I spend a lot of time talking with people in cybersecurity. Founders, analysts, CISOs, researchers. One thing that comes up again and again is that the problem space keeps getting bigger. Not just more threats—more complexity. That’s really the thread running through my recent TechSpective Podcast conversation with Clarence Chio, co-founder and CEO of Coverbase. Security used to be easier to conceptualize. Not easier to solve, necessarily—but easier to frame. You had networks, endpoints, users, and a perimeter. Protect the edge. Monitor what’s inside. Respond when something goes wrong. That model doesn’t really exist anymore. Today, most organizations operate in environments that span multiple clouds, dozens or hundreds of SaaS applications, APIs everywhere, and automated workflows connecting everything together. Identities are everywhere too—human users, service accounts, machine identities, AI agents. The number of things acting inside a system has exploded. And every one of those things represents potential risk. Clarence and I spent a good part of the conversation talking about how that shift changes the nature of cybersecurity. It’s less about building walls and more about understanding behavior. Who is doing what? What systems are interacting? What’s normal, and what isn’t? That sounds simple, but it’s actually one of the hardest problems in security right now. The environment changes constantly. New tools get deployed. Developers spin up services. AI models start interacting with data pipelines and APIs. Keeping track of it all is a challenge. Then there’s the AI angle. AI is showing up everywhere right now—on both sides of the security equation. Security vendors are embedding AI into their platforms to analyze data faster and automate responses. At the same time, attackers are experimenting with AI to generate malware, improve phishing, and automate reconnaissance. But one thing Clarence pointed out—and I agree—is that AI doesn’t magically solve security problems. If anything, it tends to amplify whatever processes already exist. If your visibility is poor, AI doesn’t fix that. If your governance is weak, automation can actually make the problem worse. Technology alone rarely fixes systemic problems. Another part of the discussion that stood out to me was the human side of security. It’s easy to focus on tools because that’s what vendors sell. But effective security programs depend heavily on the people running them. Security professionals need to understand the technology, obviously. But they also need context and judgment. They need to know how systems interact and how changes ripple across an environment. And maybe most important, they need the freedom to question assumptions. That’s something Clarence emphasized during the conversation. In fast-moving technology environments, curiosity and critical thinking matter. Security teams can’t just follow checklists. They have to understand how systems behave and be able to spot when something doesn’t look right. Which brings us back to complexity. The attack surface keeps growing. Infrastructure is more distributed. AI and automation are adding new layers of capability—and new layers of risk. There’s no single tool that solves that. What organizations can do is build better visibility, invest in people, and develop security programs that are designed to adapt rather than assume the environment will stay stable. That’s easier said than done, but it’s the direction things are moving. If you’re working in security—or just trying to make sense of how AI and modern infrastructure are reshaping risk—I think you’ll find the conversation interesting. Clarence brings a thoughtful perspective, and we cover a lot of ground without getting lost in buzzwords. You can listen to the full episode of the TechSpective Podcast or watch the discussion on YouTube.