Recently and over the past few years, world events may have included cybersecurity components in their enactment. So, Brian, Erik, and Dan started talking about the role of security in critical infrastructure protection, asking questions about the ethics and thresholds for government and corporate roles in cyber retaliation, whether we as security practitioners have a role (or an obligation, or even a liability) to close vulnerabilities that can be used in primary or retaliatory scenarios. How much of human nature makes cyber retaliation a foregone conclusion, or can we find ways to reduce the need or use or availability of ways in via the technology. From Stuxnet to Iran to Caracas, using cybersecurity is a prevalent vector of retaliation, but does it always have to be that way? Or will it end with WOPR’s recognition that the only way to win the game is not to play at all?

It’s hard to talk about modern cybersecurity and not bring in current events, and even harder to keep it from turning political. We tried very hard to do a good job in the latter as we talked about the former.

Thanks for being part of the debate!

Show Notes:

• Caracas Invasion - https://abcnews.go.com/International/explosions-heard-venezuelas-capital-city-caracas/story?id=128861598
• Stuxnet Explained - https://www.csoonline.com/article/562691/stuxnet-explained-the-first-known-cyberweapon.html
• Book Recommendation: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon - https://geni.us/swbN
• San Bernardino vs Apple - https://epic.org/documents/apple-v-fbi-2/
• Movie Recommendation: Real Genius - https://geni.us/abYUYT
• Book Recommendation: The Creature from Jekyll Island: A Second Look at the Federal Reserve - https://geni.us/SL21a
• CIA Triad - https://cybersecuritynews.com/cia-triad-confidentiality-integrity-availability/
• Book Recommendation: Atomic Habits - https://geni.us/Nn2GSYr
• Michigan Council of Women in Technology -https://mcwt.org
• Critical Infrastructure (Sectors) - https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors
• Shadowbrokers - https://www.theatlantic.com/technology/archive/2017/05/shadow-brokers/527778/
• AI Prescriptions (Utah) - https://www.politico.com/news/2026/01/06/artificial-intelligence-prescribing-medications-utah-00709122
• Japanese Omoiyari -

Rules are made and policies are established. But the “how” of implementing and meeting those regulations or policies will be very context specific. In this episode of the Great Security Debate, Dan, Erik, and Brian cover a number of key policies and requirements and some different ways to think about implementing them and how the specific situation, company, risk will affect the way you meet the rule. From driving a car to incident response and everything in between. We debate the need to look back at old rules and see if they all still make sense (a great programme called Kill Stupid Rules), and flexibility in control implementation to meet evolving business needs, to move quickly, and keeping the whole picture of the business, customer, and employees in mind.

Thanks for Listening!

Show Notes:

1. Passing on the right in Michigan: https://legislature.mi.gov/Laws/MCL?objectName=MCL-257-637
2. Overtake time in Triathlon: https://www.triathlete.com/training/race-tips/9-race-rules-didnt-know-breaking/
3. Reflex Security (Agentic Tabletop Exercises and Training): https://reflexsecurity.io
4. Kill Stupid Rules: https://www.wsb.com/blog/employee-retention-secret/
5. GM Dress Code Change (2020): https://gmauthority.com/blog/2020/06/how-general-motors-ceo-mary-barra-changed-the-companys-dress-code-for-the-better/
6. Silly State Rules: https://www.buzzfeed.com/rhiannacampbell/weird-old-american-laws-you-wont-believe
7. Sex in Full Self Driving Cars (Clean): https://www.cbc.ca/news/science/sex-distracted-driving-1.3562029
8. Movie Recommendation - The Usual Suspects: https://geni.us/wVrLOCB
9. John Bingham, COO, Speak by Design: https://www.speakbydesign.com/about-us
10. Movie Recommendation - Gremlins: https://geni.us/qE6NAC
11. Movie Recommendation -Die Hard: https://geni.us/eMASs
12. Movie Recommendation - Love Actually:

We are back for another Great Security Debate.

In this episode: we discuss the potential role of agentic AI in security, from true “copilot” to automated decider of things, and whether LLMs are just a really cool search engine. Brian, Erik, and Dan also debate the means and extent to which we could replace ourselves with agents and what the inhibitors and risks are (spoiler alert: trust and survival of that agent after employment were big factors), and how do we train those agents of all the steps our brains take to make the decisions that the humans make, and do so without polluting it with aspirational versions of ourselves (think: Instagram vs Reality). And it all leads to a parenting lesson by Brian and an automotive process lesson by Erik? It’s quite a debate.

Thanks for listening! We might do one more episode in 2026, but if not have a wonderful holidays and a happy new year!

Here’s the quote that Brian references at the end of the episode by Tolstoy:

Thanks for listening!

Show Notes:

• Reflex Security - https://reflexsecurity.io
• Movie Recommendation: Multiplicity - https://geni.us/7vgKO
• Plaid Privacy Policy - https://plaid.com/legal/
• Prompts.ai - https://www.prompts.ai/en
• Music Recommendation: Take On Me - A-ha - https://www.youtube.com/watch?v=djV11Xbc914
• Book Recommendation: The Toyota Way - Book - https://geni.us/3LcpM
• Book Recommendation: Six Sigma - https://geni.us/CS8ql
• Book Recommendation: Matricide - https://geni.us/Xfn2MB
• Book Recommendation: The Lorax - https://geni.us/Fy8X4b
• Perplexity - https://www.perplexity.ai
• TV Recommendation - Pluribus (Apple TV+) - https://tv.apple.com/us/show/pluribus/umc.cmc.37axgovs2yozlyh3c2cmwzlza

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.