Shawn Anderson's Cyber Blog

Cloud, Assurance, Forensics, Engineering

Tag: venturecapital

AI is here to stay? One person’s perspective on attending Datatribe – Cyber Innovation Day 2025

November 14, 2025 / / 0 Comments

AI Security Takes Center Stage: Key Insights from DataTribe’s Cyber Innovation Day 2025 by Shawn Anderson, CTO and 2x CISO, Boston Meridian Partners

November 4th’s industry gathering revealed how artificial intelligence is fundamentally reshaping cybersecurity – from autonomous red teams to agentic AI governance

I was already a fan of DataTribe, but their daylong event at The Capital Turnaround—a historic Navy Yard car barn turned vibrant event venue—solidified my admiration. With engaging speakers, impressive startups, dynamic attendees, and great food, the event was a standout. Located in a revitalized area near the Washington Navy Yard, this venue is a must-see for your next event.

DataTribe’s Cyber Innovation Day 2025 brought together cybersecurity’s brightest minds to tackle the most pressing question facing our industry: How do we secure systems that are increasingly powered by artificial intelligence? From startup pitches to expert panels, the day revealed both unprecedented opportunities and sobering challenges ahead.

The AI Revolution in Security: Faster, Smarter, More Dangerous

The opening presentations from DataTribe’s portfolio finalists painted a picture of AI’s transformative impact. Anit Saeb, founder of Cytadel and former head of penetration testing at the Bank of England, demonstrated how AI-driven autonomous red teaming can achieve “full compromise in under 8 minutes—550x faster than ransomware groups.” According to Cytadel’s internal testing, his company’s AI agents have already bypassed the top three EDR vendors, proving that traditional defenses are struggling to keep pace.

Meanwhile, Tim Schultz from Starseer (formerly Verizon’s AI Red Team lead) highlighted a critical gap: “Current AI security tools only monitor user-LLM interactions, while agents act across databases and applications and communicate with other agents.” As organizations deploy AI agents that can independently access systems and make decisions, we’re entering uncharted territory for security governance.

The scale of this challenge became clear through Evercoast’s presentation on physical AI training. Their platform addresses a fundamental problem: “Physical AI has only thousands of hours of training data vs trillions for LLMs.” As AI systems move from chatbots to controlling physical infrastructure—from F-16 repairs to autonomous vehicles—the security implications multiply exponentially.

Industry Veterans Sound the Alarm

Jason Clinton, Deputy CISO at Anthropic, provided a sobering insider perspective on AI’s current trajectory. “AI compute [is] increasing 4x year-over-year since 1957,” he noted, with Anthropic now writing “~90% of code via Claude.” But this acceleration comes with risks: “Threat actor capability compression [is] occurring—Tier 1 and Tier 2 actors are converging as script kiddies can now ask models to write ransomware and C2 infrastructure.”

The shift in workflow is fundamental. As Clinton described it, we’re moving to “ask AI to do work, return to check results”—a complete reversal of traditional development processes. This creates new categories of vulnerabilities that traditional security tools weren’t designed to handle.

Dmitri Alperovitch, co-founder of CrowdStrike, brought historical perspective to these challenges. Reflecting on CrowdStrike’s founding after the 2010 Operation Aurora attacks, he emphasized that “if you can stop sophisticated actors, everything else becomes easy.” His advice for today’s founders was characteristically direct: “Don’t fear big company competition – fear unknown hungry startups.”

The Investment Landscape: Opportunity Amid Uncertainty

The investment panel featuring Rob Ackerman, Andrew McClure, and Phil Venables revealed a market in transition. “2025 cybersecurity financing: ~1,000 events, $15B volume with 50% being AI/AI-first companies,” they reported, but warned that “Series A to B graduation [is] declining (400 A rounds vs 40 B rounds = 10:1 ratio).”

The key insight? We’re moving from “orchestration” to what they termed “choreography” – AI agents organizing themselves in ways that traditional human-managed systems never could. This shift requires entirely new approaches to security architecture and governance.

