Shawn Anderson's Cyber Blog

Cloud, Assurance, Forensics, Engineering

Identity, guardrails, architecture, data protection are all key moving forward with AI

AI Has a Darkside – Why Claude Mythos is the CISO’s Newest Nightmare

April 14, 2026 / / 0 Comments

If you need a sign that the cybersecurity landscape has undergone a permanent phase shift, the last few weeks provided it in spades.

Between the strategic outlook from the numerous “cyber industry days” I attended while at RSAC2026 and other intense sessions, plus Anthropic’s startling decision to gate Claude Mythos behind a restricted “Project Glasswing” initiative, the message to cybersecurity professionals is clear: The traditional playbook isn’t just aging; it’s obsolete.

1. The Mythos Moment: When AI Goes “Rogue”

We often talk about AI in its infancy, but Claude Mythos just hit a terrifying “puberty.” Anthropic withheld the model because it demonstrated a “step-change” in autonomous offensive capabilities, finding and weaponizing zero-day vulnerabilities in every major operating system and browser. In one case, it discovered a 27-year-old vulnerability in OpenBSD that millions of man-hours and automated tests had missed.

Thousands of high-severity findings in just weeks of testing (via an agentic scaffold with minimal human steering). Human experts reviewed 198 reports and agreed with Mythos’s severity assessment in ~89–90% of cases; the “thousands” figure extrapolates from that. Because Mythos Preview autonomously discovered thousands of high-severity zero-days, they created Glasswing. The project gives vetted defenders early, controlled access to hunt and fix vulnerabilities in foundational systems before similar AI capabilities spread more widely.

The real “darkside” isn’t just the model itself; it’s the Loss of Control (LOC). Even though Mythos wasn’t fully released, its capabilities are now the benchmark. What happens when an unmonitored, open-source model like DeepSeek or a rogue nation-state variant achieves this same “out of the box” exploitation power? The “patch window” doesn’t just shrink; it collapses to near zero. For CISOs, Continuous Threat Exposure Management (CTEM) is no longer a luxury; it is a baseline survival requirement.

2. Identity: The Only Perimeter Left

A recurring theme at RSAC this year was the final death of the network-centric perimeter. In an era of agentic, autonomous tools and hybrid infrastructure, Identity is the control plane. When I was at Microsoft, we would tell everyone that would listen, “Identity is the new perimeter” and “Turn on MFA.” It baffled me how many “C-Suites” responded with “That’s on our roadmap for next year.” In this case, next year is too late.

We have to treat every identity, human or machine, as a potential entry point for a sophisticated, AI-driven exploit. This means moving beyond simple MFA to Identity Threat Detection and Response (ITDR). If we can’t verify the intent behind an identity’s behavior in real-time, we’ve already lost the keys to the kingdom.

3. Networking and Deep Telemetry

As highlighted during on Cyber Industry Day I attended, the market is rewarding platforms that provide deep, granular visibility. Endpoint detection (EDR) is no longer enough when sophisticated actors can use AI to bypass sandboxes and target protocol-level anomalies.

We are seeing a massive reinvestment in Network Detection and Response (NDR) and full packet inspection. Why? Because while an actor might spoof an identity or hide on an endpoint, their behavior on the wire, lateral movement, C2 callbacks, and east-west traffic, is much harder for an AI to mask.

4. Architecture with Guardrails: Security by Design

For years, “security by design” was a buzzword. Now, it’s a survival mechanism. The increasing importance of architecture isn’t about drawing better diagrams; it’s about architecting with guardrails that are programmatic and immutable from the beginning. During my time working at 2 major hyperscalers, Amazon and Microsoft, I would spend a lot of time explaining to customers the importance of design and architecture. Like cloud solutions, AI is coming so quickly, users are just jumping in with both feet, not even thinking about the sharks in the water. You don’t just start nailing 2x4s together to build a house. You start with a plan and a blueprint. This is no different and even more critical because everything is interconnected. There is no “standalone” anything.

We need to design systems where:

  • Data Protection – baked into the storage layer.
  • Guardrails – prevent agents, both internal and external, from drifting outside of defined policy.
  • Resilience – measuring by how quickly we can “re-pave” an environment after an inevitable breach.

The Bottom Line

As Paul “Bear” Bryant famously said, “Defense wins championships.” In our world, a flashy offensive response might look good on a slide deck, but one wrong move in the heat of a major incident can have catastrophic impacts on both company stability and country relationships.

The era of “set it and forget it” security is over. We are now in a race of intelligence, machine vs. machine, where the winner won’t be the one with the biggest firewall but the one with the most resilient architecture and the best visibility into their data.

Investor’s Corner: The PE and VC Outlook

The technical phase shift we are witnessing is creating a massive ripple effect in the capital markets. As was discussed during the Piper Industry Day and at the Nightdragon Cyber Day, the investment thesis for 2026 has moved past general excitement into a much more disciplined, infrastructure-heavy focus.

For private equity and venture capital, the current landscape is defined by three key drivers:

  • The Rise of “Acceleration Scarcity”: Investors are no longer chasing every startup. Instead, capital is concentrating into a small group of “true winners” that have successfully integrated automated defense into their core operations. We are seeing a “K-shaped” recovery in valuations where platforms that offer deep telemetry and automated guardrails are commanding massive premiums. Gross Revenue Retention (GRR) is now key along with customer retention and how quickly you can build out/adjust your roadmap to remain relevant and continue growth.
  • Identity as the New M&A Battleground: If identity is the control plane, then ITDR is the most valuable real estate in the portfolio. We are seeing a surge in strategic acquisitions as larger incumbents look to swallow up innovative identity-first startups.
  • Platform Consolidation vs. Point Solutions: In an unstable market, CISOs are looking to reduce complexity. From an M&A perspective, this favors platforms that can offer a unified architectural approach. We expect to see continued consolidation in the CNAPP and NDR spaces.

The take-away for the street: 2026 is the year of operational continuity. Investors aren’t just looking for “coverage”—they are looking for companies that help an organization function normally within a climate of permanent instability.

Let’s Discuss

Is “Security by Design” still a pipe dream, or are we finally ready to architect with the assumption that the AI has already found the door?

Stay caffeinated, stay secure.

Please reach out to me or Boston Meridian Partners via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the Author:

I am Shawn Anderson, CTO and 2x former CISO, currently leading technical strategy at Boston Meridian. We are a boutique investment bank specializing in M&A and capital raises ($20m+) for the Cyber and Infrastructure sectors. Let’s connect on LinkedIn to discuss where the market is moving next.

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit
RSAC 2026 Innovation Sandbox AI created Image.
You don't have to win to win big!

RSAC is here….The $32B Signal: What the Google-Wiz Deal and the RSAC Sandbox Tell Us About Cyber’s Next Chapter

March 18, 2026 / / 0 Comments

Last week the cybersecurity world shifted as Google’s $32 billion acquisition of Wiz officially closed. This marked the largest pure-play cyber deal in history. For those of us who have spent decades in the trenches, including my two tours as a CISO, this isn’t just a headline; it’s a validation of a massive structural shift in how we secure the modern enterprise.

