It’s a Little Hard to Evaluate New Solutions When You’re Screaming “AI” at Me All the Time (Live in Houston)

#1711172: It’s a Little Hard to Evaluate New Solutions When You’re Screaming “AI” at Me All the Time (Live in Houston)

Description:	At some point, all the hype around AI has made it hard to identify meaningful innovation. In a space where everyone can’t stop talking about how they are integrating AI, how do we find what’s worth our attention? This week’s episode is hosted by me, David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining us on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. [Jack Leidecker] The best advice to me initially started as the worst. So, I had a previous boss who wanted us to fix our phishing issues, and we’re going to fire everyone after they get phished three times. I had to say, “Actually, we would end up firing you.” But more importantly, it helped us reevaluate what we wanted to do for phishing, which is changing behavior, and if someone thinks they’re going to get fired, they’re not going to tell you, they’re not going to report. [Voiceover] You’re listening to CISO Series Podcast, recorded in front of a live audience in Houston. [Applause] [David Spark] Welcome to the CISO Series Podcast. My name is David Spark, I’m the producer of the CISO Series. And to my immediate left is my guest who was here last year when we did the show. It’s Jerich Beason, the CISO for WM. Let’s hear it for Jerich! [Applause] [David Spark] Say hello to the audience, Jerich. [Jerich Beason] Hello, audience. [David Spark] That’s what my other cohost, Steve Zalewski, says it just like that. In fact, people have come up to him and said, “Hello, Steve.” Just like that he introduces. By the way, we are recording live at HOU.SEC.CON, which by the way, I pronounced incorrectly, I did like HOW.SEC.CON. or something stupid like that. I got definitely admonished for that, but we’re at HOU.SEC.CON. Let’s hear it from the HOU.SEC audience! [Applause] [David Spark] And we are available at CISOseries.com, where all our wonderful programming is. Our sponsor for today’s episode, the reason we are here in Houston, Vorlon Security, enterprise SaaS security that’s light years beyond the legacy SSPM tools, more about that later in the show. Let’s hear it for Vorlon for making us come here to Houston! [Applause] [David Spark] All right. Before we begin, one of the staples of the CISO Series is a game we play called “What’s Worse?” which we will play today, and as I understand, you play a version of it at your office. Some of your staff members are here, Jerich. How do you play the game differently? [Jerich Beason] All right. So, we call it “Pick Your Poison” because, you know, copyright, and what we do is we have a scenario, different people on our team provide that scenario, and the team is divided on if they go with option A or option B, but their goal is to pick the option they think that I would want to take in front of the board. That is the mindset that they have, and it helps them learn who I am, how I am, and a lot of decisions are made now without me having to be in the room because we play that game. [David Spark] That is awesome. The fact that they can essentially think like you and… But now, but hold it. How do you then, if they’re all thinking like you, how do you get that very diversity of sort of understanding of cybersecurity incidents? [Jerich Beason] So, one, usually the majority is wrong. [David Spark] Okay. [Laughter] [Jerich Beason] And for me, that’s actually best because it’s a learning opportunity, and at the end of the day, incidents are a shared responsibility. So, I’m going to still find out about everything, but when we have to make risk-based decisions, they can say, “Well, what would Jerich do?” It’s another version of WWJD. [David Spark] I like it. All right, let’s bring on our guest. He’s to our left. You heard him at the very beginning of the show. He’s a CISO for Gong. Let’s hear it for Jack Leidecker. [Applause] [David Spark] Say hello to the audience, Jack. [Jack Leidecker] Hello. [David Spark] That works for me. What’s the motivation to do this? 3:24.139 [David Spark] Open source devs of the world unite? “It is long past time that maintainers stopped letting them (being the organizations) take advantage of their (the maintainers’) good nature.” Now that’s Justin Warren of Pivot9, arguing that organizations have developed a parasocial relationship with open source software. It’s seen as a naturally recurring resource rather than human labor requiring support. His solution? Listen to this. Maintainers should go on strike, stop rushing to fix things for those freeloaders, and patch security flaws at a leisurely pace, unless someone’s paying. All right, Jerich, do you agree organizations are taking advantage of open source’s goodwill, and if so, can this continue, because it has been, or should something be done? I mean, Warren’s suggestion is pretty dramatic. [Jerich Beason] Yeah, I would agree that most IT shops with some type of development function are definitely heavily dependent upon open source, and it is a disproportionate level of consumption versus contribution. That being said, I would look at that parasocial concept a little bit differently.
More info:	https://cisoseries.com/its-a-little-hard-to-evaluate-new-solutions-when-youre-screaming-ai-at-me-all-the-time-live-in-houston/

Description:

At some point, all the hype around AI has made it hard to identify meaningful innovation. In a space where everyone can’t stop talking about how they are integrating AI, how do we find what’s worth our attention?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining us on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025.

