-noise, or give analysts time back in their day, they’re missing the point. We’re at a moment where AI can—and should—do more than just surface alerts. The goal isn’t to impress anyone with a cool interface or to simulate a brilliant security expert. The goal is to embed intelligence into the places that grind analysts down: filtering irrelevant threat intel, connecting disparate data points, recommending next steps based on context. Mundane, unsexy tasks—yes. But transformative when done well. Sachin offered a useful framework for thinking about agentic AI that goes beyond the surface definitions most people are using. We talk about where true decision-making autonomy begins, how it fits into layered workflows, and what it really looks like to “mimic” human reasoning in a SOC environment. Spoiler: it’s not about replacing people. It’s about enabling them. Another theme that emerged: relevancy. Not in a vague, feel-good way, but in the deeply practical sense of “does this matter to me, my company, my infrastructure, right now?” For all the AI talk, too many tools still struggle to answer that question clearly. Cyware’s approach, which Sachin outlines in the episode, puts a premium on reducing noise and increasing clarity. There’s no magic wand—but there is a very intentional shift toward making intelligence actionable, digestible, and contextual. That matters more than whatever buzzword is trending on social media this week. We also explore the idea of functional decomposition in AI—a concept that mirrors how most human security teams are structured. Instead of building a monolithic super-intelligent assistant, Cyware has developed a multi-agent model where each AI agent is focused on a specific task, like malware triage or incident correlation. It’s less hive-mind, more specialized team—just like the best human teams. That architectural choice has significant implications for accuracy, explainability, and trust. The full conversation dives deeper into how these ideas show up in real-world security operations, what CISOs are actually looking for in AI-driven tools, and why strategic use of “boring” automation may be the real game-changer for the next decade. If you’re someone who’s tired of the AI hype but still deeply curious about where it’s actually moving the needle, I think you’ll find this episode worth your time. We don’t spend 45 minutes tossing around acronyms—we get into how AI can help analysts cut through the clutter, why relevancy is the next frontier, and what it means to design intelligence that works the way humans actually think. Listen to or watch the full episode here:

Every once in a while, a conversation forces you to stop and rethink something you thought you already understood. Recording this latest TechSpective Podcast episode with Semperis CEO Mickey Bresman did exactly that—and it has everything to do with how AI is quietly rewriting the rules of identity security. If you’ve been following the industry for a while, you know the story: hybrid environments are the norm, identity is the new perimeter, and permissions hygiene is the decades-old chore nobody has enough time—or patience—to do well. None of that is breaking news. What is new is what happens when you drop modern AI into the middle of that reality. We’re not talking about sci-fi leaps or theoretical risk models. We’re talking about something much more immediate: AI tools that can surface old data, forgotten data, and misconfigured access paths you didn’t even know existed. Years of “we’ll fix that later” suddenly become a living, breathing attack surface the moment AI starts connecting dots faster than any human ever could. Mickey and I unpack why this shift is so significant and why organizations often misunderstand the real implications. We also get into the emerging gray zone of agentic AI—systems that operate like users, make decisions like users, and introduce a whole new category of identity no one had to account for before. It’s an area where the guardrails are still being built, even as the tools accelerate. I won’t spoil the conversation here, because part of the fun is hearing how Mickey frames the problem—and the opportunities—through the lens of someone working directly with organizations grappling with this right now. Let’s just say the old assumptions don’t hold, and the path forward involves more than bolting AI onto existing processes. If you care about identity, security, or the rapidly approaching future where AI plays a central role in both offense and defense, this is a conversation worth your time. Check out the full episode here: And as always, stay tuned. At the pace things are evolving, this probably won’t be the last time we revisit the topic—and the next wave may hit sooner than any of us expect.