Interestingly, Wiz was an RSAC Innovation Sandbox finalist in 2021. While they didn’t win the “Most Innovative” trophy that year, they won the market. As we look toward the 2026 RSAC Innovation Sandbox next week, we aren’t just looking for “cool tech.” We are looking for the architectural blueprints of the next multi-billion-dollar exits.

The C-Suite & Founder Brief: 3 Themes Driving Value

After reviewing the 2026 Sandbox finalists and the broader market, three clear mandates have emerged for C-level executives and founders building for an exit:

1. The Governance of “Agentic” Autonomy

We have moved past simple LLM integration. The new frontier is Agentic AI: autonomous entities with their own identities, permissions, and the ability to execute code. Finalists like Token Security and Geordie AI are tackling the “identity crisis” of 2026 by governing non-human agents that can think and act. For the C-suite, this is a critical risk management hurdle; for founders, it’s the most lucrative “gap-fill” in the current identity stack.

2. From Education to Active Intervention

Social engineering remains the primary breach vector, but the “quarterly training” model has failed. We are seeing a shift toward Human Threat Detection and Response (HTDR). Companies like Humanix and Charm Security are using conversational AI to intervene during an attack. This transforms the “human layer” from a liability into a defensible endpoint.

3. The Death of the “Noise Machine” (Platformization)

Legacy SAST and SCA tools are being disrupted by AI-native engines. ZeroPath and Clearly AI are moving toward deep code understanding that identifies business logic flaws rather than just syntax errors.

Founders who can prove they are “replacing” 3–4 legacy tools with one AI-native platform are commanding the highest premiums. I hear from colleagues all the time: “We have too many tools and not enough people to work them.” The market is finally listening.

Investor’s Corner: The PE and VC Outlook

At Boston Meridian, we’re seeing a “K-shaped” recovery in cyber investment. While mid-market volumes remain selective, the appetite for “category-defining” platforms is at an all-time high.

The Upward Arm (The “Elite” Performers)

  • AI-Native Platforms: Companies like Wiz or the Innovation Sandbox finalists (e.g., Token Security, and ZeroPath) that solve “new world” problems like Agentic AI and Cloud Governance.
  • The Premium: These companies are seeing record-breaking valuations and oversubscribed funding rounds.
  • The Drivers: Strategic buyers (Google, Microsoft, and Palo Alto Networks) are willing to pay a massive “scarcity premium” for technologies that define a new category.

The Downward Arm (The “Legacy” or “Feature” Gap)

  • Point Solutions: Startups that offer a “feature” rather than a “platform” (e.g., just another basic phishing simulator or a legacy SAST scanner).
  • The Struggle: These companies are facing valuation resets and difficult “down-rounds.”
  • The Drivers: CISOs are consolidating “vendor sprawl.” If a tool doesn’t provide massive ROI or integrate into a larger ecosystem, it’s being cut from the budget.

Strategic Outlook

  • VC Perspective: The “SAFE” notes being issued to this year’s Sandbox finalists signal a return to aggressive early-stage backing. The focus has shifted from “AI-enabled” features to “AI-first” architectures. We expect agentic security rounds to be significantly oversubscribed heading into Q3.
  • PE & Strategic M&A: The Wiz deal proves the “Big 3” cloud providers and late-stage PE firms will pay for multicloud ubiquity. Buyers want “anchor” technologies that secure AWS, Azure, and OCI simultaneously.
  • The Valuation Gap: There is a growing premium for companies solving Identity and Data Posture Management (IDPM). As AI agents become the primary users of data, any company providing a “unified brain” for governance, seeing inside the AI’s thoughts during inference (as Realm Labs does), is a prime M&A target.

Connect with Us at RSAC 2026

The Google-Wiz closing has set a new high-water mark for the industry. If you are a founder navigating a capital raise or a C-suite executive looking to optimize your security spend against these new threats, let’s talk.

The Boston Meridian team will be on the ground in San Francisco all week. We have scaled our presence to three dedicated suites to accommodate the surge in deal-flow discussions.

The 2026 “Emerging Stars” Lookbook: Beyond the finalists, we are taking meetings for a curated lookbook of high-potential companies we’ve been tracking, innovators in identity, DSPM, and AI governance that haven’t hit the headlines yet.

Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the Author:

I am Shawn Anderson, CTO and 2x former CISO, currently leading technical strategy at Boston Meridian. We are a boutique investment bank specializing in M&A and capital raises ($20m+) for the Cyber and Infrastructure sectors. Let’s connect on LinkedIn to discuss where the market is moving next.

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit
The more access to the data, the stickier a solution becomes.

Guardian Agents: The New Sovereignty in the “Agentic” Frontier

March 12, 2026 / / 0 Comments

We have officially moved past the “chatbot” phase of artificial intelligence. In 2024, we experimented with LLMs as research assistants. In 2025, we piloted them as copilots. But as we move through 2026, we are entering the era of the Autonomous Agent. For those of us who have spent decades in the trenches of cybersecurity and investigations, this shift represents a fundamental change in the attack surface.

In my experience as a CTO and a two-time CISO, I’ve learned that security usually fails at the seams, the places where data moves from one trust zone to another. Agentic AI doesn’t just suggest text; it executes API calls, modifies code, and moves data independently. This means the failure modes have shifted from “hallucinations” to “unauthorized autonomous actions.”

The Evolution of the “Guardian Agent”

As we move into 2026, I’m seeing the market coalesce around a concept Gartner recently formalized as Guardian Agents. From my perspective as a practitioner, this isn’t just another layer of software; it represents a fundamental breakthrough in how we provide adaptable, intelligent oversight for autonomous systems.

As defined in their recent February 2026 Market Guide, these agents are specialized AI systems designed specifically to monitor, oversee, and even rewrite the actions of other AI models. They aren’t just “detecting” problems; they are active participants in the workflow that ensure every output or action stays within the guardrails of the enterprise.

For a CISO, this is the “digital chain of custody.” It allows us to:

  • Scan and Score: Evaluating AI-generated content against brand voice and terminology in real-time.
  • Enforce Compliance: Automatically rewriting or blocking content that violates industry or regulatory standards.
  • Scale with Confidence: Moving AI out of the sandbox because we finally have a “Semantic Supervisor” that can catch a hallucination or an unauthorized API call before it causes damage.

The New AI Security Lexicon

To govern what you can’t see, you have to speak the language. The AI attack surface is now defined by concepts that didn’t exist in the C-suite playbook even three years ago.

  • Prompt Injection: Tricking a model into ignoring instructions. While direct injection is common, Indirect Injection is the silent killer. It occurs when an attacker hides instructions in a document or website that an agent “reads,” triggering an unauthorized action without the user’s knowledge.
  • Data Poisoning: The subtle manipulation of training data to create a “backdoor” in a model’s logic. This is a foundational compromise that standard security scans completely miss.
  • Model Inversion: An adversarial attack where someone queries an API repeatedly to reconstruct the sensitive data, like PII or trade secrets, used to train the model in the first place.
  • Shadow Automation: Much like the “Shadow IT” of a decade ago, this is the unauthorized wiring of AI agents into internal databases by employees looking for productivity shortcuts.