Security Leaders Grapple with the “Lethal Trifecta”

Security practitioners Maurice Boissiere, Randy Sabett, and Pat Moynahan introduced a crucial framework for AI security risk assessment. They identified the “Lethal Trifecta for AI Agents: external data sources, external communications, and private data via unprompted input.” This framework provides a practical lens for evaluating AI deployments, though they admitted the overall assessment remains “chaotic due to AI adoption pressure vs security fundamentals.”

The panel emphasized that while “C-suite [is] now paying attention,” many organizations still lack basic incident response capabilities, with insufficient logging and “no forensic capabilities to determine breach scope.”

Media and Market Reality Check

Daniel Whitenack from the Practical AI Podcast provided valuable context on AI’s evolution, identifying three distinct phases: traditional ML (still widely used for specific tasks), foundation models (requiring technical expertise), and current generative AI that’s “squeezing out the middle” by enabling “business domain experts [to] bypass data scientists.”

Maria Varmazis from T-Minus Space Daily highlighted sector-specific vulnerabilities, noting that the “$614B global space industry” remains “10-15 years behind cybersecurity best practices.” Recent incidents include University of Maryland researchers using an “$800 antenna to intercept sensitive military/police communications” and “Russia’s 2022 ViaSat attack [that] disabled Eastern European satellite communications.”

Startup Innovation: Hardware Meets AI

Beyond software solutions, Tensor Machines demonstrated how AI security extends to physical systems. With “$2M NSF funding and 5 patents filed,” they’re addressing the “$5T+ autonomous systems market” through “physics-informed neural networks for real-time physical fingerprinting.” Their live demonstration showed automatic failover when camera spoofing was detected – exactly the kind of autonomous response needed as AI systems become more prevalent in critical infrastructure.

Lessons from the Trenches: Fundraising and Building

Throughout the day, practical wisdom emerged from battle-tested entrepreneurs. Alperovitch’s fundraising philosophy resonated: “Would you rather have 50% of a pea or 10% of a watermelon? No one ever went bankrupt because of dilution.” His emphasis on execution over technology trends – “customers buy effectiveness, not technology trends” – provided grounding amid AI hype.

The bourbon tasting session offered its own metaphor for startup persistence, featuring Charleston Red Corn Bourbon made from a “colonial-era variety that nearly died out” until a “Clemson professor found 2 cobs in seed vault [and] regenerated the line.” Sometimes the most valuable innovations come from reviving what others have given up on.

Take Action: Preparing for the AI Security Future

The insights from DataTribe’s Innovation Day point to several immediate actions every cybersecurity leader should take:

Assess your AI exposure now. Use the “Lethal Trifecta” framework to evaluate every AI deployment in your organization. Catalog which systems have external data access, communication capabilities, and access to private data without human oversight.

Invest in behavioral detection over signatures. Traditional signature-based security is already failing against AI-generated threats. Companies like Tensor Machines are pioneering behavioral fingerprinting approaches that can adapt to new attack patterns in real-time.

Prepare for agent governance. Whether you’re deploying AI agents or defending against them, establish clear policies for agent identity management, permission structures, and audit trails. The companies that solve this challenge early will have significant competitive advantages.

Bridge the talent gap strategically. With AI democratizing both offensive and defensive capabilities, focus on hiring people who can architect secure AI systems rather than just operate traditional security tools. The future belongs to organizations that can “choreograph” rather than just orchestrate their security operations.

Plan for autonomous security. As Jason Clinton noted, we’re approaching a world where “AI writes code → AI finds bugs → AI tests vulnerabilities → AI fixes issues.” Start experimenting with AI-powered security automation in low-risk environments to build competency for this inevitable future.

The cybersecurity industry stands at an inflection point. Organizations that act on these insights now—while their competitors are still debating whether AI is hype or reality—will be the ones defining security standards for the next decade. The question isn’t whether AI will transform cybersecurity, but whether you’ll be leading or following that transformation.

I attended DataTribe’s Cyber Innovation Day 2025 and compiled insights from presentations, panels, and networking sessions throughout the event.

Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technological insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

Boston Meridian Fireside chat at RSA Conference Reception 2024.
It's all about the data!

