Cultivating Security
Cultivating Security
Publishing Details
Contact & Outreach
About This Podcast
Podcasting 2.0 Features
Explore Statistics
Recent Episodes
Week 12: Incident Response Is Half Politics
You’ve planned for incidents. You have a documented incident response plan. You’ve done tabletop exercises. Your team knows their roles. You have runbooks for common scenarios. Then an actual…
Week 11: When ‘Best Practices’ Don’t Apply
Every security framework, every certification course, every vendor white paper tells you what you should do. Implement least privilege. Segment your network. Patch within 30 days. Enforce MFA…
Week 10: Compliance Is Not Security (But You Still Have to Care)
Every security person eventually has this realization: passing the audit doesn’t mean you’re secure. You can check every box in the compliance framework. You can get your SOC 2 certification. You…
Week 9: Reading the Room: What Your CISO Actually Cares About
If you’re trying to get security work done, you need to understand what your leadership cares about. And I mean actually cares about, not what they say in all-hands meetings or what’s in the security…
Week 8: Why Security Projects Fail (And It’s Usually Not Technical)
You’ve probably seen this: a security initiative that makes perfect technical sense, that addresses real risk, that has clear value—and it dies anyway. Not because the technology doesn’t work. Not…
Week 7: Reporting to IT: How to Build Security When You’re Not in Charge
A lot of security people find themselves in this position: you’re the security person, or the security team, reporting up through IT leadership that didn’t come up through security. Maybe your…
Week 6: Vendor Relationships Aren’t Partnerships (No Matter What the Sales Deck Says)
Every vendor will tell you they’re committed to security. They take it very seriously. They’re a trusted partner in your security journey. They understand your challenges and they’re here to…
Week 5: The Identity Sprawl Problem
Identity used to be simple. Users had accounts. Accounts had passwords. You managed them in Active Directory or LDAP. Authentication happened at the perimeter, and once you were inside, you were…
Why Chat-Based AI Tools Fail in Operational Security: Building Capability vs. Productivity
AI as Capability, Not Conversation: Why Chat-Based Tools Fail Operational Security Work In the last 18 months, every vendor has suddenly “integrated AI” into their products. Your SIEM has AI now.…
Week 4: The Logging and Visibility Problem No One Mentions
You probably think you can see more than you actually can. That’s not a criticism—it’s just how modern environments work. The assumptions we built our mental models on (servers you own, networks…
Week 3: Fort Knox Isn’t the Goal: Learning to Live with Imperfect Security
Here’s something nobody tells you when you’re starting out: your job is not to eliminate risk. I know that sounds wrong. You got into security because you care about protecting things. You see the…
Week 2: Understanding Your Environment Before You Try to Secure It
You can’t protect what you don’t know exists. That should be obvious. But based on how most security programs operate, it apparently isn’t. People want to jump straight to the interesting work.…
Week 1: Introduction: Foundations That Nobody Teaches
There’s a gap in how people learn security work. Not a small one. You can get certified six ways from Sunday. You can read every framework document NIST ever published. You can know the OWASP Top…
When Your Vendor Drops a Security Layer (And Doesn’t Tell You)
Back in November, there was a piece on KrebsOnSecurity about the Cloudflare outage — particularly companies that chose to bypass Cloudflare entirely to get their services back online. I wrote an…
Security Third: Why “Security First” Makes Organizations Less Secure
I heard something on a podcast the other day that’s been rattling around in my head ever since. The hosts were talking about Mike Rowe’s “Safety Third” concept — the idea that safety matters, sure,…
The Marquis Breach: What Happens When Your Vendor’s Security is Worse Than You Think
I was winding down my workday last week when one of my analysts posted a link in our team chat—another BleepingComputer article about a data breach. This one was different, though. Marquis Software…
Willful Ignorance as a Security Vulnerability
Saturday evening. Long day of side projects and farm work. The corporate work week was done, but I’d been grinding through accounting, blog writing, development work—all the side-business stuff that…
Why Now? What 15 Years of Security Work Taught Me
Why I’m Writing This For the past few months, I’ve been writing more formal internal analysis pieces – breaking down incidents I see in threat intel feeds, public breach notifications, security…
Frequently Asked Questions
Cultivating Security has published 18 episodes since December 2025, covering topics in Business, Management.
Cultivating Security is currently highly active with new episodes weekly. Average episode length is 21m.
Sign up on Grep.FM to access contact details for Cultivating Security, including email and social media links.
Similar Podcasts
Big Technology Podcast
Alex Kantrowitz
534 episodes
Inside The Vault with Ash Cash
EYL Network
233 episodes
The McKinsey Podcast
McKinsey & Company
100 episodes
Marketing Trends
Mission
558 episodes
Future Ready Leadership With Jacob Morgan
Jacob Morgan
1,220 episodes
The Champion Forum Podcast with Jeff Hancher
Jeff Hancher
383 episodes