It’s All About the Data: The Reality of Workflow Gravity

The market is moving toward these technologies at a blistering pace because of a principle called “Workflow Gravity.

Workflow Gravity is the principle that once an AI agent is embedded into a critical business process (e.g., automated underwriting, legal review, or SOC triage), the “stickiness” of that platform becomes absolute.

In the SaaS era, we talked about data gravity with the idea that applications moved to where the data lived. In the agentic era, workflow gravity has taken over.

  • Defining the Pull: Workflow Gravity is the principle that once an AI agent is embedded into a critical business process like automated underwriting or SOC triage, the “stickiness” of that platform becomes absolute.
  • The M&A Catalyst: Security cannot be an afterthought in these scenarios; it must be native to the workflow. This is why consolidation is happening so fast. Major platforms are no longer just buying security tools; they are buying the data lineage and governance tools that allow them to “own” the customer’s most sensitive automated workflows.

Investors’ Corner: The VC and PE Alpha

For the investment community, the “Agentic” shift represents the most significant capital reallocation in a decade. We are moving away from “Point Solutions” and toward “Sovereign Infrastructure.”

The Valuation Gap: Pure-play code scanning is being commoditized. The premium is shifting to companies that provide Non-Human Identity Governance and Autonomous Policy Enforcement. If a startup can’t explain how they solve the “Semantic Intent” problem, their long-term defensibility is at risk.

The M&A Multiplier: We are seeing a “flight to platforms.” Private equity firms are increasingly looking for companies that don’t just secure the data but secure the action. The alpha is found in “Connective Tissue”, vendors that can provide a guardian layer across a multi-cloud, multi-agent environment.

Exit Strategy and Consolidation: As workflow gravity takes hold, the “Big Three” security platforms and global integrators are aggressively acquiring AI-TRiSM (Trust, Risk, and Security Management) startups. They aren’t just buying tech; they are buying the “Safety Switch” that allows their enterprise clients to move to production.

The Path Forward

The Guardian Agent is the first security tool in our history that understands intent. For leadership, this is the key to finally moving AI projects out of isolated sandboxes and into full production. Whether you are looking at Identity, Cloud Security, or Data Security, the message for 2026 is clear: you must secure the intent, or you will lose the workflow.

Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the Author:

I am Shawn Anderson, CTO and 2x former CISO, currently leading technical strategy at Boston Meridian. We are a boutique investment bank specializing in M&A and capital raises ($20m+) for the Cyber and Infrastructure sectors. Let’s connect on LinkedIn to discuss where the market is moving next.

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit

The “Claude Code” Correction: Why the SOC Isn’t Going Extinct

March 10, 2026 / / 0 Comments

In February 2026, the markets reacted to Anthropic’s Claude Code Security as if it were a “black swan” event for cybersecurity. Stocks for the “Big Three,” CrowdStrike, Palo Alto, and Zscaler, took a significant hit. But as a former CISO, I can tell you: code remediation is only half the battle.

The Practitioner’s View: Vulnerability vs. Velocity

The market panic ignored a fundamental technical truth: Claude Code is a “pre-commit” evolution. It helps developers find and fix bugs faster than ever, effectively commoditizing portions of the Application Security and OSS Risk categories we track at Boston Meridian. However, as Gartner recently noted, these tools do not replace the operational infrastructure required to protect a live enterprise.

A tool that patches code cannot:

  • Manage Identity (H + NH) or prevent a session hijack in real-time.
  • Oversee Network Security or enforce ZTNA across hybrid clouds.
  • Provide the Cyber Asset Intelligence needed to understand your true “blast radius” during a breach.

For those of us managing complex enterprise stacks, the panic was a classic market overreaction. As mentioned, Claude Code is a formidable pre-commit tool that excels at identifying vulnerabilities within a codebase and suggesting immediate patches. It is a massive win for developer velocity, but it is not a replacement for an enterprise security platform.

The gap lies in runtime and infrastructure. While AI can harden an application during development, it cannot:

  • Replace Endpoint Detection and Response (EDR) or manage active threats in a live environment.
  • Orchestrate Zero Trust Network Access (ZTNA) across a global, hybrid workforce.
  • Provide the comprehensive governance and compliance monitoring required by highly regulated industries.

As the Omdia 500 landscape illustrates, the ecosystem of partners—from global integrators like Deloitte and Accenture to infrastructure giants like IBM and NTT Data, exists because security is an operational discipline, not just a coding one.

(8) Post | LinkedIn

Where it Fits: The Boston Meridian Market Map

At Boston Meridian, we track the market across 9 critical domains. The “Claude” effect primarily touches Application Security. For CISOs and CIOs, the value here is in Security Enablement—using AI to reduce the “mean time to remediate.” But for the other 9 categories, from IoT/OT Security to Data Security, the need for robust, platform-centric defense has never been higher.

www.bostonmeridian.com – Mar 2026 – Market Map

Investor’s Corner: The PE & VC Outlook

  • The “Pure-Play” Squeeze: We are advising caution on standalone SAST/DAST vendors. As AI-native remediation becomes a feature of the IDE, these “point solutions” are prime targets for M&A or consolidation.
  • The Platform Resilience: The Omdia 500 confirms that the industry is built on service-heavy integrators and broad platforms. We see a massive opportunity for firms that can integrate AI-remediated telemetry into Managed Services (MSSP/MDR).
  • The Valuation Play: For startups looking to raise capital, we are looking for companies that don’t just “find” bugs but those that provide the Continuous Assurance and Evidence Automation that boards now demand.

Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the Author:

I am Shawn Anderson, CTO and 2x former CISO, currently leading technical strategy at Boston Meridian. We are a boutique investment bank specializing in M&A and capital raises ($20m+) for the Cyber and Infrastructure sectors. Let’s connect on LinkedIn to discuss where the market is moving next.

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit

AI is here to stay! One person’s perspective on attending Datatribe – Cyber Innovation Day 2025

November 14, 2025 / / 0 Comments

AI Security Takes Center Stage: Key Insights from DataTribe’s Cyber Innovation Day 2025 by Shawn Anderson, CTO and 2x CISO, Boston Meridian Partners

November 4th’s industry gathering revealed how artificial intelligence is fundamentally reshaping cybersecurity – from autonomous red teams to agentic AI governance

I was already a fan of DataTribe, but their daylong event at The Capital Turnaround—a historic Navy Yard car barn turned vibrant event venue—solidified my admiration. With engaging speakers, impressive startups, dynamic attendees, and great food, the event was a standout. Located in a revitalized area near the Washington Navy Yard, this venue is a must-see for your next event.

DataTribe’s Cyber Innovation Day 2025 brought together cybersecurity’s brightest minds to tackle the most pressing question facing our industry: How do we secure systems that are increasingly powered by artificial intelligence? From startup pitches to expert panels, the day revealed both unprecedented opportunities and sobering challenges ahead.

