Shawn Anderson's Cyber Blog

Cloud, Assurance, Forensics, Engineering

Tag: startups

Observations so far in 2025 – Data, AI, and everything new under the sun.

October 8, 2025 / / 0 Comments

Every spring and late summer, the Boston Meridian Partners team attends two of the world’s largest cybersecurity conferences: RSA Conference in San Francisco and Blackhat in Las Vegas. These events are a whirlwind of activity—client receptions, dinners, and nearly 250 meetings with innovative tech companies and industry leaders. This year, I spent much of my time in Blackhat’s “Startup City,” a hub of emerging companies that’s far easier to navigate than the sprawling Moscone Center.

The Startup Scene: Shiny Pennies and Hidden Gems

Startups at these conferences are eager to showcase their innovations, often presenting themselves as the “next big thing.” However, many struggle to stand out in a crowded market. While their enthusiasm is infectious, differentiation is key—what I call the “shiny penny problem.” A penny, no matter how polished, is still a penny if it doesn’t offer unique value.

Meeting C-level executives at startup booths was a highlight, as this is rare for larger companies where leaders like George Kurtz or Satya Nadella are often mobbed by media. These interactions offered valuable insights into emerging technologies, particularly in artificial intelligence (AI). AI and Data: The Heart of Modern Security

AI dominated conversations this year, with startups focusing on data-driven security solutions. At Blackhat’s AI Summit, I heard repeated emphasis on the importance of data and identity in building secure environments. As I’ve said for decades, “It’s all about the data.” The rise of Large Language Models (LLMs) has amplified this, with data being consumed at unprecedented rates. However, the lack of controls—such as a Cloud Access Security Broker (CASB) for LLMs—raises concerns about rogue models masquerading as legitimate tools.

CISO Challenges: Balancing Priorities in a High-Pressure Role

Discussions with Chief Information Security Officers (CISOs) at Blackhat and RSA Conference revealed the immense pressure they face in balancing day-to-day operations with the need to adopt cutting-edge technologies. Many CISOs described their roles as a constant exercise in “blocking and tackling”—managing fundamental security tasks like patching vulnerabilities, responding to incidents, and ensuring compliance. These operational demands often leave little time to explore emerging technologies like AI-driven security tools or advanced identity management platforms.

One CISO from a manufacturing company shared a striking perspective: they prioritized keeping the production floor operational over implementing a robust data protection strategy. “If the factory stops, the business stops,” they explained, noting that downtime could cost millions. While understandable, this approach undervalues the long-term risks of data breaches, where sensitive intellectual property or customer data could be compromised. For example, a single unprotected dataset could be exfiltrated by attackers, leading to regulatory fines or reputational damage far exceeding the cost of a temporary production halt.

Identity management emerged as another significant challenge. Several CISOs reported using two to four different identity solutions, creating complexity and potential security gaps. One CISO from a financial services firm described their struggle with integrating legacy systems with modern cloud-based identity platforms, resulting in fragmented visibility into user access. They expressed frustration with “platform” solutions that promise seamlessness but often fall short, leading them to favor “best-of-breed” tools. However, this approach can increase costs and administrative overhead. A better strategy, as I’ve advocated previously, is adopting one or two well-integrated identity solutions that work seamlessly across on-premises and cloud environments, reducing complexity while maintaining robust security.

The growing prevalence of Internet of Things (IoT) and Operational Technology (OT) devices is also keeping CISOs up at night. With networks hosting tens of thousands of devices—ranging from smart sensors in offices to industrial control systems in factories—securing these endpoints is a daunting task. A CISO from a utility company highlighted the challenge of monitoring “dumb” devices with outdated firmware alongside “smart” IoT devices that are often poorly configured. They noted a recent incident where an unpatched IoT camera served as an entry point for a ransomware attack, underscoring the need for solutions that can monitor and secure both on-premises and cloud-connected devices.

Finally, many CISOs admitted to feeling overwhelmed by the rapid pace of technological change, particularly in AI. One CISO from a healthcare organization confessed they lacked the bandwidth to evaluate AI-driven security tools, relying instead on their team’s recommendations. This highlights a broader issue: CISOs are expected to be strategic visionaries while managing tactical firefights, often without sufficient resources or time to stay ahead of the curve.

