In a digital world, where every click, swipe, and keystroke opens doors to endless possibilities, cybersecurity is your lifeline.
New developments hit cyberspace daily, making it difficult to differentiate between the good guys and the bad guys. Companies and average users alike want ways to safeguard their sensitive information from those using these innovations for ulterior motives.
The best way to prepare is to learn from the experts.
I interviewed G2’s very own VP of Security Market Research, Chase Cunningham, to discuss all things cybersecurity and the future of the digital universe. Chase talks about what his first job taught him, how he lowkey became a cybersecurity industry celebrity, and why he thinks companies are looking at AI all wrong.
To watch the full interview, check out the video below:
This interview is part of G2’s Professional Spotlight series. For more content like this, subscribe to G2 Tea, a newsletter with SaaS-y news and entertainment.
Warm-up questions
What’s your favorite beverage? I'm a big coffee fan snob. I probably drink way too much Death Wish Coffee.
When do you enjoy it? On the deck behind the house in the mornings when no one's awake. I live in the country, so it's just me, the deer, the turkeys, and coffee, and life is good.
What was your first job? My very first job was hauling bales of hay for my dad on our ranch. I made a whopping 10 cents a bale. So, if I moved 500 hay bales, I made $50. It was a real learning experience in economic value.
What are some of your best time management hacks? I think the biggest one is just owning your calendar and making sure you've got time dedicated to the things that matter outside of specifically sitting at your desk doing your job. It's just as important to be a whole person as it is to do the work.
What’s your favorite software in your current tech stack? I'm a big fan of Grammarly for writing. I can always use help with my grammar.
Deep dives with Chase Cunningham
Alexandra Vazquez: I’d love to learn a bit more about your history. You’ve worked with a host of government agencies like the CIA and the FBI. What did those experiences teach you about cybersecurity, and how did it lead you to G2?
Chase Cunningham: I'm retired military, and in my military and government career, I got to work with a bunch of three-letter agencies. The biggest thing that I learned there was that the systems that we use are so interconnected. Nothing, no matter how well it's architected, is unhackable.
I wound up at G2 from a friend who referred me to the company. I've been a fan of G2 for a while because I've always thought it was really valuable to get data and insights for software. As somebody who does analysis and market research on software, it was great to get collective insight into what things were of value and where people were having problems.
You have a bit of a reputation in the cybersecurity industry as Dr. Zero Trust. This came from your creation of the Zero Trust Extended Framework. Tell us more about the framework and your journey to creating it.
When I was at Forrester Research, we were working to try and figure out how to map the vendor space into the strategic value of a zero trust model. To do that, we looked at it from a real academic perspective.
One great thing in academic contexts is having a framework to work people's brains off of to solve big problems. We spent quite a bit of time mapping zero-trust solutions into strategies. That hit the market in a really good way. People started to see that there was value there.
You use your podcast, Dr. Zero Trust, to inform listeners about the most applicable and current cybersecurity insights. Could you share what’s top of mind in the cybersecurity industry right now?
I think everyone's really engaged in trying to figure out AI, and I still use the term AI loosely because it's not AI – it's machine learning. They're trying to figure out how it applies in context; you're seeing adversaries dial in on how to use it, and you're seeing good guys dial in on it. It will continue to be an issue we face for the next few years.
There's no easy solution to it as it stands currently. But it definitely fits into the problems we need to solve in the space. I think that will be the hot ticket item for the next two years.
A lot of companies are holding AI as a business priority these days. How can organizations use artificial intelligence and machine learning to enhance their cybersecurity defenses?
I think the biggest thing is knowing what those systems are really good at. It shouldn't be called AI because people think it will just magically do things by itself. That's not how these things work: their algorithms, products, engines.
To understand that, you need to have really good data. In any system where you're trying to do automation or analytics, you need to have good data.
That's where they really should focus when using these types of systems for cyber. Then, let the systems help you get insight from information. Don't just think you can throw everything at it and magically sprinkle some AI dust on it.
How do you envision the evolution of cyber threats in the next 5-10 years, and what should organizations prepare for?
The problem and the benefit of any solution or technology is that it can be used for different purposes. So AI, for example, is a double-edged sword. The good guys are using it just like the adversaries are using it. It will continue to fuel the different methodologies and tactics organizations have to deal with. If you're not paying attention to it, you must get familiar with it because it will keep coming at you.
More than your average newsletter.
Every Thursday, we spill hot takes, insider knowledge, and news recaps straight to your inbox. Subscribe here
On the threat side, we will see the continuation of the democratization of threat vectors and tactics. This will only make the spread and sprawl of cyber threat vectors more applicable. So it's not going to be easy days. The speed and scale of this stuff will get really big, really fast. Organizations are going to have to be prepared for that.
The good thing is that you can flip that model on its head and also use some of those same tactics, techniques, and procedures to make your security posture better overall.
In celebration of Cybersecurity Awareness Month, I’d love to close with some important takeaways for the viewers. Which initiatives and strategies can improve cybersecurity awareness and education among companies, employees, and average users?
The most important thing is to understand that the basics are key to having a good foundation in cyber. Don't go looking for the magic button that you push, and all of a sudden, all your woes are gone, and you'll never be breached or compromised.
The reality of operating in the digital space means that the likelihood of compromise is basically always there. Care for the low-hanging fruit because you don't want to be an easy target.
Cyber is not an area where the rising tide lifts all ships. This is about ensuring your organization is protected as best as possible. You've got to make sure that you have a good understanding of what the bad guys are using to go after you.
Check out our full conversation on YouTube.
Follow Chase Cunningham on Linkedin to learn more about cybersecurity and online safety.