The AI Revolution in Security: Faster, Smarter, More Dangerous

The opening presentations from DataTribe’s portfolio finalists painted a picture of AI’s transformative impact. Anit Saeb, founder of Cytadel and former head of penetration testing at the Bank of England, demonstrated how AI-driven autonomous red teaming can achieve “full compromise in under 8 minutes—550x faster than ransomware groups.” According to Cytadel’s internal testing, his company’s AI agents have already bypassed the top three EDR vendors, proving that traditional defenses are struggling to keep pace.

Meanwhile, Tim Schultz from Starseer (formerly Verizon’s AI Red Team lead) highlighted a critical gap: “Current AI security tools only monitor user-LLM interactions, while agents act across databases and applications and communicate with other agents.” As organizations deploy AI agents that can independently access systems and make decisions, we’re entering uncharted territory for security governance.

The scale of this challenge became clear through Evercoast’s presentation on physical AI training. Their platform addresses a fundamental problem: “Physical AI has only thousands of hours of training data vs trillions for LLMs.” As AI systems move from chatbots to controlling physical infrastructure—from F-16 repairs to autonomous vehicles—the security implications multiply exponentially.

Industry Veterans Sound the Alarm

Jason Clinton, Deputy CISO at Anthropic, provided a sobering insider perspective on AI’s current trajectory. “AI compute [is] increasing 4x year-over-year since 1957,” he noted, with Anthropic now writing “~90% of code via Claude.” But this acceleration comes with risks: “Threat actor capability compression [is] occurring—Tier 1 and Tier 2 actors are converging as script kiddies can now ask models to write ransomware and C2 infrastructure.”

The shift in workflow is fundamental. As Clinton described it, we’re moving to “ask AI to do work, return to check results”—a complete reversal of traditional development processes. This creates new categories of vulnerabilities that traditional security tools weren’t designed to handle.

Dmitri Alperovitch, co-founder of CrowdStrike, brought historical perspective to these challenges. Reflecting on CrowdStrike’s founding after the 2010 Operation Aurora attacks, he emphasized that “if you can stop sophisticated actors, everything else becomes easy.” His advice for today’s founders was characteristically direct: “Don’t fear big company competition – fear unknown hungry startups.”

The Investment Landscape: Opportunity Amid Uncertainty

The investment panel featuring Rob Ackerman, Andrew McClure, and Phil Venables revealed a market in transition. “2025 cybersecurity financing: ~1,000 events, $15B volume with 50% being AI/AI-first companies,” they reported, but warned that “Series A to B graduation [is] declining (400 A rounds vs 40 B rounds = 10:1 ratio).”

The key insight? We’re moving from “orchestration” to what they termed “choreography” – AI agents organizing themselves in ways that traditional human-managed systems never could. This shift requires entirely new approaches to security architecture and governance.

Security Leaders Grapple with the “Lethal Trifecta”

Security practitioners Maurice Boissiere, Randy Sabett, and Pat Moynahan introduced a crucial framework for AI security risk assessment. They identified the “Lethal Trifecta for AI Agents: external data sources, external communications, and private data via unprompted input.” This framework provides a practical lens for evaluating AI deployments, though they admitted the overall assessment remains “chaotic due to AI adoption pressure vs security fundamentals.”

The panel emphasized that while “C-suite [is] now paying attention,” many organizations still lack basic incident response capabilities, with insufficient logging and “no forensic capabilities to determine breach scope.”

Media and Market Reality Check

Daniel Whitenack from the Practical AI Podcast provided valuable context on AI’s evolution, identifying three distinct phases: traditional ML (still widely used for specific tasks), foundation models (requiring technical expertise), and current generative AI that’s “squeezing out the middle” by enabling “business domain experts [to] bypass data scientists.”

Maria Varmazis from T-Minus Space Daily highlighted sector-specific vulnerabilities, noting that the “$614B global space industry” remains “10-15 years behind cybersecurity best practices.” Recent incidents include University of Maryland researchers using an “$800 antenna to intercept sensitive military/police communications” and “Russia’s 2022 ViaSat attack [that] disabled Eastern European satellite communications.”

Startup Innovation: Hardware Meets AI

Beyond software solutions, Tensor Machines demonstrated how AI security extends to physical systems. With “$2M NSF funding and 5 patents filed,” they’re addressing the “$5T+ autonomous systems market” through “physics-informed neural networks for real-time physical fingerprinting.” Their live demonstration showed automatic failover when camera spoofing was detected – exactly the kind of autonomous response needed as AI systems become more prevalent in critical infrastructure.

Lessons from the Trenches: Fundraising and Building

Throughout the day, practical wisdom emerged from battle-tested entrepreneurs. Alperovitch’s fundraising philosophy resonated: “Would you rather have 50% of a pea or 10% of a watermelon? No one ever went bankrupt because of dilution.” His emphasis on execution over technology trends – “customers buy effectiveness, not technology trends” – provided grounding amid AI hype.

The bourbon tasting session offered its own metaphor for startup persistence, featuring Charleston Red Corn Bourbon made from a “colonial-era variety that nearly died out” until a “Clemson professor found 2 cobs in seed vault [and] regenerated the line.” Sometimes the most valuable innovations come from reviving what others have given up on.

Take Action: Preparing for the AI Security Future

The insights from DataTribe’s Innovation Day point to several immediate actions every cybersecurity leader should take:

Assess your AI exposure now. Use the “Lethal Trifecta” framework to evaluate every AI deployment in your organization. Catalog which systems have external data access, communication capabilities, and access to private data without human oversight.

Invest in behavioral detection over signatures. Traditional signature-based security is already failing against AI-generated threats. Companies like Tensor Machines are pioneering behavioral fingerprinting approaches that can adapt to new attack patterns in real-time.

Prepare for agent governance. Whether you’re deploying AI agents or defending against them, establish clear policies for agent identity management, permission structures, and audit trails. The companies that solve this challenge early will have significant competitive advantages.

Bridge the talent gap strategically. With AI democratizing both offensive and defensive capabilities, focus on hiring people who can architect secure AI systems rather than just operate traditional security tools. The future belongs to organizations that can “choreograph” rather than just orchestrate their security operations.

Plan for autonomous security. As Jason Clinton noted, we’re approaching a world where “AI writes code → AI finds bugs → AI tests vulnerabilities → AI fixes issues.” Start experimenting with AI-powered security automation in low-risk environments to build competency for this inevitable future.

The cybersecurity industry stands at an inflection point. Organizations that act on these insights now—while their competitors are still debating whether AI is hype or reality—will be the ones defining security standards for the next decade. The question isn’t whether AI will transform cybersecurity, but whether you’ll be leading or following that transformation.

I attended DataTribe’s Cyber Innovation Day 2025 and compiled insights from presentations, panels, and networking sessions throughout the event.

Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technological insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit

Observations so far in 2025 – Data, AI, and everything new under the sun.

