Our Developers’ New Motto is “LLM Take the Wheel”
Oh no, we’re going to leak company data! That was the first concern when AI tools were first introduced. But now developers and those who are not developers are leaning on AI to write code. We’ve just leveled up. We have a new risk: more insecure code getting to production. How do we start quantifying this new productivity and risk impact?
This week’s episode is hosted by David Spark , producer of CISO Series and Andy Ellis , partner, YL Ventures . Joining them is Deneen DeFiore , vp and CISO, United Airlines .
Minding the gap
Less than two percent of organizations have implemented cyber resilience across the business, noted PwC’s 2025 Global Digital Trust Insights Report. The report highlights significant gaps in cybersecurity leadership alignment and operational integration. Less than half of CISOs are involved in strategic planning, with both CISOs and CEOs showing limited focus on measuring the financial impact of cyber risks. Part of the problem comes from compliance-driven models. Effective leadership requires constant communication, aligning cybersecurity goals with business objectives, and prioritizing operational resilience over protecting data.?
Copilot overreliance?
AI tools like GitHub Copilot can enhance productivity for experienced developers but pose risks when used by less skilled individuals, potentially leading to lower-quality, risk-prone code, as Complier’s Shaun Waterman noted. The core concern lies not in AI but in its outputs' downstream risks. As AI adds abstraction layers, users may lose the ability to fully understand and reason about the underlying systems, increasing the likelihood of errors and vulnerabilities. Effective management requires treating AI outputs with the same rigor as traditional code, emphasizing testing, governance, and systemic risk management to mitigate potential issues stemming from reliance on AI-generated code.
Opening up the field
Cybersecurity faces challenges with misaligned expectations fueled by aggressive marketing and misconceptions about entry-level opportunities. This leads many people to exit the industry, seeing a requirement for overriding passion to succeed, as highlighted in a recent cybersecurity subreddit threat. Many are lured into costly certification programs with promises of lucrative careers, only to find a highly competitive job market and limited practical skills. While certifications provide foundational knowledge, they often lack the depth and contextual understanding required for real-world roles. Companies address this by creating programs that train employees from other roles, emphasizing hands-on experience and business knowledge. Leaders must shift the narrative, focusing on potential and providing structured pathways into cybersecurity. Actual readiness requires contextual learning and integrating practical skills with a clear understanding of business impact.
Navigating the SMB cyber insurance conundrum
Cyber insurance is becoming increasingly complex and costly, making it less feasible for small and medium-sized businesses (SMBs). Policies are evolving rapidly, with large companies often facing intensive review processes. At the same time, SMBs lack the resources to navigate these demands or meet the stringent security controls required for coverage, as Zia Muhammad and Jeremy Straub outlined in a Dark Reading piece. Even when SMBs obtain insurance, they often fail to address the full scope of risks, such as litigation, regulatory compliance, and long-term fallout from incidents. The broader challenge lies in the dynamic nature of cyber threats, which outpaces the actuarial models used to price insurance, creating unpredictability in premiums. SMBs should focus on building essential security baselines and operational resilience rather than relying on insurance as a viable safety net.?
Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.
Thanks to Jay Dance of StubHub for contributing this week’s “What’s Worse?!” scenario. Thanks to Vanta !
Thanks to our podcast sponsor, Vanta
Subscribe to CISO Series Podcast
Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.
What I love about cybersecurity…
"Well, I love cybersecurity because there isn't a blueprint to follow. Every day you're waking up and seeing the dynamic threat landscape, responding to new technologies, and it's really, really energizing for me to be able to do that. The level of innovation and creativity really kind of gets me going." - Deneen DeFiore , Vice President & Chief Information Security Officer, United Airlines .
Listen to the full episode of "Our Developers’ New Motto is ‘LLM Take the Wheel’."
The Hardest Problems in Security Aren't "Security Problems"
"It's just the entire history itself, security being seen as something which is bolted on, rather than an embedded key function within the organization. That itself creates a lot of silos, but also a lot of unrealistic expectations or not knowing who's responsible for what." - Sneha Parmar , information security officer, Lufthansa Group Digital Hangar .
Listen to the full episode of "The Hardest Problems in Security Aren't ‘Security Problems’."
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter?- Twice every week
领英推荐
Cyber Security Headlines Newsletter?- Every weekday
Cyber Security Headlines - Week in Review
Make sure you?register on YouTube?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Caitlin Sarian , owner and CEO, Cybersecurity Girl LLC . Thanks to ThreatLocker !
Thanks to our Cyber Security Headlines?sponsor, ThreatLocker
Are Your Security Tools Doing Their Job?
Are you confident that your security tools are truly reducing risk for your organization? And is that risk reduction worth the cost of the tools?
I spoke with Emanuel Salmona , co-founder and CEO, Nagomi Security , about the complexities of measuring security effectiveness with industry insights. We get into the historical metrics used, the shift towards risk reduction, and the challenges of correlating multiple security tools. Compliance does not equate to security; instead, you need to ask the right questions, which can lead to better protection.
Join us for our next Super Cyber Friday on February 7, 2025, for "Hacking Security Effectiveness: An hour of critical thinking about how to holistically make sure your tools are working for you" at 1pm ET/10am PT for Super Cyber Friday. Joining me and Emanuel for this conversation will be Bethany De Lude , CISO emeritus.
Thanks to our Super Cyber Friday sponsor, Nagomi Security
CISO Series Podcast LIVE in Orlando, FL (02-21-25)
The CISO Series Podcast is being a snowbird and heading to Orlando for another live recording!
We’re recording a podcast episode at Zero Trust World 2025. Joining me on stage for the recording will be my co-host Trina Ford , CISO, iHeartMedia , and our sponsored guest Rob Allen , chief product officer, ThreatLocker . Here’s everything you need to know:
WHERE: Caribe Royal, 8101 World Center Drive, Orlando, FL 32821 (MAP)
WHEN: February 21, 2025 at 9:00 am. The event runs from February 19 through 21. Thanks to ThreatLocker!
Thanks to our sponsor, ThreatLocker
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com.
Interested in sponsorship,?contact us.