Posts

Showing posts from April, 2026

Adaptive Security Leadership in an Expanding Threat Surface

Image
Last week I joined fellow security leaders at  CISO Inspire Summit North  for a panel discussion on  The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond . It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation and distributed ways of working have all expanded the attack surface in ways that traditional control models often struggle to keep pace with. One theme I returned to during the discussion was that many cyber risks are not new. They are often familiar control failures appearing at greater scale and speed. That matters, because it shifts the focus from chasing every emerging technology risk to strengthening fundamentals. Security fundamentals still matter most Identity, ownership, visibility and resilience remain foundational. As organisations scale, risk often hides where ownership is ...

AI Agents, Security Culture and a Conversation at Abbey Road Studios

Image
I recently joined a panel at the iconic Abbey Road Studios to discuss a provocative theme: Your AI agent doesn’t care about your security culture.  HotTopics Studio: Abbey Road Studios Event It captures an important truth. AI will often scale the quality of the environment it is given, whether that environment is built on strong governance and effective controls, or weak assumptions and poor oversight. One of the themes explored was accountability. As organisations move from experimenting with AI to operationalising it, the challenge is not only what AI can do, but who governs it, how outcomes are verified, and how control effectiveness keeps pace. My own takeaway was simple: AI does not compensate for weak controls. It can amplify them. A fitting discussion in an iconic setting.