Observations from RSAC2024 – A Security Roadmap for AI

June 10, 2024 / / 0 Comments

Most of us have fully recovered from our very busy week at this year’s RSA Conference. The massive cyber security event which takes place in San Francisco with over 60k of my closest cybersecurity friends. As most of us already figured would be the topic de jour, there were very few if any in attendance, who were not talking about GenAI. Specifically, the impacts it is and will have on our industry and the rest of the world as we know it.

I have written about Artificial Intelligence (AI) in the past and how it’s going to be the integration of GenAi and different other solutions which will truly cause significant disruption. GenAI and the combination of other technologies such as robotics, medical, oil and gas exploration, retail delivery, fast food experience, and even tier 1 and 2 security operations center functions. This all sounds really cool and fascinates me with the massive potential GenAI has to impact the world.

Boston Meridian Partners, the company I work at, hosts a reception on Sunday evening each year prior to the conference. We host this meeting for numerous startups and friends from the private equity and venture capital world as well as many C suite executives with interest in cyber security. Our goal the past few years has been to get some top-notch speakers to share their wisdom with the crowd and this year’s speakers did not disappoint.

We had Chris Krebs from SentinelOne, Brian Finch from Pillsbury Winthrop Shaw Pittman LLP, and Kate Kuehn from WTI who shared key points on regulatory issues (Note: Thankfully we have the EU who have established many key requirements for the world to follow as our own US government has been slow to pass any legislation with real teeth). They also spent time talking about risk and the importance of collaboration and coordination. While we discussed many key investor topics around GenAI it couldn’t have been a better way to set the stage for the RSA Conference and our very full week of over 150 meetings from across the community. 1

I took away quite a few pointers as I met with startups, CEOs, speakers at numerous events, and in general discussion around a good craft beer or cocktail in the evenings. Here are some take aways from and things to ponder as we push GenAI initiatives in our companies and industries we support.

  1. As mentioned above, collaboration and coordination are key to success. It might seem like a no brainer but many of us are hardheaded and like to “go it alone” which can be a big mistake. It’s imperative we work closely with industry partners, government agencies, and relevant councils to manage AI-related risks and incidents. Fostering this collaboration will enhance GenAI security across the collective.
  2. Risk – I have spoken on this, written about it, and will shout it from the highest mountain as long as I have air in my lungs; “It’s about the data”. It’s super critical to conduct thorough risk assessments specific to GenAI deployments and focus on the data risk. It’s being sucked like a vacuum into these Large Language Models (LLMs) with little to no understanding where the data is going or how it is being used. It is critical for CIO’s and CISO’s to identify potential vulnerabilities, threats, and attack vectors related to AI technologies.
  3. Zero Trust and/or Secure by Design – We use the term “it’s easier to bake it in than spread it on like peanut butter” but often we find companies doing this very thing. Prioritize security from the outset. Ensure those GenAI systems are designed with zero trust (we trust nothing and no one without verification) and with security in mind, incorporating Multi-Factor Authentication, encryption, and access controls.
  4. Supply Chain and 3rd party security – Extending security considerations throughout the entire GenAI supply chain is now a must do these days. One cannot assume the suppliers are doing the right thing or have you in their best interest. They should, but it’s up to you to verify and set up the appropriate controls and service level agreements. This goes back to the “collaborate” discussion above and ensuring safe and responsible use of GenAI.
  5. Finally, we have the geek moment and have to allow technology and or the “hunters” to red team. This should be performed regularly as GenAI exercises and tabletops with the executive team’s involvement. By simulating attacks organizations can identify weaknesses and improve defenses. Since it’s often illegal to go on the offensive against adversaries we must have strong defenses in place.

Overall, it was another amazing week in San Francisco, and I enjoyed meeting so many innovative companies on the show floor. While GenAI is still in its infancy it has quickly become a show of force from all thing’s cybersecurity. GenAI will speed up our ability to do our jobs (but also the adversaries) but we have to be strategic and work faster through the traditional “blocking and tackling” abyss we so often fall into. Teamwork makes the dreamwork!