October 8, 2025 / / 0 Comments

Every spring and late summer, the Boston Meridian Partners team attends two of the world’s largest cybersecurity conferences: RSA Conference in San Francisco and Blackhat in Las Vegas. These events are a whirlwind of activity—client receptions, dinners, and nearly 250 meetings with innovative tech companies and industry leaders. This year, I spent much of my time in Blackhat’s “Startup City,” a hub of emerging companies that’s far easier to navigate than the sprawling Moscone Center.

The Startup Scene: Shiny Pennies and Hidden Gems

Startups at these conferences are eager to showcase their innovations, often presenting themselves as the “next big thing.” However, many struggle to stand out in a crowded market. While their enthusiasm is infectious, differentiation is key—what I call the “shiny penny problem.” A penny, no matter how polished, is still a penny if it doesn’t offer unique value.

Meeting C-level executives at startup booths was a highlight, as this is rare for larger companies where leaders like George Kurtz or Satya Nadella are often mobbed by media. These interactions offered valuable insights into emerging technologies, particularly in artificial intelligence (AI). AI and Data: The Heart of Modern Security

AI dominated conversations this year, with startups focusing on data-driven security solutions. At Blackhat’s AI Summit, I heard repeated emphasis on the importance of data and identity in building secure environments. As I’ve said for decades, “It’s all about the data.” The rise of Large Language Models (LLMs) has amplified this, with data being consumed at unprecedented rates. However, the lack of controls—such as a Cloud Access Security Broker (CASB) for LLMs—raises concerns about rogue models masquerading as legitimate tools.

CISO Challenges: Balancing Priorities in a High-Pressure Role

Discussions with Chief Information Security Officers (CISOs) at Blackhat and RSA Conference revealed the immense pressure they face in balancing day-to-day operations with the need to adopt cutting-edge technologies. Many CISOs described their roles as a constant exercise in “blocking and tackling”—managing fundamental security tasks like patching vulnerabilities, responding to incidents, and ensuring compliance. These operational demands often leave little time to explore emerging technologies like AI-driven security tools or advanced identity management platforms.

One CISO from a manufacturing company shared a striking perspective: they prioritized keeping the production floor operational over implementing a robust data protection strategy. “If the factory stops, the business stops,” they explained, noting that downtime could cost millions. While understandable, this approach undervalues the long-term risks of data breaches, where sensitive intellectual property or customer data could be compromised. For example, a single unprotected dataset could be exfiltrated by attackers, leading to regulatory fines or reputational damage far exceeding the cost of a temporary production halt.

Identity management emerged as another significant challenge. Several CISOs reported using two to four different identity solutions, creating complexity and potential security gaps. One CISO from a financial services firm described their struggle with integrating legacy systems with modern cloud-based identity platforms, resulting in fragmented visibility into user access. They expressed frustration with “platform” solutions that promise seamlessness but often fall short, leading them to favor “best-of-breed” tools. However, this approach can increase costs and administrative overhead. A better strategy, as I’ve advocated previously, is adopting one or two well-integrated identity solutions that work seamlessly across on-premises and cloud environments, reducing complexity while maintaining robust security.

The growing prevalence of Internet of Things (IoT) and Operational Technology (OT) devices is also keeping CISOs up at night. With networks hosting tens of thousands of devices—ranging from smart sensors in offices to industrial control systems in factories—securing these endpoints is a daunting task. A CISO from a utility company highlighted the challenge of monitoring “dumb” devices with outdated firmware alongside “smart” IoT devices that are often poorly configured. They noted a recent incident where an unpatched IoT camera served as an entry point for a ransomware attack, underscoring the need for solutions that can monitor and secure both on-premises and cloud-connected devices.

Finally, many CISOs admitted to feeling overwhelmed by the rapid pace of technological change, particularly in AI. One CISO from a healthcare organization confessed they lacked the bandwidth to evaluate AI-driven security tools, relying instead on their team’s recommendations. This highlights a broader issue: CISOs are expected to be strategic visionaries while managing tactical firefights, often without sufficient resources or time to stay ahead of the curve.

Emerging Trends in Cybersecurity: Why Staying Current Matters

The cybersecurity landscape is evolving rapidly, driven by advancements in AI, the proliferation of connected devices, and increasingly sophisticated threats. Staying current with these trends is critical for CISOs and their teams to protect their organizations effectively. Falling behind can lead to blind spots, such as unaddressed vulnerabilities or missed opportunities to leverage new tools for efficiency and resilience. Based on my observations at Blackhat and RSA Conference, here are seven key technological trends shaping the industry, along with why staying informed is essential:

  1. AI Agent Governance: As organizations deploy AI agents for tasks like threat detection and customer support, the lack of oversight frameworks creates new risks. Rogue or misconfigured AI agents could expose sensitive data or disrupt operations. For example, a poorly governed AI chatbot might inadvertently leak proprietary information. CISOs must adopt “AI Agent Rewind” capabilities to audit and recover from misuse. Staying current ensures organizations implement governance early, avoiding costly mistakes as AI adoption scales.
  2. Detection-as-Code Revolution: Traditional manual security rule creation is giving way to AI-powered platforms that auto-generate detection rules from threat intelligence. Companies like SOC Prime now serve over 1 billion rules globally, enabling faster responses to emerging threats. CISOs who fail to adopt these tools risk falling behind adversaries who exploit automation. Keeping up with this trend allows organizations to scale their security operations efficiently, especially in resource-constrained environments.
  3. External Attack Surface Expansion: Threats increasingly bypass traditional perimeter defenses, requiring active validation of vulnerabilities “outside the firewall.” Tools that simulate real-world attacks are replacing passive scanning, providing more accurate risk assessments. For instance, a retailer recently discovered an exposed API through active testing, preventing a potential breach. Staying informed about this trend helps CISOs prioritize external risks, which are often overlooked in favor of internal network security.
  4. Behavioral Security Over Signatures: Signature-based detection is losing ground to behavioral fingerprinting and drift analysis, which establish custom baselines for each application to achieve near-zero false positives. A bank using behavioral security detected an insider threat by identifying unusual data access patterns, avoiding a significant breach. CISOs who embrace this trend can reduce alert fatigue and focus on real threats, but staying current is critical to selecting the right tools for their unique environments.
  5. LLM Firewall Emergence: As enterprises integrate Large Language Models (LLMs) into workflows, new tools are emerging to protect against prompt injection, data leakage, and model manipulation. For example, a healthcare provider recently faced a prompt injection attack that tricked an LLM into revealing patient data. LLM firewalls can mitigate these risks, but CISOs must stay educated on this nascent category to implement effective controls before widespread adoption.
  6. Browser-Based Threat Protection: Zero-day phishing attacks that bypass email security are a growing concern. Browser-based tools using computer vision and real-time analysis are protecting over 800,000 users by detecting malicious sites instantly. Staying current on this trend allows CISOs to bolster endpoint security, especially for remote workforces increasingly targeted by sophisticated phishing campaigns.
  7. Unified Security Platforms: Talent shortages and budget constraints are driving demand for platforms that consolidate IT, InfoSec, and cybersecurity functions. A unified platform enabled a mid-sized firm to reduce its security tools from 15 to 3, cutting costs and improving visibility. CISOs who stay informed about consolidation trends can streamline operations and address the “do more with less” mandate, but failing to keep up risks reliance on outdated, fragmented solutions.