[Jack Leidecker] The best advice to me initially started as the worst. So, I had a previous boss who wanted us to fix our phishing issues, and we’re going to fire everyone after they get phished three times. I had to say, “Actually, we would end up firing you.” But more importantly, it helped us reevaluate what we wanted to do for phishing, which is changing behavior, and if someone thinks they’re going to get fired, they’re not going to tell you, they’re not going to report.

[Voiceover] You’re listening to CISO Series Podcast, recorded in front of a live audience in Houston.

[Applause]

[David Spark] Welcome to the CISO Series Podcast. My name is David Spark, I’m the producer of the CISO Series. And to my immediate left is my guest who was here last year when we did the show. It’s Jerich Beason, the CISO for WM. Let’s hear it for Jerich!

[Applause]

[David Spark] Say hello to the audience, Jerich.

[Jerich Beason] Hello, audience.

[David Spark] That’s what my other cohost, Steve Zalewski, says it just like that. In fact, people have come up to him and said, “Hello, Steve.” Just like that he introduces. By the way, we are recording live at HOU.SEC.CON, which by the way, I pronounced incorrectly, I did like HOW.SEC.CON.

or something stupid like that. I got definitely admonished for that, but we’re at HOU.SEC.CON. Let’s hear it from the HOU.SEC audience!

[Applause]

[David Spark] And we are available at CISOseries.com, where all our wonderful programming is. Our sponsor for today’s episode, the reason we are here in Houston, Vorlon Security, enterprise SaaS security that’s light years beyond the legacy SSPM tools, more about that later in the show.

Let’s hear it for Vorlon for making us come here to Houston!

[Applause]

[David Spark] All right. Before we begin, one of the staples of the CISO Series is a game we play called “What’s Worse?” which we will play today, and as I understand, you play a version of it at your office. Some of your staff members are here, Jerich.

How do you play the game differently?

[Jerich Beason] All right. So, we call it “Pick Your Poison” because, you know, copyright, and what we do is we have a scenario, different people on our team provide that scenario, and the team is divided on if they go with option A or option B, but their goal is to pick the option they think that I would want to take in front of the board.

That is the mindset that they have, and it helps them learn who I am, how I am, and a lot of decisions are made now without me having to be in the room because we play that game.

[David Spark] That is awesome. The fact that they can essentially think like you and… But now, but hold it. How do you then, if they’re all thinking like you, how do you get that very diversity of sort of understanding of cybersecurity incidents?

[Jerich Beason] So, one, usually the majority is wrong.

[David Spark] Okay. [Laughter]

[Jerich Beason] And for me, that’s actually best because it’s a learning opportunity, and at the end of the day, incidents are a shared responsibility. So, I’m going to still find out about everything, but when we have to make risk-based decisions, they can say, “Well, what would Jerich do?” It’s another version of WWJD.

[David Spark] I like it. All right, let’s bring on our guest. He’s to our left. You heard him at the very beginning of the show. He’s a CISO for Gong. Let’s hear it for Jack Leidecker.

[Applause]

[David Spark] Say hello to the audience, Jack.

[Jack Leidecker] Hello.

[David Spark] That works for me.

What’s the motivation to do this?
3:24.139

[David Spark] Open source devs of the world unite? “It is long past time that maintainers stopped letting them (being the organizations) take advantage of their (the maintainers’) good nature.” Now that’s Justin Warren of Pivot9, arguing that organizations have developed a parasocial relationship with open source software.

It’s seen as a naturally recurring resource rather than human labor requiring support. His solution? Listen to this. Maintainers should go on strike, stop rushing to fix things for those freeloaders, and patch security flaws at a leisurely pace, unless someone’s paying.

All right, Jerich, do you agree organizations are taking advantage of open source’s goodwill, and if so, can this continue, because it has been, or should something be done? I mean, Warren’s suggestion is pretty dramatic.

[Jerich Beason] Yeah, I would agree that most IT shops with some type of development function are definitely heavily dependent upon open source, and it is a disproportionate level of consumption versus contribution. That being said, I would look at that parasocial concept a little bit differently.

More info:

https://cisoseries.com/its-a-little-hard-to-evaluate-new-solutions-when-youre-screaming-ai-at-me-all-the-time-live-in-houston/

Date added	Nov. 11, 2025, 10:38 a.m.
Source	CISO Series
Subjects	AI/ML - Artificial Intelligence / Machine Learning / GenAI / Artificial General Intelligence - AGI - Various PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Security Management/Strategic Security/ROI/ROSI - CISO and Higher Level