What happens when a cybersecurity CEO spends 10 hours vibe coding a fully functional SaaS app…using company IP?

He crashes a meeting to find out.

In this special edition of Simplifying Cyber, Reveal Risk CEO Aaron Pritz gatecrashes a scheduled session with Chris Adickes, Todd Wilkinson, and Michael Milroy to demo a third-party risk management platform he built using AI tools like Claude Code.

The twist? He did it the same way many executives and employees are doing it right now — fast, iterative, and dangerously close to sensitive data.

The team dives into the real question companies are facing:

How do you enable innovation without undermining your cybersecurity posture?

They unpack:

• Why blocking AI tools outright doesn’t work (remember Dropbox?)
• The identity and credential risks most teams aren’t thinking about
• What “reasonable controls” actually look like in the age of vibe coding
• Why security teams need to support experimentation — not just police it
• And how life (and AI) will “find a way” whether you’re ready or not

If your CEO is experimenting with AI… or your finance team just connected a database to a chatbot… this episode is your playbook for getting ahead of the freight train.

Innovation is fun. FOMO is real. Risk is optional — if you’re intentional.

Listen in and learn how to keep vibe coding from becoming breach coding.

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.

This week on Simplifying Cyber, Aaron Pritz and Cody Rivers sit down with Nick Sturgeon — CISO at Community Health Network, Speedway Town Councilor, and current Ph.D. candidate at Purdue University — for a conversation about the challenges of securing systems that no longer stay within four walls. When healthcare happens almost everywhere, how do you keep patients, caregivers, and data secure?

Nick shares how his IT background landed him a role in law enforcement, he walks through some of the unique challenges cybersecurity practitioners face in healthcare today, then touches on what politics taught him about understanding people's motivations in the workplace.

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.

This week on Simplifying Cyber, Aaron Pritz and Cody Rivers sit down with Jax Scott — combat veteran, podcast host (Two Cyber Chicks), and VP of Cybersecurity at Pearson — for a conversation that’s equal parts leadership, risk reality, and “why is everyone still confused about BISOs?”

Jax shares her unconventional path into cybersecurity (perfume sales → special operations → NATO cyber strategy → Mandiant → Capital One → consulting → Pearson), then breaks down what BISOs/CISOs do when done right:

• The “single point of contact” that connects business teams to security outcomes
• Why risk management is the glue
• Why the best security leaders aren’t always the most technical (and how technical instincts can backfire)

Then we go headfirst into the AI debate:

• Where automation helps most in compliance (evidence collection, mapping, reducing manual slog)
• Where humans stay essential (judgment calls, accountability, trust-building)
• The uncomfortable truth: if we outsource all thinking to AI, we may literally get worse at thinking

We wrap with practical guidance on:

• Handling volatile regulatory changes (like DR/IR requirements) with flexible plans + frequent testing
• The reality of CMMC: why it’s not “new,” why enforcement matters, and why last-minute scrambles burn everyone out
• How to lead teams through chaos with transparency, empathy, and real talk

And finally: Jax drops a fun fact that honestly explains a lot about her calm energy.

Listen now wherever you get your podcasts.

Key topics covered

• What a BISO/VISO is (and how to explain it to non-security leaders)
• Critical thinking + EQ as security superpowers
• AI in compliance/GRC: automate the boring, keep the human judgment
• IR/DR planning for shifting rules and requirements
• CMMC realities for the defense industrial base
• Leadership during change fatigue

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.