The Security Strategist

As firms increasingly adopt autonomous AI, a key assumption in cybersecurity seems to be disappearing – data security can be understood through static maps.
In the recent episode of The Security Strategist Podcast, Abhi Sharma, Co-Founder and CEO of Relyance, speaks to Host Richard Stiennon, Chief Research Analyst at IT-Harvest.
Sharma tells Stiennon that most security tools are still built for a world before AI. In that world, data stays still long enough to be scanned, categorised, and managed. AI changes this model.
“We’re in the middle of a tectonic shift,” Sharma said. “For the first time, software behaviour is not just defined by the instructions you give it, but by the data in and around it.”
In modern AI systems, data is no longer just an asset. It becomes an instruction. The quality, frequency, distribution, and even the absence of data directly influence how models and agents function. This reality makes traditional security models dangerously incomplete.
“People are very good at answering what data they have and where it’s stored,” Sharma explained. “But they can’t answer how it got there or what happened along the way.” He argues that this missing context is where AI risk now resides.
Agentic AI Turns Data Movement Into Real Security Risk
The issue becomes critical with agentic and autonomous AI workflows. Here, decision-making is not based on fixed code but on a large language model operating in real-time.
“In these systems, your control logic is an LLM,” Sharma said. “It’s a black box.”
To complete tasks, AI agents must access tools, look at past decisions, copy production data, and dynamically manage infrastructure. In doing so, they create what Sharma calls ephemeral infrastructure—temporary environments that may exist for minutes and disappear without a trace.
For example, an agent working to improve cloud costs might create a high-performance database cluster, copy sensitive logs into a staging area, analyse them, and shut everything down in under 20 minutes.
“But in that process,” Sharma warned, “a default Terraform script might leave four S3 buckets open to the internet.” Traditional security scans, which often run every 24 hours, would never catch this.
“You don’t even know this little circus happened while you were asleep,” he said. “But it created a new risk.”
This is why Sharma believes that breaches in the AI era are no longer failures of data at rest but failures of data flow. Attackers don’t target identities or tools in isolation; they target outcomes—especially the theft or destruction of data. Those outcomes occur through movement over time.
Data Journey Solution for Responsible AI
Despite the widespread use of DSPM, DLP, IAM, AI gateways, and governance platforms, Sharma sees the same pattern in the Fortune 500: security incidents continue not because the tools lack usefulness, but because they operate in silos.
“All of the real business impact,” he said, “comes down to flow.”
Relyance’s solution is what Sharma calls data journeys—a unified, time-aware view of how data moves across identities, tools, infrastructure, and persistent assets. “If you can consistently reason across all of those layers,” Sharma said, “you finally have a chance to protect data and enable safe, responsible AI.”
Looking ahead to 2026 and beyond, he predicts security, governance, and compliance will merge around this shared visibility. Organisations will move away from simple audits toward infrastructure that...

Cybersecurity has traditionally focused on strengthening corporate networks, cloud systems, and devices. However, in the recent episode of The Security Strategist podcast, Dr. Chris Pierson, Founder and CEO of BlackCloak, and host Richard Stiennon, Chief Research Analyst at IT-Harvest, argue that the most significant vulnerabilities are now outside the office perimeter.
As AI-driven attacks increase and cybercrime combines digital, physical, and reputational risks, executives and their close contacts have become prime targets. Protecting the business now involves protecting executives in their personal lives.
Broad Attack Surface: Private & Corporate Properties
Pierson points out that cybercriminals follow basic economic principles. Attacking a company that spends millions on security is costly and time-consuming. Instead, targeting an executive’s personal life—home networks, private emails, family devices—is cheaper, quicker, and often much more effective.
Executives work in various environments–primary homes, vacation properties, private jets, yachts, and remote offices equipped with smart home technology. Each of these locations broadens an attack surface that traditional corporate security programs rarely address. Home automation systems, private Wi-Fi networks, and personal email accounts have become part of the corporate risk landscape, regardless of whether organisations recognise this.
Pierson notes that taking over personal email accounts continues to be the number one attack method, especially for board members who often revert to personal accounts instead of using corporate options. Once attackers gain access, they can steal intellectual property, intercept financial transactions, or link back into the corporate network. The executive home, he states, is no longer just near the perimeter—it is the perimeter.
AI, Deepfakes, and the Rise of Targeted Impersonation
The discussion becomes even more pressing when addressing AI-enabled threats. Deepfakes, once a possibility, are now practical tools for fraud and extortion. Pierson spotlights a critical incident in early 2024, when a deepfake impersonation of a CFO allowed attackers to move tens of millions of dollars in one event.
AI has removed much of the background work attackers used to do. Public executive biographies, earnings calls, videos, and high-resolution images provide everything needed to imitate a voice or face. What used to take days to research can now happen in mere seconds. This leads to a rise in hyper-realistic business email scams, payment diversion schemes, and reputational attacks that make it hard to distinguish between truth and lies.
Beyond financial losses, the reputational and personal fallout can be significant. Family members can become collateral damage, private moments can turn into leverage, and the risks to physical safety rise when travel plans and locations become known. As Pierson stresses, digital and physical executive protection are now interconnected.
The podcast message relays–high-level threats require specialized defenses. BlackCloak’s strategy, which Pierson refers to as “Digital Executive Protection,” safeguards a small but vital group: board members, the C-suite, executive leaders, and key personnel like patent holders, system administrators, executive assistants, and chiefs of staff. These individuals hold essential information, and attackers are aware of this.
For security leaders, the question is no longer...