Staying current with these trends is not just about adopting new tools but about understanding how they align with organizational priorities and constraints. For CISOs juggling operational demands, dedicating time to research, attending conferences, or collaborating with peers is essential to avoid being blindsided by new threats or missing opportunities to enhance security posture. Organizations that invest in continuous learning—through training, industry reports, or vendor partnerships—will be better equipped to navigate the complexities of modern cybersecurity.

Looking Ahead

As AI, data, and IoT/OT reshape the threat landscape, CISOs must balance innovation with foundational security practices. Staying ahead requires not only technical expertise but also strategic foresight to prioritize what matters most. I’d love to hear your thoughts—what trends are you seeing at conferences, and how are you keeping up? Share your insights below or connect with us at

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technological insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit

Cybersecurity and convergence of IT/IoT/OT environments – It is time!

April 15, 2025 / / 0 Comments

The convergence of Information Technology (IT), the Internet of Things (IoT), and Operational Technology (OT) is reshaping industries, yet OT remains deeply rooted in its on-premises heritage. Industry trends estimate that 80-90% of OT systems are still managed locally, reflecting a historical preference for air-gapped or minimally connected setups to ensure uninterrupted operations in critical infrastructure. A prime example is the Programmable Logic Controller (PLC), a rugged industrial computer that automates processes like running assembly lines in manufacturing, regulating power grids in energy, or controlling water treatment in utilities. PLCs, with lifecycles often spanning 20-30 years, are built for reliability but rarely designed for cloud connectivity, anchoring many OT environments to legacy systems.

Thes systems are often incompatible with cloud connectivity. Recent market analyses highlight a slow but growing shift toward hybrid and cloud-based solutions, with cloud adoption in OT security and management projected to rise significantly—though it still lags on-premises dominance. This hesitancy stems from concerns over latency, cybersecurity risks, and regulatory compliance, particularly in sectors where downtime or breaches could have catastrophic consequences.

For CISOs, CIOs, and CTOs, navigating this transition is a strategic imperative. In this blog, we’ll explore four key points to help technology leaders prepare for this convergence and embrace a future-ready approach. During my three plus years at Boston Meridian we have come across a lot of exciting companies working in OT and helping to bridge the gap. The main topic of discussion coming up seems to be that of “active” vs “passive” or agent vs agentless based solutions. This is a tricky world to navigate because of the legacy of OT systems and the fact many of these operational systems are shifting over to the technical and security teams for monitoring. This requires architecture discussions and how to adopt new and emerging technologies for OT.

  1. The On-Premises OT Landscape and Emerging Cloud Adoption
    With 80-90% of OT systems still on-premises, industries prioritizing control—like manufacturing with its PLCs and SCADA, or energy with its grid management—favor localized setups to mitigate risks. However, IoT integration is nudging these sectors toward hybrid models, where cloud solutions enhance monitoring and analytics while preserving on-premises stability. Understanding this shift’s pace is critical for aligning with industry-specific needs.
  2. Why Hybrid Environments Are the Sweet Spot
    A hybrid approach blends on-premises reliability with cloud flexibility, delivering tailored benefits across OT-reliant sectors. It enables real-time insights and predictive maintenance—think centralized oversight for utilities or optimized logistics in transportation—all while maintaining security. This balance is especially appealing for industries like manufacturing and energy, where legacy systems must coexist with modern demands.
  3. Strategic Choices: Cloud, On-Premises, or a Blend?
    The path forward varies by industry. Staying on-premises offers control, crucial for oil and gas pipelines or healthcare’s smart systems, but limits scalability. Full cloud adoption suits data-driven monitoring in logistics yet risks latency in time-sensitive OT processes. A hybrid model often strikes the right chord—cloud analytics for non-critical workloads paired with local control for mission-critical operations—allowing leaders to tailor strategies to their sector’s realities.
  4. Leveraging AI, ML, and Vulnerability Analysis as the Convergence Catalyst
    Artificial Intelligence (AI) and Machine Learning (ML) transform raw data from IoT, IT, and OT systems into actionable intelligence, revolutionizing both architecture design and monitoring. In architecture design, AI-driven simulations help leaders model resilient hybrid environments, optimizing data flows between on-premises OT and cloud-based IT systems.

For example, in manufacturing, AI can predict how IoT sensors integrate with legacy PLCs, ensuring low-latency performance. ML algorithms refine these designs by learning from operational patterns, enabling adaptive architectures that scale securely—critical for energy grids or transportation networks. For monitoring, AI-powered anomaly detection identifies deviations in real-time, such as unusual equipment behavior in utilities or traffic anomalies in logistics, flagging potential failures before they escalate.

ML enhances this by continuously improving detection accuracy, learning from historical OT data to reduce false positives. Vulnerability analysis, a key AI/ML application, strengthens cybersecurity across converged environments. By scanning IoT devices, IT networks, and OT systems, AI identifies weaknesses—like outdated firmware in healthcare devices or misconfigured SCADA systems in oil and gas—prioritizing risks based on exploitability.

This proactive approach helps CISOs design segmented architectures that isolate critical OT assets while enabling secure cloud monitoring. Together, these technologies empower leaders to build robust, future-proof systems and maintain vigilant oversight, turning convergence into a competitive advantage.

Industries Poised to Benefit

This convergence impacts on a range of OT-dependent verticals, each with unique stakes:

  • Manufacturing: Industrial control systems and automation stand to gain from hybrid monitoring and AI-driven maintenance.
  • Energy and Utilities: Grid and water management can leverage cloud analytics while securing critical infrastructure.
  • Oil and Gas: Remote pipeline operations benefit from hybrid scalability without compromising safety.
  • Transportation and Logistics: Real-time coordination improves with AI and hybrid visibility.
  • Healthcare: Emerging OT in smart hospitals gains efficiency and security through strategic integration.

For technology leaders across these sectors, the IT/IoT/OT convergence demands action. What is the call to action:

Don’t wait for your organization to ask “what are we doing about OT?”. I know many of my peers are busy with the day to day, “blocking and tackling” and might feel they don’t have the time to look at this. You have to make the time.

Begin by assessing your infrastructure, how can cloud integration enhance your OT systems? Craft a roadmap balancing on-premises strengths with hybrid innovation, and harness AI to unlock data-driven potential. Whether you prioritize cloud agility, reinforce on-premises control, or blend both, preparation is key. Don’t underestimate the value of building architecture diagrams of the different systems. Make sure you have a strategy around vulnerability analysis and visibility. Finally, it’s about resilience and recovery as you WILL have issues. The adversaries are relentless and have more and more tools at their disposal every day.

In a few weeks I will be at the 2025 RSA Conference in San Francisco. I along with the team at Boston Meridian Partners would be happy to chat about the state of the markets or help you navigate the M&A process. Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technological insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit

ZTA, Secure by Design, Platform, Best of Suite, what does all this mean???