Emerging Trends in Cybersecurity: Why Staying Current Matters

The cybersecurity landscape is evolving rapidly, driven by advancements in AI, the proliferation of connected devices, and increasingly sophisticated threats. Staying current with these trends is critical for CISOs and their teams to protect their organizations effectively. Falling behind can lead to blind spots, such as unaddressed vulnerabilities or missed opportunities to leverage new tools for efficiency and resilience. Based on my observations at Blackhat and RSA Conference, here are seven key technological trends shaping the industry, along with why staying informed is essential:

  1. AI Agent Governance: As organizations deploy AI agents for tasks like threat detection and customer support, the lack of oversight frameworks creates new risks. Rogue or misconfigured AI agents could expose sensitive data or disrupt operations. For example, a poorly governed AI chatbot might inadvertently leak proprietary information. CISOs must adopt “AI Agent Rewind” capabilities to audit and recover from misuse. Staying current ensures organizations implement governance early, avoiding costly mistakes as AI adoption scales.
  2. Detection-as-Code Revolution: Traditional manual security rule creation is giving way to AI-powered platforms that auto-generate detection rules from threat intelligence. Companies like SOC Prime now serve over 1 billion rules globally, enabling faster responses to emerging threats. CISOs who fail to adopt these tools risk falling behind adversaries who exploit automation. Keeping up with this trend allows organizations to scale their security operations efficiently, especially in resource-constrained environments.
  3. External Attack Surface Expansion: Threats increasingly bypass traditional perimeter defenses, requiring active validation of vulnerabilities “outside the firewall.” Tools that simulate real-world attacks are replacing passive scanning, providing more accurate risk assessments. For instance, a retailer recently discovered an exposed API through active testing, preventing a potential breach. Staying informed about this trend helps CISOs prioritize external risks, which are often overlooked in favor of internal network security.
  4. Behavioral Security Over Signatures: Signature-based detection is losing ground to behavioral fingerprinting and drift analysis, which establish custom baselines for each application to achieve near-zero false positives. A bank using behavioral security detected an insider threat by identifying unusual data access patterns, avoiding a significant breach. CISOs who embrace this trend can reduce alert fatigue and focus on real threats, but staying current is critical to selecting the right tools for their unique environments.
  5. LLM Firewall Emergence: As enterprises integrate Large Language Models (LLMs) into workflows, new tools are emerging to protect against prompt injection, data leakage, and model manipulation. For example, a healthcare provider recently faced a prompt injection attack that tricked an LLM into revealing patient data. LLM firewalls can mitigate these risks, but CISOs must stay educated on this nascent category to implement effective controls before widespread adoption.
  6. Browser-Based Threat Protection: Zero-day phishing attacks that bypass email security are a growing concern. Browser-based tools using computer vision and real-time analysis are protecting over 800,000 users by detecting malicious sites instantly. Staying current on this trend allows CISOs to bolster endpoint security, especially for remote workforces increasingly targeted by sophisticated phishing campaigns.
  7. Unified Security Platforms: Talent shortages and budget constraints are driving demand for platforms that consolidate IT, InfoSec, and cybersecurity functions. A unified platform enabled a mid-sized firm to reduce its security tools from 15 to 3, cutting costs and improving visibility. CISOs who stay informed about consolidation trends can streamline operations and address the “do more with less” mandate, but failing to keep up risks reliance on outdated, fragmented solutions.

Staying current with these trends is not just about adopting new tools but about understanding how they align with organizational priorities and constraints. For CISOs juggling operational demands, dedicating time to research, attending conferences, or collaborating with peers is essential to avoid being blindsided by new threats or missing opportunities to enhance security posture. Organizations that invest in continuous learning—through training, industry reports, or vendor partnerships—will be better equipped to navigate the complexities of modern cybersecurity.

Looking Ahead

As AI, data, and IoT/OT reshape the threat landscape, CISOs must balance innovation with foundational security practices. Staying ahead requires not only technical expertise but also strategic foresight to prioritize what matters most. I’d love to hear your thoughts—what trends are you seeing at conferences, and how are you keeping up? Share your insights below or connect with us at

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technological insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

Boston Meridian Fireside chat at RSA Conference Reception 2024.
It's all about the data!

Observations from RSAC2024 – A Security Roadmap for AI

June 10, 2024 / / 0 Comments

Most of us have fully recovered from our very busy week at this year’s RSA Conference. The massive cyber security event which takes place in San Francisco with over 60k of my closest cybersecurity friends. As most of us already figured would be the topic de jour, there were very few if any in attendance, who were not talking about GenAI. Specifically, the impacts it is and will have on our industry and the rest of the world as we know it.