For decades, identity security relied on the assumption that identities are static, predictable, and mostly human. However, the growing scale and complexity of identities in the modern enterprise, as well as the increasing adoption of artificial intelligence has changed that perspective recently. With AI agents multiplying in enterprises, acting independently, appearing and disappearing, and using credentials, the foundations of identity and access management are being tested in ways many organisations are not ready for.
In the recent episode of The Security Strategist podcast, Raz Rotenberg, CEO and Co-Founder of Fabrix Security, sat down with host Richard Stiennon, Chief Research Analyst at IT Harvest.
“Everything we knew about identity is about to change,” Rotenberg cautioned Stiennon. “We’ve viewed identities as mostly static. But AI agents are dynamic. They can do various tasks, change their behaviour, vanish, and reappear. Static identity models won’t survive.”
The Unplanned Identity Explosion
Identity has always been complex, but the scale and variety of identities that security teams face today are unprecedented. Besides employees and contractors, organisations now deal with service accounts, cloud workloads, APIs, and increasingly, AI-driven agents that function on their own.
According to Rotenberg, the challenge isn't just the number of identities; it's their variability. “The number of ways identities can behave is infinite,” he explained. “Every organisation is unique, every system is distinct, and identities are now changing in real time.”
CISOs already see this explosion. Stiennon also noted during the podcast that AI is quickly becoming a major source of new identities, with agents being deployed widely and given credentials to operate at machine speed.
However, most identity programs still depend on static role-based models and periodic reviews, approaches that struggle to keep up with dynamic, non-human agents.
Multiple Identity Tools Can Lead to Hidden Risks
Despite a crowded identity security market with hundreds of vendors in IAM, PAM, IGA, and cloud identity, Rotenberg argues that the main issue is not a lack of tools.
“We’ve had identity tools for decades,” he said. “They do a good job of facilitating operations aimed at reducing risk. But they all miss the same point – they rely too much on the human factor.”
Each tool, he explained, only sees a part of the identity landscape. Identity providers handle authentication, PAM tools manage privileged access, and governance platforms oversee reviews. None provides a unified, real-time view of identity behaviours across systems.
The Fabrix CEO calls it “partial truth.” Security teams dealing with identity issues have to manually gather data from various platforms, piece it together, and make decisions with incomplete information.
“This leads to long review cycles, manual investigations, and over-provisioning by default,” he said. “Permissions get copied and duplicated because people don’t fully grasp who has access to what or why.”
This can often lead to unclear decisions, with the organisation handing out more permissions than fewer. Eventually, it creates sprawling identity landscapes filled with excessive privileges and risky combinations. In some cases, an individual might have...