If you missed us at RSA, I along with the team at Boston Meridian Partners will be at Blackhat, Las Vegas this coming August so please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

Learn More: CISA Roadmap FAQs, CISA AI Roadmap, Cam Sivesind article on “cisa-roadmap-for-ai”, Grayson Milbourne – Forbes Article on “Small Business Roadmap for AI”

About the author

Shawn Anderson2 has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

  1. https://www.linkedin.com/in/christopherckrebs/
    https://www.linkedin.com/in/brianfinch-cybersecurity/
    https://www.linkedin.com/in/katekuehn/
    ↩︎
  2. www.linkedin.com/in/shawnanderson/ ↩︎

It’s all about the Data!

July 27, 2023 / / 0 Comments

The title might be the biggest “duh” statement ever but I continue to be surprised at how many technology/cyber professionals miss this. They feel it’s all about the “network” and the “infrastructure”. We can’t really blame them, as there is a huge chance these professionals started their careers “on premises” and kept with the same understanding and knowledge when they shifted to the cloud.

We cannot use the same thinking in the cloud that we used on prem because data doesn’t reside within any one domain of control. It spans across numerous boundaries in it could be residing locally on an endpoint, on a server in the local data center, or in a SaaS solution in the cloud. This means the data is sitting on a cloud providers network somewhere in the world. Unless you build the location into your architecture or specifically state this requirement in the service level agreement your data residency requirements, it could be anywhere. It’s still out of your purview of protection using SaaS but you have a responsibility to protect it wherever it resides.

Cloud providers are quick to tell you they are responsible for the protection of the cloud and you, as users, are responsible for the protection in the cloud. This statement kills me because the “devil is in the details”. Companies are terrible at patching their own on premises systems, let alone keeping track of the 100’s of VM’s they might have in any one cloud provider. In a future blog I will discuss my frustration when technology companies make you “turn the security feature on” rather than “we turned in on and here are the risks to your data if you turn it off”.

When we focus on designing out topology using a network mentality, we implement solutions originally built to keep people out of the network (or in) and not focused on who might be accessing data in either domain. We need to focus first on data identification so we can figure out how/when to protect it.

In the cloud there must be a renewed focus on data protection and the security of the applications accessing, moving, managing, or touching this said data. In order to do this we have to rewire our brains a bit. On prem, we didn’t care about the data as long as it was sitting in the perimeter of our control. Anyone on the inside was trusted and anyone outside was not. Easy as pie!

It’s not so easy in the cloud age. We need to have an “assume compromise” and “zero trust” mentality 100% of the time. In my past blogs I have mentioned the importance of due care and due diligence, the importance of implementing multi factor authentication (MFA), and picking a security framework. These are the basics and once you have these in place you can focus on a more holistic ($2 word) data protection architecture. Here are some items to consider in your data protection journey:

  1. First step is understanding your data journey is going to be just that, a journey. With the advent of cloud computing, processing capability, and data creation you should be prepared for upwards of multiple petabytes of data or even exabytes. Think “data ocean” vs “data lake”[1] and eat the elephant one byte at a time.
  2. Organize a company wide data risk and threat management team who can work across the organization identifying the most critical data and make recommendations/decisions on how best to protect this data. This team should be made up of a cross company team with representatives from every department.
  3. Pick a tool to give you visibility across your whole network environment. Consider cloud-based tools with connectors to on premises tools so you can get a full view of everything you have. consider all areas whether they be on prem, cloud or hybrid multi-cloud. This can be a managed service, or one of the newer cloud SaaS companies providing these services.
  4. Run a report and then sit down with the management team described above to discuss the output of this report. Develop discussion points to help the executive team understand why protecting this data is important and what the analytics stated was important. They might be similar, but often times very different. The most used system vs the most important system could be very different. This is where the organization should have a good handle on where their data is traveling/sitting and what applications are being used to work with the data.
  5. Take the data, the input from management, and build a build out the organizations risk tolerance dashboard showing these systems and accompanying data. This should include how critical these applications/systems are to the ongoing business. If one critical system goes down or data is lost how long would it take to recover? How long would it take to rebuild?
  6. Run a worst-case scenario exercise with your IT department and security team. Once they have a good handle on the main issues invite the leadership and/or business leaders in to conduct a tabletop exercise. This is where you really have the ability to see how decisions would be made and identify the response gaps you might have because of those decisions.
  7. Rinse and repeat as often as you can, continuously fine tuning and working off known issues.