Every once in a while, I end up in a conversation that hits at exactly the right moment—when the industry is shifting, the vocabulary is changing, and everyone is quietly circling the same questions. This new episode of the TechSpective Podcast is one of those. Art Poghosyan, CEO and co-founder of Britive, joined me on this episode of the TechSpective Podcast for a fluid and surprisingly energizing dive into where identity security meets agentic AI. If you’ve followed the podcast this year, you know the pattern: gen AI defines the early hype cycle, but 2025 belongs to agents. Not the fantasy version where they automate your whole life, but the real-world scenario where they reshape what “digital responsibility” even means. Art has more than two decades of identity and access management experience, which gives him a grounded way of thinking about the moment we’re in. As we start talking, the first big theme that emerges is how fast the definition of “identity” is expanding. Identity used to be about people—employees, contractors, admins—and the occasional service account someone documented at 4:59 p.m. on a Friday. Now? Agents complicate all of that. A non-human autonomous system with access to a SaaS platform or a data lake behaves a lot like a user, even if it isn’t one on paper. Treating it as “just software” is exactly how we recreate the same exposures that powered the breach headlines of the last decade. One of the threads we tug on is the question of trust—not the fuzzy philosophical kind, but trust as an operational decision. An agent making decisions on your behalf needs to be verified every time it touches something sensitive. You need visibility into what it’s doing, controls around how long it can do it, and a way to shut it down when it starts operating outside its lane. These aren’t hypotheticals anymore. They’re the next generation of identity security problems, and Art offers a sharp perspective on what modern tooling needs to look like to keep up. The conversation also wanders into the human side of this shift. Everyone loves to frame the future as “AI versus AI,” but the real tension right now sits in the messy handoff between human intent and autonomous execution. Most organizations are easing into agents the same way you learn to drive a car: one cautious tap of the brakes at a time. That slow acclimation matters as much as any new feature or model. And yes, without giving anything away, we do acknowledge the part people sometimes treat like an afterthought: attackers get the same toys. They’re using them already. Ignoring that reality doesn’t make it go away. What I appreciate about this episode is how it holds the middle ground. It’s not hand-wringing about a dystopian future, and it’s not an AI pep rally. It’s a pragmatic, curious look at a technology that’s maturing faster than the guardrails around it. Art brings a thoughtful, steady view of where identity security is heading and what happens when autonomous systems stop playing by human rules. If you’re trying to understand how agentic AI fits into your world—or how identity security has to evolve to keep pace—this is a conversation worth hearing. Watch the full episode on YouTube and see where the discussion takes your own thinking next.

One thing I’ve learned after years of covering cybersecurity is that the “state of the threat landscape” rarely sits still long enough to fit neatly into a headline. Every time you think you’ve understood the latest trend, something shifts under your feet. That’s part of the fun—and part of the challenge. That dynamic energy is exactly why I invited Brad LaPorte onto the TechSpective Podcast for this latest episode. Brad has lived just about every angle of cybersecurity you can think of: military intelligence, consulting, analyst work at Gartner, and now CMO of Morphisec. He’s been in the room for many of the big transitions—tooling changes, strategic changes, and the increasingly blurry line between human-driven attacks and AI-driven ones. Our conversation went much deeper than a simple “state of ransomware” update. Ransomware itself has grown so far beyond the old definition that it feels strange to keep calling it that. The classic “encrypt everything and demand crypto” playbook isn’t what defines the modern threat. The real story now is how fast attackers adapt, how quickly new tactics spread, and how criminal groups behave more like full-fledged businesses than hobbyist hackers. We dig into all of that, but in a conversational way rather than a technical lecture. The thread that kept coming up is how small pieces of data—details that seem harmless on their own—can snowball into serious compromises when attackers start connecting the dots. Brad shared experiences that underscore how those tiny cracks get leveraged in ways most people never consider. It’s a reminder that cybersecurity is not only about the tools in place, but about the environment those tools live in. Another theme we circled around is the growing presence of AI in both defense and offense. AI-driven attacks aren’t a distant theory anymore. They’re active, adaptive, and often unsettling in how quickly they shift tactics mid-stream. Brad and I talked about what that means for defenders, why “preemptive” approaches are gaining traction, and how companies are trying to outpace threats that no longer behave like traditional malware at all. We also talked about the human side—something that doesn’t always make it into technical coverage. Cyberattacks aren’t abstract events. They’re personal. They exploit habits, patterns, and moments of distraction. Anyone who has ever clicked something out of instinct rather than scrutiny will relate to some of the scenarios we discuss. One thing I love about hosting this podcast is the space it creates for unscripted, honest discussion. Brad and I covered a lot—ransomware economics, polymorphic attacks, data exposure, the “funhouse mirror” problem of deception technologies, and even the strange comfort of knowing that pizza orders can still give away national secrets. Yes, really. And no, I’m not explaining it here; you’ll have to listen. If you work in cybersecurity, follow cybersecurity, or simply exist in a world shaped by cybersecurity, this episode is worth your time. It’s lively, candid, and packed with insight without requiring a glossary on the side. And if past experience is any guide, the things we talk about today may feel very different six months from now. That’s part of why these conversations matter. Give it a listen, subscribe if you enjoy it, and let me know what topics you want to hear explored next.