In this episode, Michael Piacente shares insights on career transitions in IT and security, the evolving role of CISOs, and the impact of AI on security talent and practices. Discover how community, storytelling, and strategic hiring shape the future of cybersecurity leadership.

Resources

The 2026 Global CISO Leadership Report

Hitch Partners

NIST AI Framework

Send a text

In this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the world.

In our conversation, they discuss what they found in their latest Cloud Threat Report examining the impact of the COVID-19 pandemic. We explore how the tremendous increase in remote work has affected cloud security and why Jay is more concerned over the number of mistakes that people are making, rather than the type of mistakes. Tuning in you’ll hear what organizations can do to curtail the recent rise in security incidents and some interesting observations that Q and Jay learned from their data, such as the fact that even malicious hackers need a holiday and don’t want to spend all their time in front of a computer cryptojacking :-)

Key Points From This Episode:

• Cloud security incidents grew, on average, 188% pre vs. post COVID-19 discovery.
• Retail organizations saw the greatest increase in security incidents at 402%.
• The cloud is no longer for low-impact data: 69% of data is PII.

Tweetables:

“We saw a decrease in crypto mining operations during the holiday period between December 24th through January 3rd. It just kind of goes to show that even malicious crypto miners want to take a holiday.” — Nathanial Quist [0:25:26]

“Standardization can help you find the issue but automation can help you to prevent or mitigate [it].” — Jay Chen [0:32:02]

Links Mentioned in Today’s Episode:

Cloud Threat Report

Clip from Tommy Boy

Nathaniel Quist on LinkedIn

Jay Chen on LinkedIn

Cloud Security Today

Send a text

While most companies have significantly increased their investments in SaaS, they have not updated their security controls and processes to ward off threats posed by this medium. Leaving SaaS security to Cloud Access Security Brokers (CASB) is not sufficient. The security controls need to be placed around the data, APIs, and applications that are running inside a cloud environment, not outside its perimeter. This is the kind of security that AppOmni provides and today we have its CEO, Brendan O'Connor on the show to dive deeper into the subject of SaaS security.

We begin with Brendan’s journey into IT and security and hear a bit more about what makes him tick. From there, we dive into the subject of security in the cloud as it pertains to SaaS specifically. Brendan does a great job of explaining why SaaS platforms are subject to so many misconfigurations and why these are not being recognized by security teams. He gets into how the cloud infrastructure is set up and uses a few brilliant analogies to describe how an attacker might get into a SaaS platform without security ever realizing. He talks about some basic security measures companies need to take and shares more about how solutions like AppOmni can automate security. For insight into the vulnerabilities of SaaS and how to guard against them, tune in today!

Key Areas From This Episode:

• Curiosity and a love for solving problems is Brendan’s method for keeping his edge.
• Brendan’s recommendations for security guardrails that always need to be in place.
• Hear Brendan’s argument about the need for automated SaaS security.
• Brendan’s recommendations for setting up and measuring SaaS security.
• Advice from Brendan about how security teams need to adapt in light of Solar Winds.

Tweetables:

“Companies have significantly expanded their SaaS investment and footprint and the SaaS applications themselves have really grown in complexity. Most companies haven't updated their security controls to support SaaS, or invested in new technology to manage this problem. That's where AppOmni comes in.” — @AppOmniSecurity [0:01:54]

“I love solving puzzles. Enterprise security at scale is a hard problem. It's a puzzle. There is not a one-size-fits-all solution.” — @AppOmniSecurity [0:05:29]

“SaaS applications are becoming closer to operating systems in the cloud than a single simple web app. You can't watch what every individual is doing. You have got to put guardrails in place.” — @AppOmniSecurity [0:20:30]

“SaaS is a fundamentally different architecture than hosting things on-premise. You need to rethink, what is the value that you get from your security tools? How can you get that value today in an automated fashion in these new systems that support that new architecture?” — @AppOmniSecurity [0:24:44]

Links Mentioned in Today’s Episode:

Matt Chiodi on LinkedIn

Matt Chiodi on Twitter

Brendan O’Connor on LinkedIn

App