I have written about Artificial Intelligence (AI) in the past and how it’s going to be the integration of GenAi and different other solutions which will truly cause significant disruption. GenAI and the combination of other technologies such as robotics, medical, oil and gas exploration, retail delivery, fast food experience, and even tier 1 and 2 security operations center functions. This all sounds really cool and fascinates me with the massive potential GenAI has to impact the world.

Boston Meridian Partners, the company I work at, hosts a reception on Sunday evening each year prior to the conference. We host this meeting for numerous startups and friends from the private equity and venture capital world as well as many C suite executives with interest in cyber security. Our goal the past few years has been to get some top-notch speakers to share their wisdom with the crowd and this year’s speakers did not disappoint.

We had Chris Krebs from SentinelOne, Brian Finch from Pillsbury Winthrop Shaw Pittman LLP, and Kate Kuehn from WTI who shared key points on regulatory issues (Note: Thankfully we have the EU who have established many key requirements for the world to follow as our own US government has been slow to pass any legislation with real teeth). They also spent time talking about risk and the importance of collaboration and coordination. While we discussed many key investor topics around GenAI it couldn’t have been a better way to set the stage for the RSA Conference and our very full week of over 150 meetings from across the community. 1

I took away quite a few pointers as I met with startups, CEOs, speakers at numerous events, and in general discussion around a good craft beer or cocktail in the evenings. Here are some take aways from and things to ponder as we push GenAI initiatives in our companies and industries we support.

  1. As mentioned above, collaboration and coordination are key to success. It might seem like a no brainer but many of us are hardheaded and like to “go it alone” which can be a big mistake. It’s imperative we work closely with industry partners, government agencies, and relevant councils to manage AI-related risks and incidents. Fostering this collaboration will enhance GenAI security across the collective.
  2. Risk – I have spoken on this, written about it, and will shout it from the highest mountain as long as I have air in my lungs; “It’s about the data”. It’s super critical to conduct thorough risk assessments specific to GenAI deployments and focus on the data risk. It’s being sucked like a vacuum into these Large Language Models (LLMs) with little to no understanding where the data is going or how it is being used. It is critical for CIO’s and CISO’s to identify potential vulnerabilities, threats, and attack vectors related to AI technologies.
  3. Zero Trust and/or Secure by Design – We use the term “it’s easier to bake it in than spread it on like peanut butter” but often we find companies doing this very thing. Prioritize security from the outset. Ensure those GenAI systems are designed with zero trust (we trust nothing and no one without verification) and with security in mind, incorporating Multi-Factor Authentication, encryption, and access controls.
  4. Supply Chain and 3rd party security – Extending security considerations throughout the entire GenAI supply chain is now a must do these days. One cannot assume the suppliers are doing the right thing or have you in their best interest. They should, but it’s up to you to verify and set up the appropriate controls and service level agreements. This goes back to the “collaborate” discussion above and ensuring safe and responsible use of GenAI.
  5. Finally, we have the geek moment and have to allow technology and or the “hunters” to red team. This should be performed regularly as GenAI exercises and tabletops with the executive team’s involvement. By simulating attacks organizations can identify weaknesses and improve defenses. Since it’s often illegal to go on the offensive against adversaries we must have strong defenses in place.

Overall, it was another amazing week in San Francisco, and I enjoyed meeting so many innovative companies on the show floor. While GenAI is still in its infancy it has quickly become a show of force from all thing’s cybersecurity. GenAI will speed up our ability to do our jobs (but also the adversaries) but we have to be strategic and work faster through the traditional “blocking and tackling” abyss we so often fall into. Teamwork makes the dreamwork!

If you missed us at RSA, I along with the team at Boston Meridian Partners will be at Blackhat, Las Vegas this coming August so please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

Learn More: CISA Roadmap FAQs, CISA AI Roadmap, Cam Sivesind article on “cisa-roadmap-for-ai”, Grayson Milbourne – Forbes Article on “Small Business Roadmap for AI”

About the author

Shawn Anderson2 has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

  1. https://www.linkedin.com/in/christopherckrebs/
    https://www.linkedin.com/in/brianfinch-cybersecurity/
    https://www.linkedin.com/in/katekuehn/
    ↩︎
  2. www.linkedin.com/in/shawnanderson/ ↩︎

© 2025 Shawn Anderson's Cyber Blog

Theme by Anders NorenUp ↑