3556: How Illumio Is Helping Leaders Rethink Cybersecurity for a World Where Attacks Keep Happening

Jan 16, 2026

In this engaging discussion, Raghu Nandakumara, VP of Industry Strategy at Illumio, sheds light on the urgent need for organizations to rethink their approach to cybersecurity. He argues against the outdated mindset of prevention-only strategies, emphasizing that risk reduction is the true measure of success. Raghu also tackles the real gaps attackers exploit, such as misconfigurations and outdated processes, while highlighting the importance of incident preparedness. He advocates for a shift towards proactive containment and the necessity of embedding zero trust principles deeply into organizational culture.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Measure Risk Reduction, Not Guarantees

Zero probability of stopping every attack is impossible so measure risk reduction instead.
Raghu Nandakumara says quantify cyber risk and judge controls by how much they reduce that risk.

INSIGHT

From Prevention To Resilience And Containment

Organisations are shifting from prevention-first to cyber resilience and containment.
Raghu Nandakumara explains resilience accepts attacks will happen and focuses on limiting impact and maintaining operations.

INSIGHT

Attackers Feast On Unfixed Fundamentals

Attackers keep succeeding using simple paths because many organisations haven't fixed basics.
Raghu Nandakumara points to tooling gaps, outdated processes, and a blocked talent pipeline as root causes.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

What happens when we finally admit that stopping every cyberattack was never realistic in the first place?

That is the thread running through this conversation, recorded at the start of the year when reflection tends to be more honest and the noise dial is turned down a little. I was joined by returning guest Raghu Nandakumara from Illumio, nearly three years after our last discussion, to pick up a question that has aged far too well. How do organizations talk about cybersecurity value when breaches keep happening anyway?

This episode is less about shiny tools and more about uncomfortable truths. We spend time unpacking why security teams still struggle to show value, why prevention-only thinking keeps setting leaders up for disappointment, and why the conversation is slowly shifting toward resilience and containment. Raghu is refreshingly direct on why reducing cyber risk, rather than chasing impossible guarantees, is the only metric that really holds up under boardroom scrutiny.

We also talk about the strange contradiction playing out across industries. Attackers are often using familiar paths like misconfigurations, excessive permissions, and missing patches, yet many organizations still fail to close those gaps. The issue, as Raghu explains, is rarely a lack of tools. It is usually fragmented coverage, outdated processes, and a talent pipeline that blocks capable people from entering the field while claiming there is a skills shortage.

One of the most practical parts of this conversation centers on mindset. Instead of asking whether an attacker got in, Raghu argues that leaders should be asking how far they were able to go once inside. That shift alone changes how success is measured, how teams prepare for incidents, and how pressure-filled P1 moments are handled when boards want answers every fifteen minutes.

We also touch on how legal action, public claims campaigns, and customer lawsuits are changing the stakes after a breach, forcing executives to rethink how they frame cyber investment. From there, Raghu shares how Illumio has been working with Microsoft to strengthen internal resilience at massive scale, and why visibility and segmentation are becoming harder to ignore.

This is a conversation about realism, responsibility, and growing up as an industry. If cybersecurity is really about safety and not slogans, what would you want your organization to stop saying, and what would you rather hear instead?

Please feel free to upload the podcast. Here are also the links we discussed on the call:

Useful Links

Thanks to our sponsors, Alcor, for supporting the show.