Tech Talks Daily

What happens when we finally admit that stopping every cyberattack was never realistic in the first place? That is the thread running through this conversation, recorded at the start of the year when reflection tends to be more honest and the noise dial is turned down a little. I was joined by returning guest Raghu Nandakumara from Illumio, nearly three years after our last discussion, to pick up a question that has aged far too well. How do organizations talk about cybersecurity value when breaches keep happening anyway? This episode is less about shiny tools and more about uncomfortable truths. We spend time unpacking why security teams still struggle to show value, why prevention-only thinking keeps setting leaders up for disappointment, and why the conversation is slowly shifting toward resilience and containment. Raghu is refreshingly direct on why reducing cyber risk, rather than chasing impossible guarantees, is the only metric that really holds up under boardroom scrutiny. We also talk about the strange contradiction playing out across industries. Attackers are often using familiar paths like misconfigurations, excessive permissions, and missing patches, yet many organizations still fail to close those gaps. The issue, as Raghu explains, is rarely a lack of tools. It is usually fragmented coverage, outdated processes, and a talent pipeline that blocks capable people from entering the field while claiming there is a skills shortage. One of the most practical parts of this conversation centers on mindset. Instead of asking whether an attacker got in, Raghu argues that leaders should be asking how far they were able to go once inside. That shift alone changes how success is measured, how teams prepare for incidents, and how pressure-filled P1 moments are handled when boards want answers every fifteen minutes. We also touch on how legal action, public claims campaigns, and customer lawsuits are changing the stakes after a breach, forcing executives to rethink how they frame cyber investment. From there, Raghu shares how Illumio has been working with Microsoft to strengthen internal resilience at massive scale, and why visibility and segmentation are becoming harder to ignore. This is a conversation about realism, responsibility, and growing up as an industry. If cybersecurity is really about safety and not slogans, what would you want your organization to stop saying, and what would you rather hear instead? Please feel free to upload the podcast. Here are also the links we discussed on the call: Useful Links Connect with Raghu Nandakumara on LinkedIn and Twitter Learn more about Illumio Lateral Movement in Cyberattacks Illumio Podcast  Follow on Facebook, Twitter, LinkedIn, and YouTube   Thanks to our sponsors, Alcor, for supporting the show.

What really happens inside an organization when a cyber incident hits and the neat incident response plan starts to fall apart? That question sat at the heart of my return conversation with Max Vetter, VP of Cyber at Immersive. It has been a big year for breaches, public fallout, and eye-watering financial losses, and this episode goes beyond headlines to examine what cyber crisis management actually looks like when pressure, uncertainty, and human behavior collide. Max brings a rare perspective shaped by years in law enforcement, intelligence work, and hands-on cyber defense, and he is refreshingly honest about where most organizations are still unprepared. We talked about why written incident response plans tend to fail at the exact moment they are needed most. Cyber incidents are chaotic, emotional, and non-linear, yet many plans assume calm decision-making and perfect coordination. Max explains why success or failure is often defined by the response rather than the initial breach itself, and why leadership, communication, and judgment matter just as much as technical skill. Real-world examples from major incidents highlight how competing pressures quickly emerge, whether to contain or keep systems running, whether to pay a ransom or risk prolonged downtime, and how every option comes with consequences. One idea that really stood out is Max's belief that resilience is revealed, not documented. Compliance and audits may tick boxes, but they rarely expose how teams behave under stress. We explored why organizations that rely on annual tabletop exercises often develop a false sense of confidence, and how that confidence can become dangerous when decisions are made quickly and publicly. Max shared why the best-performing teams are often the ones that feel less certain in the moment, because they question assumptions and adapt faster. We also dug into the growing role of crisis simulations and micro-drills. Rather than rehearsing a single scenario once a year, Immersive focuses on repeated, realistic practice that builds muscle memory across technical teams, executives, legal, and communications. The goal is not to predict the exact attack, but to train people to think clearly, collaborate across functions, and make defensible decisions when there are no good options. That preparation becomes even more important as cyber incidents increasingly spill into supply chains, manufacturing, and the physical world. As public scrutiny rises and consumer-led legal action becomes more common after breaches, reputation and response speed now sit alongside forensics and recovery as business-critical concerns. This episode is a candid look at why cyber crisis readiness is a discipline, not a document, and why assuming you will cope when the moment arrives is a risky bet. So if resilience only truly shows itself when everything is on the line, how confident are you that your organization would perform when the pressure is real and the clock is ticking? Useful Links Connect with Max Vetter on Linkedin Learn more about Immersive Labs Follow on LinkedIn, Instagram, Twitter and Facebook Thanks to our sponsors, Alcor, for supporting the show.

