Chasing Entropy Podcast by 1Password

In this insightful episode of Chasing Entropy, host Dave Lewis welcomes cybersecurity veteran Allison Miller to explore the intersections of fraud, risk, complexity, and AI in the ever-evolving digital landscape.Allison brings two decades of experience spanning enterprise cybersecurity, anti-fraud, and advanced product risk. From traditional financial institutions to cloud-native startups, her work bridges how technology enables connection—and how those same systems can be exploited.She shares her early fascination with communication networks, her journey through IRC, payphone hacks, and digital commerce, and how those formative experiences shaped her career.Key Topics CoveredChasing Risk and ComplexityFraud as a window into system weaknesses — Allison explains why fraud fascinates her: it’s about understanding how things can go wrong even when the code is working as designed.She discusses how payment systems, platform identity abuse, and communication channels become targets precisely where their value lies.The Role of AI in CybersecurityAI as a detection tool: Building on her background in detection technologies, Allison sees AI as the next step in a lineage of data-driven defenses.Three key AI applications:→ Detection→ Investigation assistance→ Automation in Security Operations Centers (SOCs)CISO responsibilities: While AI governance is still evolving, Allison highlights parallels with AppSec and suggests that product risk programs must incorporate AI security and safety.Agentic AI and emerging risks: She warns that autonomous agents, while powerful, introduce new layers of system complexity that require holistic monitoring—simple components can combine into chaotic behaviors.Future of Cybersecurity LeadershipCloud, mobile, and multi-cloud continue to challenge traditional security models, requiring CISO teams to expand their skills and embrace innovation.CISOs are now “chasing complexity” as much as they’re defending against it.Advice for Aspiring Cybersecurity ProfessionalsFollow your curiosity rather than a linear career path.Focus on interesting problems—your unique perspective will create opportunities.Embrace networking and open conversations to accelerate learning and growth.Quote of the Episode:"Follow your curiosity. You can bring your interests into almost any job description—and that's where real opportunity lies." — Allison MillerTune in to this episode for a candid discussion that peels back the layers of how risk, fraud, and AI are shaping the cybersecurity front lines.Subscribe to the Chasing Entropy Podcast for more real talk with the minds driving cybersecurity forward.LinkedIn: Allison Miller, Founder & Principal, Cartomancy LabsWebsite: Cartomancy LabsNewsletter: Futurecast

In this episode of Chasing Entropy, I sit down with cybersecurity trailblazer Wendy Nather for an honest, insightful, and occasionally hilarious conversation that spans career origin stories, hammer metaphors, and how empathy is the secret weapon of modern security leadership.From Swiss Banks to StrategyWendy Nather’s journey into cybersecurity is anything but conventional. From wrangling Unix systems at a Swiss bank to being unexpectedly appointed head of EMEA security, her career has been a series of “say yes and figure it out later” moments. Her creation of the security strategist role at Duo (where she helped bring Dave onboard) laid the groundwork for today’s Advisory CISO model—distinct from field CISOs and rooted in trust-building and strategic influence.Understanding the Security Poverty LineWendy unpacks her now-famous concept of the “security poverty line,” a lens for understanding how underfunded, understaffed organizations struggle to meet industry best practices. It's a call to move beyond judgment and toward practical empathy—especially when small businesses with outdated gear and little budget become backdoor vulnerabilities in the broader digital ecosystem.The Human Side of CybersecurityThe conversation dives deep into the need for empathy, especially at the CISO level. Wendy argues that real leadership in security isn’t about technical perfection—it’s about understanding people, building influence, and leading with compassion. For those just entering the field, she reminds listeners that many roles in cybersecurity today didn’t even exist a decade ago, and that we’re all still “making this up as we go.”Agentic AI, Zero Trust, and a SpoonThe pair also reflect on the rise of agentic AI and its implications for zero trust architectures. Wendy challenges the assumption that AI introduces completely new risks, suggesting instead that it’s a matter of awareness, contract transparency, and figuring things out as a community. She also revisits her “spoon” analogy from past keynotes: good security design should be as intuitive as using a spoon—hard to mess up, universally usable.Final ThoughtsWendy closes with advice for veterans and newcomers alike: surround yourself with peers you trust, keep learning, and don’t buy into gatekeeping myths that overvalue technical credentials. What really matters is adaptability, collaboration, and understanding the bigger picture.Subscribe to Chasing Entropy on your favourite podcast platform and join us next time as we continue to unravel the systems and stories shaping cybersecurity.

