In October, the Cybersecurity and Infrastructure Security Agency (CISA) issued a report that's still generating buzz in the security world – it questioned the data sources in often-cited reports about the value of "shifting left". Another section of the CISA report called into question the idea that security flaws cause people to stop using products and concluded that "In general, it seems that quality failures don’t always affect customer loyalty."

In this episode, guest Adrian Sanabria, the host of the Enterprise Security Weekly podcast and principal researcher at The Defenders Initiative, discusses the fallout from CISA's report on the last decade's notions of organizational security roles and how changing technology will also change the roles organizations assign to those responsible for cybersecurity and risk.

Doug Merritt was CEO of Splunk from 2015 to 2021 and led the company's transition from an on-premises software company to a cloud-based service provider. After two years in the venture capital and board advisory space, Merritt joined multi-cloud networking company Aviatrix as CEO in 2023. That company introduced its first security product, a distributed firewall for Kubernetes, in May, and rolled out a managed version of its multi-cloud network and security control plane this week.

Merritt identifies two ways generative AI is shifting multi-cloud security: first, data gravity and the costs of generative AI mean cloud computing is becoming increasingly distributed, often including hybrid and edge environments, which he says calls for a new approach to centralized network management. Secondly, Merritt said he's a believer that generative AI will help network and SecOps pros keep pace with these changes – and in the coming weeks, Aviatrix will roll out the first of its own GenAI-powered features for security incident management and event reduction.

Robert Slaughter is CEO of Defense Unicorns, a defense tech startup specializing in Airgap software delivery in highly secure and sensitive environments in the military and federal government. Previously, he was director of the U.S. Department of Defense's Platform One DevSecOps project and co-founder at Space CAMP, a predecessor of Platform One for the US Space Force. Prior to starting Defense Unicorns, he served 12 years in the US Air Force.

If companies think threats to the security of critical national infrastructure don't involve them, Slaughter says, they should think again. And he suggests they might adopt some of the techniques familiar to military and government cyberdefense pros, from proactive threat hunting to air gaps.