November 22, 2024 / / 0 Comments

Boom… A little over a month ago, I published a blog around best of breed vs. best integrated vs. best of luck. Other related topics that CISOs, CTOs, and other C-Suite executives often discuss include Zero Trust Architecture (ZTA), Secure by Design, Best of Suite, and platform. Many CISOs and CIOs have strong opinions on these topics. Some feel ZTA is a bogus strategy and impossible to achieve, while others are committed to achieving it. Secure by Design is a dream many of us in the industry have had for decades. This blog will dive deeper into each of these topics, highlight companies in each area, and provide some talking points/benefits for each.

Defining Zero Trust Architecture (ZTA)

On the surface, Zero Trust Architecture is exactly what it sounds like: trust nothing without verification. This means verifying explicitly and using the principle of least privilege, where entities only have access when needed. Another key aspect is the “assume breach” mentality. While I understand the rationale, I prefer explicit verification over assuming a breach. For example, I know my house is secure because the doors are locked, and my dogs would alert me to any intruders. Similarly, a well-architected and monitored network should achieve the same level of security. Zero Trust is a continuous journey rather than a final destination.

Understanding Secure by Design

Secure by Design emphasizes integrating security into every layer of a system from the outset. As a CTO or CISO, fostering a culture of security by design is crucial. This approach includes principles like least privilege, assume breach, and defense in depth. Think of it like a car equipped with safety features such as airbags, seatbelts, and sensors. Similarly, your network should be designed with multiple layers of security. Achieving Secure by Design involves threat modeling, secure coding practices, and regular security training. Companies helping companies with this are Microsoft, Google, AWS, Cisco, IBM, Palo Alto Networks, and Crowdstrike. Crowdstrike has an interesting take on this as they push for “resilient by design” which I prefer as a practitioner. Security is always evolving and adversaries have even more resources to use against us. It’s critical to be resilient to achieve any level of success. Secure by Design is good as well so consider options of both when researching this for your own organizations

Best Integrated vs. Best of Platform

In a previous post, I discussed “best integrated,” which aligns with the concept of “best of platform.” This approach involves selecting a broad set of tools within an extensible framework that supports your goals and security needs. Always choose tools with built-in integration capabilities to ensure seamless operation. Some of the same companies as above are considered highly focused on on “best integrated” and walk the line into platform if customers wish to do so. Technology companies that focus on “platform” are Trend Micro, Qualys, Zscaler, Lacework, and Tenable. Thes companies focus on cloud-native solutions, compliance, advanced threat protection, insurance, and management solutions which all taken together help customers build a “best platform”.

Best of Suite

The best of suite approach involves selecting a comprehensive suite of security tools from a single vendor. Having worked at an investment bank for the past three years, I’ve seen a trend towards security consolidation. The managed services space is also growing as more companies outsource their security needs. While the initial cost can be higher, this approach requires careful planning and architecture. It is important to understand there are small differences in each of these. While Microsoft is on many of these lists it is due to the fact you can choose some or all of their capabilities. Google is very similar where you can look at Gartner, 451, or Forrester1 and they will have both companies highly rated. This is important for “Best of Suite”. Other companies to consider would be Salesforce, Oracle, SAP, Adobe, Workday, and ServiceNow. They have “platforms” around Enterprise resource planning, customer relationship management, IT Service Management, and Operations Management. They can integrate tools across marketing, sales, service, and commerce.

Conclusion

Over the past two blogs, we’ve explored best of breed, best integrated, best of suite, platform, and Secure by Design. Each approach has its complexities, costs, and challenges. It’s essential to consider the data and remember that “culture eats strategy” every day of the week. As a new CIO, CTO, or CISO, gaining buy-in from key stakeholders is crucial. My recommendation is to choose a framework, build your architecture based on existing capabilities, and develop a roadmap for gradual improvement. Change requires time and endurance, but with a strategic approach, you can shift the culture one tool at a time.

In conclusion, take a strategic approach rather than a tactical one to avoid constantly playing “whack-a-mole.” A well-developed architecture will align the C-Suite and help you create a robust security plan. Avoid making decisions based on personal preferences alone, and focus on building a cohesive and secure environment.

If I missed speaking with you at Blackhat, I along with the team at Boston Meridian Partners would be happy to jump on a call to chat about the state of the markets or help you navigate the M&A process. Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the author

Shawn Anderson2 has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

  1. Gartner, 451 Research, Forrester ↩︎
  2. http://www.linkedin.com/in/shawnanderson ↩︎

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit

Best of Breed, Best integrated, or Best of Luck?

October 9, 2024 / / 0 Comments

When it comes to implementing technology solutions, C-level executives often face a critical decision: should they opt for a Best of Breed or a Best Integrated Solution? As top decision-makers, their focus is on keeping the company running smoothly, growing the business, and ensuring customer satisfaction. However, they often rely on technical experts to guide them in choosing the right technology, as they don’t always have the time to dive deep into the details.

Why Executives Prefer Strategic Decisions Over Tactical Ones

Executives are naturally risk-averse and prefer to make informed, data-driven decisions quickly. Their time is limited, and they need to keep their focus on high-level strategies. It’s imperative that leadership remains focused on the company’s broader goals, rather than getting bogged down in the minutiae of tactical decisions. As a result, many executives turn to third-party analysis from companies like Gartner, Forrester, or 451 Research to guide their choices. These firms offer insights that can help companies decide whether to go with a Best of Breed approach or a Best Integrated Solution.1

What Is the “Best of Breed” Approach?

The Best of Breed approach involves selecting the best individual technology or software for each function, regardless of the vendor. The idea is to optimize performance in each specific area by using specialized tools.

Advantages of Best of Breed:

  • Specialized Functionality: Each solution is tailored to the unique needs of a specific business function, providing superior performance in that area.
  • Flexibility and Customization: Since each solution is chosen for its particular functionality, businesses have the flexibility to tailor and customize tools to their exact requirements.
  • Innovation and Agility: Specialized vendors tend to focus on innovation in their niche, which means businesses often benefit from faster adoption of cutting-edge features.

Disadvantages of Best of Breed:

  • Integration Complexity: Integrating multiple systems from different vendors can be complex, time-consuming, and expensive. It often requires expertise to ensure seamless data flow between systems.
  • Vendor Management: Dealing with multiple vendors increases complexity in terms of licensing, support, and maintenance.
  • Higher Total Cost: While the upfront costs may be attractive, managing multiple solutions can increase the total cost of ownership over time due to maintenance and integration efforts.

What Is the “Best Integrated Solution” Approach?

A Best Integrated Solution involves choosing a single platform or suite of applications from one vendor that covers a wide range of business functions. This approach simplifies the IT environment by minimizing the need for integration between different tools.