In this episode of Chasing Entropy, host Dave Lewis, Global Advisory CISO at 1Password, sits down with Adrian Sanabria—Principal Researcher at the Defenders Initiative and founder of Destroyed by Breach—for a wide-ranging and candid conversation about the challenges, myths, and future of cybersecurity.From Help Desk to Hacking the NarrativeAdrian shares his unconventional journey into the cybersecurity world, tracing it back to retail tech support and internet help desk gigs where he developed resilience, empathy, and a knack for communication. He talks about how early experiences handling confused customers over phone lines laid the groundwork for a career in community engagement, public speaking, and eventually running B-Sides Knoxville.Debunking Security MythsAdrian doesn’t pull punches. From phishing simulations and forced password resets to the overhyped impact of breaches, he challenges many “best practices” that persist in cybersecurity. He notes that while the industry once operated on instinct and guesswork, we now have decades of actionable data—but still struggle to act on it meaningfully.“Less than 100 CVEs each year actually matter. Out of tens of thousands.” – Adrian SanabriaAgentic AI, Shadow IT, and the Next FrontierThe conversation turns to emerging threats and opportunities, particularly around Agentic AI and open-source vulnerabilities. Adrian warns that while companies rush to adopt automation and AI tools, they’re often ignoring foundational problems—like identity management and shadow IT—that have plagued organizations for decades.Policy, Priorities, and the Security Industry’s Missed OpportunityBoth Dave and Adrian agree: governments are stepping in with cybersecurity policies because the security industry has failed to manage its own narrative. Marketing budgets, FUD, and vendor agendas have diluted the voice of practitioners. The episode urges listeners to advocate for more grounded, evidence-based conversations in the field.What’s Next and What Matters MostAs AI hype barrels forward, Adrian sees it as both a distraction and an opportunity. “It’s useful tech,” he says, “but we’re not using it wisely.” Instead of slow, GPU-hungry processes, he calls for smarter automation and attention to patterns that really matter.He also reflects on his own growth: learning to play to strengths, managing ADHD, and finding fulfilling work that delivers real feedback.Final Advice for Aspiring Cybersecurity folks“Stop trying to be good at everything. Find what you’re already good at, and build on that.”Adrian closes with advice that’s equal parts practical and personal, encouraging newcomers to the field to be self-aware, adaptable, and unafraid to seek help—be it professional diagnosis or community mentorship.Listen & SubscribeWherever you get your podcasts. Like, subscribe, all that sort of jazz, and stay tuned for next week’s episode of Chasing Entropy.

Matt Johansen, a cybersecurity thought leader and founder of Vulnerable U, dives into his remarkable journey from a student's church pew to a leading voice in cybersecurity. He shares the pivotal moments that sparked his career through networking and mentors. Matt discusses the stark contrasts between agile startup environments and rigid corporate structures, highlighting challenges like shadow IT. With a passionate focus on mental health, he advocates for systemic changes to combat burnout and critiques the 'superhero culture' pervasive in the field.

Runa Sandvik, founder of security consulting firm Granite and a keen advocate for cybersecurity in high-risk spaces, joins the conversation. She shares her journey from hacking in Oslo to enhancing security at The New York Times, notably launching a whistleblower tip line. Runa discusses how cybersecurity pros can better support journalists through strong relationships and highlights critical initiatives. In a surprising twist, she reveals her research on hacking smart rifles, exposing alarming vulnerabilities. This conversation is a must-listen for anyone interested in digital security!

Rich Mogull, SVP of Cloud Security at Firemon and CEO of Securosis, shares his unique journey from being a paramedic to a cybersecurity expert. He discusses how lessons from managing physical disasters, like hurricanes, can enhance IT security incident response. The conversation digs into the concept of Black Swan events—unexpected crises that demand resilient strategies. Rich also emphasizes the value of early career opportunities and mentorship, urging cybersecurity professionals to cultivate adaptable, proactive responses to emerging threats.

Jennifer Leggio, a cybersecurity strategist and community builder, shares her journey from COO to Chief Strategy Officer, emphasizing that passion trumps titles. She discusses the origins of the Security Twits community on Twitter and the dangers of shadow IT in organizations. Communication is key in cybersecurity—responsible disclosure can prevent crises. Leggio also underscores the need to learn from past lessons, like patching and password hygiene, while encouraging newcomers to seek mentors and explore their passions for a fulfilling career.