Heavy Strategy

Your next security teammate might not be a traditional hire — it could be a Digital Security Teammate (DST),” says Secure.com CEO Uzair Gadit. In this sponsored episode, Uzair explains the concept of a DST and how it differs from an AI SOC. He highlights the operational and business benefits of deploying DST, including improved... Read more »

As you wind down 2025, what should you be planning to do for 2026? The Heavy Strategy team breaks it down for you with eight resolutions for the new year. From setting an AI strategy to cloud optimization, Johna and John can help you enter the new year prepared for what’s next. Other resolutions include... Read more »

Anand Oswal, Executive Vice President at Palo Alto Networks, joins Johna Johnson and John Burke for a wide-ranging exploration of two emerging focal points of enterprise risk: cryptographically relevant quantum computing, and browser-mediated agentic AI. The looming arrival of quantum computers that can break legacy encryption has already created the threat of “harvest now, decrypt... Read more »

The discussion dives into existential threats that could potentially cripple organizations. Concepts like 'bricking the company' and real-world examples, including Travelex and Codespaces, highlight the stakes involved. Insights on how to assess vulnerabilities and the implications of supply-chain risks provide crucial knowledge. The hosts emphasize the importance of framing these risks effectively for senior leadership, recommending concise communication and practical exercises to enhance awareness. The role of AI in amplifying threats is also thoughtfully examined.

Environmental, Social, Governance (ESG) initiatives aren’t just “the right thing to do”, they can also save companies real dollars, particularly if they’re investing in data centers and other infrastructure. Join Jonathan Ciccio, Continuous Improvement Manager for The Siemon Company, as we discuss The Siemon Company’s ESG initiatives. The Siemon Company has been in business for... Read more »

Dive into the complex world of nth-party risks and how they ripple through modern supply chains. Discover the implications of recent Salesforce breaches and the rise of agentic AI in managing these hidden dangers. The conversation reveals the need for blockchain as a solution for tracking software changes and ensuring accountability. Explore the challenges of standards and the role of government procurement in driving adoption. The hosts debate the balance between speed and responsible risk management in the face of evolving technology.

In this engaging discussion, hosts explore the pitfalls of linking cybersecurity budgets to IT spending, revealing why this approach is flawed. They highlight human complacency and the need for a fresh perspective on security in a world without clear network perimeters. By recommending a spend-per-employee model, they emphasize the importance of identifying what truly matters to an organization. The conversation also delves into the complexities of AI and third-party risks, urging listeners to modernize their risk assessment strategies.

Exploring when to insource or outsource IT functions, the hosts stress the need for organizations to reassess sourcing strategies during shifts in the economy or technology. They discuss the sacrifices made when outsourcing, including loss of control. Key drivers like demographics and cloud economics are analyzed. There's a spotlight on the importance of aligning IT with HR and determining the true purpose behind moving workloads. The discussion also touches on the risks of inaction and the delicate balance between swift transitions and comprehensive planning.

Sandy Miller, a pseudonymous CIO, shares her insights on identifying toxic IT work environments. She highlights five signs of an abusive IT relationship, including the dreaded 'Sunday scaries' and stalled promotions. Sandy shares personal experiences of fear and distrust stemming from manipulation of information and siloed cultures. The discussion dives into recognizing hostile workplaces, the impact of bad leadership versus toxic company intentions, and the importance of aligning personal values with corporate missions. A candid exploration of workplace dynamics!

Network-as-a-Service (NaaS) promises enterprises the ability to set up and configure connectivity and network security with a couple of clicks. But for NaaS to truly transform enterprise networking, one thing has been missing: standards. Enter Mplify (formerly the Metro Ethernet Forum), a non-profit focused on standardizing NaaS service definitions. Mplify’s CTO, Pascal Menezes, joins Johna... Read more »