Bottom line, companies need to identify a framework, take inventory of their data (both critical and non-critical), implement a system to monitor across the whole of the company’s environment. This should include on prem, cloud, and in many cases multi-cloud environments. Run analytics and build out your risk management strategy and reporting structure. Bring in the leadership early and often to review as you go, making sure everyone knows their role in the process. finally, don’t be afraid of what the process shows. It’s going to be ugly at times, but this is how we get better. Identify the issues and work a plan to get better.

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting “environmentally friendly materials”.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

[1] Data Lakes Revisited | James Dixon’s Blog (wordpress.com)

Cybersecurity Trends from a CTO/CISO perspective

April 11, 2023 / / 0 Comments

It’s been a fast 15 months since I started on this journey working as the CTO for an investment bank. I’ve traveled all over the United States, held conversations with 100’s of Venture Capital, Private Equity, and exciting newer security startups. There have been a few trends which keep bubbling to the top that I wanted to share with all of you. As we all know cybersecurity isn’t anything new but something all companies, large and small, need to be doing. Cybersecurity has become an increasingly important area of focus for businesses and governments, with the rising frequency and severity of cyber-attacks as well as the renewed governance focus at the board level.

As a result, there has been a growing interest in investing in cybersecurity companies and technologies. Here are some of the investment trends in cybersecurity:

Cloud Security: With more businesses moving their operations to the cloud, cloud security has become a top priority. Investors are looking for companies that provide cloud security solutions, such as cloud access security brokers (CASBs), cloud security posture management (CSPM) tools, and cloud workload protection platforms (CWPPs). Using rough numbers from quarterly earnings of the top 3 cloud providers (GCP, AWS, and Microsoft) they are roughly $350b annual revenue which is a small percentage of the overall global IT spend of $4.2T. This area will continue to grow.

Identity and Access Management (IAM): IAM solutions have become essential for managing access to corporate networks, applications, and data. Investors are looking for companies that provide IAM solutions such as identity governance and administration (IGA), multi-factor authentication (MFA), privileged access management (PAM), and User access management.

Artificial Intelligence (AI) and Machine Learning (ML): AI and ML are being used to enhance cybersecurity by enabling faster threat detection and response. Investors are looking for companies that provide AI and ML-powered solutions such as security analytics, threat detection and response, and fraud prevention. This area spooks me a bit as it’s moving so quickly and from what I’ve seen without any guardrails to keep it 100% safe, ethical, and working in the best interests of it’s creators.

Internet of Things (IoT) Security: As more devices become connected to the internet, IoT security has become a critical concern. Investors are looking for companies that provide IoT security solutions such as device management, data encryption, and firmware security. Other areas are Operational Technology (OT) which is a term defining a specific category of hardware and software whose purpose is to monitor and control the performance of physical devices. The other is Industrial Internet of Things (IIoT) designed to incorporate technologies such as machine learning, machine-to-machine (M2M) communication, sensor data, Big Data, etc.

Cyber Insurance: Cyber insurance has become increasingly popular as a way for businesses to mitigate the financial risks associated with cyber attacks. Investors are looking for companies that provide cyber insurance policies and risk assessment services. This is a growing area with a lot of unknown variables. Unlike traditional insurance such as life and auto the data available on cyber is limited to the past 40 years and is always advancing. This area will continue to mature and be extremely important as companies try to defer and manage their risk.

Cybersecurity Consulting and Integration: With cybersecurity becoming more complex, businesses are seeking the expertise of cybersecurity consultants to help them develop and implement effective cybersecurity strategies. Investors are looking for companies that provide cybersecurity consulting services. An offshoot of this is Cloud System Integration or Cloud SI. Companies who can help other companies to deploy the cloud solutions they have acquired to get it deployed in the quickest way possible. These companies who are “born in the cloud” have an advantage today because they have the ability to move at “cloud speed”. The issue is training the talent to do the work.

Overall, the cybersecurity industry is expected to continue to grow, and investors are expected to continue to invest in companies that provide innovative and effective cybersecurity solutions.

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

© 2025 Shawn Anderson's Cyber Blog

Theme by Anders NorenUp ↑