What happens when the web browser stops being a passive window to information and starts acting like an intelligent coworker, and why does that suddenly make security everyone's problem? At the start of 2026, I sat down with Michael Shieh from Mammoth Cyber to unpack a shift that is quietly redefining how work gets done. AI browsers are moving fast from consumer curiosity to enterprise reality, embedding agentic AI directly into the place where most work already happens, the browser. Search, research, comparison, analysis, and decision support are no longer separate steps. They are becoming one continuous workflow. In this conversation, we talk openly about why consumer adoption has surged while enterprise teams remain hesitant. Many employees already rely on AI-powered browsing at home because it removes ads, personalizes results, and saves time.  Inside organizations, however, the same tools raise difficult questions around data exposure, credential safety, and indirect prompt injection. Once an AI agent starts reading untrusted external content, the browser itself becomes a new attack surface. Michael explains why this risk is often misunderstood and why the real danger is not internal documents, but external websites designed to manipulate AI behavior. We dig into how Mammoth Cyber approaches this challenge differently, starting with a secure-first architecture that isolates trusted internal data from untrusted external sources. Every AI action, from memory to model connections to data access, is monitored and governed by policy. It is a practical response to a problem many security teams know is coming but feel unprepared to manage. We also explore how AI browsers change day-to-day work. A task like competitive analysis, which once took days of manual research and document comparison, can now be completed in minutes when an AI browser securely connects internal knowledge with external intelligence. That productivity gain is real, but only if enterprises trust the environment it runs in. We touch on Zero Trust principles, including work influenced by Chase Cunningham, and why 2026 looks like a tipping point for enterprise AI browsing. The technology is maturing, security controls are catching up, and businesses are starting to accept that blocking AI outright is no longer realistic. If you are curious to see how this works in practice, Mammoth Cyber offers a free Enterprise AI Browser that lets you experience what secure AI-powered browsing actually looks like, without putting your organization at risk. I have included the link so you can explore it yourself and decide whether this is where work is heading next. So, as AI browsers become the new workflow hub for knowledge workers everywhere, is your organization ready to secure the browser before it becomes your most exposed endpoint, and what would adopting one safely change about how your teams work? If you want to see what an enterprise-grade AI browser looks like when security is built in from day one, Mammoth Cyber is offering free access to its Enterprise AI Browser.  It gives you a hands-on way to experience how agentic AI can automate real work inside the browser while keeping internal data isolated from untrusted external sources. You can explore it yourself and decide whether this is how your organization should be approaching AI-powered browsing in 2026. Useful Links Learn more about the Mammoth Enterprise Browser and try it for free  Connect with Michael Shieh on LinkedIn Thanks to our sponsors, Alcor, for supporting the show.