Advantages of Best Integrated Solution:

  • Seamless Integration: Since all components are designed to work together, there are fewer compatibility issues, making it easier to manage and implement across the organization.
  • Simplified Vendor Management: With just one vendor, managing licensing, support, and maintenance becomes simpler and more streamlined.
  • Lower Risk of Implementation Failures: With pre-tested compatibility, the risk of technical failures during implementation is reduced.
  • Unified Data Flow: A single platform allows data to flow seamlessly across different business functions, improving data accuracy and reducing silos.

Disadvantages of Best Integrated Solution:

  • Limited Flexibility: While the system may work well overall, it might not be the best fit for every individual business function, leading to compromises in some areas.
  • Vendor Lock-in: Relying on one vendor can lead to dependency, making future changes more difficult and potentially costly.
  • Slower Innovation: Large, integrated systems may evolve more slowly compared to specialized vendors, meaning businesses might miss out on cutting-edge features.
  • High Upfront Costs: The initial investment in an enterprise-wide system can be substantial, both in terms of licensing and the resources needed for implementation.

Which Approach Is Right for Your Business?

Both approaches have clear advantages and disadvantages, and the right choice depends on your organization’s specific needs, resources, and long-term goals. The Best of Breed approach offers flexibility, innovation, and specialized functionality but requires more effort to integrate and manage. On the other hand, a Best Integrated Solution offers simplicity, streamlined processes, and a unified data flow but may sacrifice some level of customization and agility.

Regardless of the path you choose, success lies in careful planning, budgeting, and architectural design. A “spray and pray” approach—where you simply hope things work out without a solid strategy—will almost certainly fail. If you’re unsure about which direction to take, consulting with a systems integrator can help you navigate the complexities and make the best choice for your organization.

In the end, whether you choose Best of Breed or Best Integrated Solution, the key is to align your technology choices with your broader business strategy. After all, the goal is to keep growing the business and keeping customers happy.

If I missed speaking with you at Blackhat, I along with the team at Boston Meridian Partners would be happy to jump on a call to chat about the state of the markets or help you navigate the M&A process. Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridian LinkedIn Page <- Follow this company!

About the author

Shawn Anderson2 has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

  1. www.gartner.com, www.forrester.com, www.451research.com ↩︎
  2. www.linkedin.com/in/shawnanderson
    ↩︎

Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit
Boston Meridian Fireside chat at RSA Conference Reception 2024.
It's all about the data!

Observations from RSAC2024 – A Security Roadmap for AI

June 10, 2024 / / 0 Comments

Most of us have fully recovered from our very busy week at this year’s RSA Conference. The massive cyber security event which takes place in San Francisco with over 60k of my closest cybersecurity friends. As most of us already figured would be the topic de jour, there were very few if any in attendance, who were not talking about GenAI. Specifically, the impacts it is and will have on our industry and the rest of the world as we know it.

I have written about Artificial Intelligence (AI) in the past and how it’s going to be the integration of GenAi and different other solutions which will truly cause significant disruption. GenAI and the combination of other technologies such as robotics, medical, oil and gas exploration, retail delivery, fast food experience, and even tier 1 and 2 security operations center functions. This all sounds really cool and fascinates me with the massive potential GenAI has to impact the world.

Boston Meridian Partners, the company I work at, hosts a reception on Sunday evening each year prior to the conference. We host this meeting for numerous startups and friends from the private equity and venture capital world as well as many C suite executives with interest in cyber security. Our goal the past few years has been to get some top-notch speakers to share their wisdom with the crowd and this year’s speakers did not disappoint.

We had Chris Krebs from SentinelOne, Brian Finch from Pillsbury Winthrop Shaw Pittman LLP, and Kate Kuehn from WTI who shared key points on regulatory issues (Note: Thankfully we have the EU who have established many key requirements for the world to follow as our own US government has been slow to pass any legislation with real teeth). They also spent time talking about risk and the importance of collaboration and coordination. While we discussed many key investor topics around GenAI it couldn’t have been a better way to set the stage for the RSA Conference and our very full week of over 150 meetings from across the community. 1

I took away quite a few pointers as I met with startups, CEOs, speakers at numerous events, and in general discussion around a good craft beer or cocktail in the evenings. Here are some take aways from and things to ponder as we push GenAI initiatives in our companies and industries we support.

  1. As mentioned above, collaboration and coordination are key to success. It might seem like a no brainer but many of us are hardheaded and like to “go it alone” which can be a big mistake. It’s imperative we work closely with industry partners, government agencies, and relevant councils to manage AI-related risks and incidents. Fostering this collaboration will enhance GenAI security across the collective.
  2. Risk – I have spoken on this, written about it, and will shout it from the highest mountain as long as I have air in my lungs; “It’s about the data”. It’s super critical to conduct thorough risk assessments specific to GenAI deployments and focus on the data risk. It’s being sucked like a vacuum into these Large Language Models (LLMs) with little to no understanding where the data is going or how it is being used. It is critical for CIO’s and CISO’s to identify potential vulnerabilities, threats, and attack vectors related to AI technologies.
  3. Zero Trust and/or Secure by Design – We use the term “it’s easier to bake it in than spread it on like peanut butter” but often we find companies doing this very thing. Prioritize security from the outset. Ensure those GenAI systems are designed with zero trust (we trust nothing and no one without verification) and with security in mind, incorporating Multi-Factor Authentication, encryption, and access controls.
  4. Supply Chain and 3rd party security – Extending security considerations throughout the entire GenAI supply chain is now a must do these days. One cannot assume the suppliers are doing the right thing or have you in their best interest. They should, but it’s up to you to verify and set up the appropriate controls and service level agreements. This goes back to the “collaborate” discussion above and ensuring safe and responsible use of GenAI.
  5. Finally, we have the geek moment and have to allow technology and or the “hunters” to red team. This should be performed regularly as GenAI exercises and tabletops with the executive team’s involvement. By simulating attacks organizations can identify weaknesses and improve defenses. Since it’s often illegal to go on the offensive against adversaries we must have strong defenses in place.

Overall, it was another amazing week in San Francisco, and I enjoyed meeting so many innovative companies on the show floor. While GenAI is still in its infancy it has quickly become a show of force from all thing’s cybersecurity. GenAI will speed up our ability to do our jobs (but also the adversaries) but we have to be strategic and work faster through the traditional “blocking and tackling” abyss we so often fall into. Teamwork makes the dreamwork!

If you missed us at RSA, I along with the team at Boston Meridian Partners will be at Blackhat, Las Vegas this coming August so please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

Learn More: CISA Roadmap FAQs, CISA AI Roadmap, Cam Sivesind article on “cisa-roadmap-for-ai”, Grayson Milbourne – Forbes Article on “Small Business Roadmap for AI”

About the author

Shawn Anderson2 has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

  1. https://www.linkedin.com/in/christopherckrebs/
    https://www.linkedin.com/in/brianfinch-cybersecurity/
    https://www.linkedin.com/in/katekuehn/
    ↩︎
  2. www.linkedin.com/in/shawnanderson/ ↩︎
Please follow and like us:
onpost_follow
fb-share-icon
Tweet
Share
submit to reddit
« Older posts

© 2026 Shawn Anderson's Cyber Blog

Theme by Anders NorenUp ↑