Organisations continue to struggle with device management data and fragmented architectures while facing pressure from business and regulators. As the technology landscape changes, the integration of Internet of Things (IoT) devices with Operational Technology (OT) presents both exciting opportunities and significant security challenges. In a recent episode of the Security Strategist podcast, host Christopher Steffen, alongside Dr Juergen Kraemer, Chief Product Officer of Cumulocity, examines the complexities of securing IoT environments and the importance of resilient analytics and accountability.
Understanding the IoT-OT Disconnect
As time passes, the historical divide between IT and OT persists. As highlighted by Dr Kraemer, the operational technology sector has traditionally prioritised physical safety and availability over data confidentiality. This disconnect has created a significant gap in security policies, leaving IoT devices vulnerable to exploitation. The conversation emphasises that as organisations connect these previously isolated systems to IT networks, they inadvertently expose themselves to new risks, demanding a reevaluation of security strategies.
Addressing Security Challenges
Dr Kraemer points out that securing data access is critical, especially for organisations that deploy IoT devices across multiple sites. For instance, managing security for an elevator company with installations worldwide presents unique challenges. Organisations must navigate various networks and ensure compliance with new legislative requirements, such as the Cyber Resilience Act and NIS2 directive. These regulations demand a structured approach to security that many legacy OT environments struggle to meet.
The Importance of Unified Data Management
As IoT solutions proliferate, organisations often find themselves managing a patchwork of legacy systems and newer platforms. Dr Kraemer advocates for a hybrid approach, suggesting businesses create a unified data plane that integrates new and old systems. This strategy allows organisations to maintain operational continuity while gradually transitioning to modern platforms, ultimately leading to enhanced innovation and efficiency.
Buy and Build Strategy
A significant takeaway from the podcast is the concept of “buy and build.” Instead of choosing between purchasing a platform or developing one in-house, organisations should leverage established platforms like Cumulocity while also building innovative applications tailored to their specific needs. This dual approach allows businesses to focus on high-value projects without getting bogged down by the complexities of underlying infrastructure.
The dialogue sheds light on the pressing need for organisations to adapt their cybersecurity strategies to accommodate the complexities of IoT and OT environments. By understanding the historical disconnect, addressing security challenges, and adopting a buy and build approach, enterprises can improve their cybersecurity posture and drive innovation in an increasingly interconnected world.
To find out more, visit https://www.cumulocity.com/
Takeaways
IoT devices are often treated as secondary in security policies.
The historical divide between IT and OT creates security challenges.
Organisations struggle with integrating legacy and modern IoT systems.
A buy-and-build strategy allows for...

Security leaders are rethinking how detection and response work in practice in 2026 owing to growing complexities in cybersecurity technology and the threat landscape.
On this episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, spoke with Daniel Martin, Director of Product Management at Rapid7. They discussed how modern Security Operations Centres (SOCs) are evolving, where AI truly adds value, and why outcomes—not features—should guide cybersecurity teams.
A recurring theme in their discussion was that while the threat landscape continues to evolve, many core challenges for SOCs remain unchanged. According to Martin, security teams still struggle with alert fatigue, lack of context, and the pressure to respond quickly—all while juggling increasingly complicated domains.
Organisations now require detection and response that is tailored to their specific environment, not generic threat models. Such a shift explains the rise of Managed Detection and Response (MDR) and the decline of one-size-fits-all managed security services. Customers want results, not noise, and they seek partners who understand their business context.
Martin says that this philosophy lies at the heart of Rapid7’s approach to Incident Command, its modern Security Information and Event Management (SIEM) offering. Instead of treating SIEM, Security Orchestration, Automation, and Response (SOAR), and threat intelligence as separate tools, Incident Command integrates them directly into the analyst workflow. The aim is to provide decision support in real-time—delivering relevant context, threat intelligence, and recommended actions exactly when needed, without making analysts switch between different systems.
Martin emphasised that a modern SIEM's success isn’t measured by the amount of data it can handle, but by how effectively it helps analysts make high-quality decisions quickly. Automation is important, but only if it’s applied thoughtfully. Deterministic automation, which includes actions that are predictable, auditable, and repeatable, remains vital for security operations. AI is most useful when it aids reasoning, summarisation, and prioritisation instead of completely replacing human judgment.
“There’s a lot of excitement around autonomous security,” Martin noted, “but chaining unpredictable decisions together is not something customers can trust.” Instead, Rapid7 focuses on using AI to assist analysts at specific moments in an investigation, such as summarising activity, adding context to alerts, or helping decide if more data collection is needed.
Also Watch: Is Your Attack Surface a Swiss Cheese? Solving Attack Surface Management (ASM) Challenges
“Customer Zero” Approach
A key aspect of Rapid7’s product development is its “customer zero” approach. By running its own global MDR SOC, Rapid7 continuously incorporates real analyst feedback into product design. Martin shared that an early mistake was putting AI-driven insights in a separate interface to avoid disrupting workflows; this was quickly corrected after analysts indicated they wouldn’t leave their main view to check a secondary opinion. The lesson was clear: if context matters, it must be available...