Sharon Isaaci and David Warshavski spent careers on the offensive side of cybersecurity — breaking into organizations, finding zero-days, and cleaning up after the breaches that followed at Sygnia, Israel's premier incident response firm. After hundreds of engagements, they kept finding the same thing on both sides of the wire: breaches happen not because vulnerabilities go undetected, but because they go unmanaged.

Vulnerability management has been stuck for 30 years. More tools, more alerts, more dashboards — and vulnerability exploitation as a breach cause nearly tripled in 2024 alone. When ChatGPT arrived in late 2022, Sharon and David saw the missing piece: the organizational context that could fix the problem had always existed, scattered across Slack, email, wikis, and internal tools. GenAI finally made it possible to pull that together at scale.

In this conversation, we get into how two practitioners who've spent careers attacking organizations are now applying that attacker's lens — automated with AI — to break open a field that's resisted change for decades. We cover why visibility was never the real problem, what context-driven prioritization actually looks like, and what it takes to mobilize the people who do the patching.

This one is for practitioners who've lived the frustration. And for anyone watching AI get applied to a real, stubborn problem — not as a marketing claim, but as the thing that finally moves the needle.

Follow us for more conversations with practitioners who've been in the trenches.

00:00 Intro & Guest Introductions

05:35 Vulnerability Management: Still a Problem

09:45 AI as a Security Solution, Not a Problem

15:47 Visibility is Easy; Context is Hard

29:46 Leveraging the Hacker Mindset

35:29 We Need Less Findings, Not More

42:39 We're in Exciting Times

Website: https://securitycocktailhour.com

Newsletter: https://securitycocktailhour.com/newsletter

LinkedIn: https://www.linkedin.com/company/security-cocktail-hour

Twitter/X: @SecCocktailHour

Enjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

What happens when your security perimeter extends to Mars—and MFA isn't an option?

In this episode of the Security Cocktail Hour, we sit down with Renee Wynn, former CIO of NASA, to explore what cybersecurity looks like when traditional frameworks simply don't apply.

Renee Wynn managed IT for some of humanity's most critical infrastructure: Mars rovers, the James Webb Space Telescope, the International Space Station. We cover the unique challenges of cybersecurity in the aerospace, defense and space fields—and what those constraints teach us about security thinking more broadly.

Early in the discussion, Renee emphasizes: "We always have to make sure we don't have a failure of imagination when we're looking at these risk-based decisions." This is the kind of mindset shift that shapes great security leaders. We also explore how she navigated government oversight, built trust with federal auditors, and led through constraints that forced her to rethink everything.

Whether you work in government, private sector, or dream of expanding your security career into new industries—this conversation will broaden how you think about what's possible.

00:00 Introduction & The Coolest Resume in Cybersecurity

00:51 No Multi-Factor Authentication on Mars: Securing Assets Beyond Earth

02:54 Navigating Oversight: How to Build Trust With Government Auditors

15:00 Failure of Imagination: Rethinking Risk Assessment in Extreme Environments

35:00 Leadership Lessons: Thinking Bigger in Security

Website: https://securitycocktailhour.com

Newsletter: https://securitycocktailhour.com/newsletter

LinkedIn: https://www.linkedin.com/company/security-cocktail-hour

Twitter/X: @SecCocktailHour

Enjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

In part 2 of our discussion, John Strand tells us how the cybersecurity industry has turned stagnant, with a lack of innovation and an investment model that isn't going to turn that around any time soon. We explore why venture capital funding hasn't led to the breakthrough products the industry needs, and what's holding back real innovation. John also highlights the leaders in the security industry who are actively giving back to the community, and he and Adam try to one-up each other over who's stayed in the most disgusting hotel room.

00:00 Intro

00:12 Security is Ripe for Disruption

06:19 Better Investors = Better Security Products

10:22 Security is Awesome

12:43 Scaling Conference Talks

15:54 John's Advice on Guests

17:30 A Great Set of People

23:18 Bad Hotels, Good People

29:10 Wrapup

29:54 Outro

This is Part 2 of our conversation with John Strand.

Website: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHour

Enjoyed this episode? Subscribe and share with colleagues who'll enjoy honest discussions among security professionals.