What happens when engineering teams can finally see the business impact of every technical decision they make? In this episode of Tech Talks Daily, I sat down with Chris Cooney, Director of Advocacy at Coralogix, to unpack why observability is no longer just an engineering concern, but a strategic lever for the entire business. Chris joined me fresh from AWS re:Invent, where he had challenged a long-standing assumption that technical signals such as CPU usage, error rates, and logs belong only in engineering silos. Instead, he argues that these signals, when enriched and interpreted correctly, can tell a much more powerful story about revenue loss, customer experience, and competitive advantage. We explored Coralogix's Observability Maturity Model, a four-stage framework that guides organizations from basic telemetry collection to business-level decision-making. Chris shared that many teams stall on measuring engineering health without connecting that data to customer impact or financial outcomes. The conversation became especially tangible when he explained how a single failed checkout log can be enriched with product and pricing data to reveal a bug costing thousands of dollars per day. That shift, from "fix this tech debt" to "fix this issue draining revenue," fundamentally changes how priorities are set across teams. Chris also introduced Olly, Coralogix's AI observability agent, and explained why it is designed as an agent rather than a simple assistant. We discussed how Olly can autonomously investigate issues across logs, metrics, traces, alerts, and dashboards, enabling anyone in the organization to ask questions in plain English and receive actionable insights. From diagnosing a complex SQL injection attempt to surfacing downstream customer impact, Olly represents a move toward democratizing observability data far beyond engineering teams. Throughout our discussion, a clear theme emerged. When technical health is directly tied to business health, observability stops being a cost center and becomes a competitive advantage. By giving autonomous engineering teams visibility into real-world impact, organizations can make faster, better decisions, foster innovation, and avoid the blind spots that have cost even well-known brands millions. So if observability still feels like a necessary expense rather than a growth driver in your organization, what would change if every technical signal could be translated into a clear business impact, and who would make better decisions if they could finally see that connection? Useful LInks Connect with Chris Cooney Learn more about Coralogix Follow on LinkedIn Thanks to our sponsors, Alcor, for supporting the show.

What does real AI transformation look like when leaders stop chasing prototypes and start demanding outcomes they can actually measure? That question sat at the center of my conversation with Alex Cross, Chief Technology Officer for EMEA at CI&T, alongside Melissa Smith, as we unpacked why so many organizations feel stuck between AI ambition and business reality. There is no shortage of excitement around AI, but there is growing skepticism too, especially from leadership teams who have seen pilots come and go without clear return. This episode focuses on how CI&T is addressing that gap head on. Alex shared how CI&T frames its work as AI-enabled transformation rather than simply layering AI tools onto existing processes. The distinction matters.  Instead of using AI to speed up broken workflows, CI&T reshapes how work gets done so AI becomes part of value creation itself. We explored a standout example from ITAU, the largest bank in Latin America, where deep modernization work helped deliver gains that most executives only ever see in strategy decks.  Productivity rose sharply, digital launch cycles collapsed from years to months, customer satisfaction jumped, and the commercial impact reached hundreds of millions in uplift. These are the kinds of results that change boardroom conversations. A big part of how CI&T gets there is its proprietary Flow platform. Alex explained how Flow gives clients a day-one AI environment, removing the heavy upfront cost and complexity that often slows momentum. Instead of spending months building platforms before any value appears, teams can move from proof of concept to production in as little as six to eight weeks. Flow also plays a second role that many AI programs miss, acting as a measurement layer so performance, efficiency, and ROI are visible rather than assumed. We also talked about why partnerships matter when execution is the goal. CI&T works closely with hyperscalers like AWS and Databricks, combining native tools with its own codified expertise. That combination has helped the company achieve an unusually high success rate in bringing AI initiatives to production, a challenge many organizations still struggle with. For Alex, the difference comes down to a relentless focus on production readiness and collaboration between business and technology teams from day one. Looking ahead, the conversation turned to CI&T's expansion across EMEA and what the company's 30th year represents. Rather than chasing every new trend, the focus is on productizing services around real client problems, whether that is legacy modernization, efficiency, or growth. The goal is to bridge strategy and execution in a way that feels practical, fast, and accountable. If you are leading AI initiatives and wondering why progress feels slower than the hype suggests, this episode offers a grounded perspective from the front lines. So, as organizations head into another year of bold AI plans, the real question becomes this. Are you building faster caterpillars, or are you ready to do the harder work required to turn ambition into something that can truly scale? Useful Links Connect with Alex Cross Connect With Melissa Smith Learn more about CI&T Follow CI&T on LinkedIn and YouTube Thanks to our sponsors, Alcor, for supporting the show.