Chasing Entropy Podcast by 1Password

In this episode of the Chasing Entropy Podcast, host Dave Lewis, Global Advisory CISO at 1Password, sits down with Rob Fuller (a.k.a. Mubix), cybersecurity leader, Marine Corps veteran, red teamer, and technical advisor—to explore the twists, turns, and lessons from a career built at the intersection of curiosity, community, and defense.Early Sparks of CuriosityRob shares how tinkering with Game Genie and GameShark consoles in his youth planted the seeds of hacking and cybersecurity. From experimenting with memory manipulation in video games to dabbling in early online communities, his fascination with technology was clear—even if he didn’t yet have a name for it.The Marine Corps and Grounding in RealityHis journey took a pivotal turn in the U.S. Marine Corps, where Rob shifted into IT and found his calling at the Marine Corps CERT. There, he confronted threats at a national scale, battling nation-state adversaries and learning the importance of context, failure, and resilience. The high-stakes environment taught him perspective—what truly counts as critical versus what’s just noise.Red Teams, Purple Teams, and the Role of AIRob dives into his philosophy on red vs. purple teaming, how organizations misstep in their security approaches, and where AI fits into the equation. While AI can accelerate tasks like data analysis and content generation, he stresses that human judgment remains essential, particularly when weighing real-world risk.Maturity in Vulnerability Disclosure ProgramsRob outlines the evolution of Vulnerability Disclosure Programs (VDPs)—from a simple security@company.com email, to structured bug bounties, to advanced maturity where vulnerabilities are ballooned out, templated, and continuously scanned across entire infrastructures. Tools like Nuclei earn his praise as underrated game-changers in scaling this process.What’s Overrated, What’s UnderratedWhen asked about overrated tools, Rob jokingly points to Splunk, acknowledging it as a powerful log platform but often overhyped without the right people and processes behind it. In contrast, he champions Nuclei for its ability to empower teams with scalable, reusable vulnerability detection.Leadership, Curiosity, and MentorshipFor those entering cybersecurity, Rob emphasizes starting the leadership journey early—seeking credentials, mentorship, and experience beyond being just a technical contributor. For senior leaders, he advises fostering curiosity and root cause analysis across teams, and creating spaces for “show and tells” where junior staff can share passion projects that might blossom into innovative enterprise-wide solutions.Silicon Valley and BeyondRob also reflects on his experience as a technical advisor for HBO’s Silicon Valley, ensuring cybersecurity accuracy behind the scenes. From late-night calls to writer’s room debates, the role gave him a chance to influence how hacking and security were portrayed to millions of viewers—an opportunity to shift the narrative away from the usual Hollywood myths.Listen to the full conversation for Rob’s insights on community, resilience, and the underrated value of curiosity in shaping the future of cybersecurity.Don’t forget to like & subscribe to the Chasing Entropy Podcast wherever you get your podcasts.

In this episode of Chasing Entropy, Dave Lewis sits down with longtime friend and industry veteran Bill Brenner, Senior VP and Head of Content at Cyber Risk Alliance. Bill has been shaping the cybersecurity narrative for over two decades, from his early reporting days at TechTarget to his leadership roles at Akamai, Sophos, IANS, and now Cyber Risk Alliance.From Newsrooms to CybersecurityBill shares how his career began in traditional journalism, with a pivotal moment after 9/11 pushing him toward B2B reporting. A role at SearchSecurity marked his entry into cybersecurity, where he quickly established himself as a respected interviewer, writer, and—eventually—a storyteller within the security community.The OCD Diaries & Mental Health AdvocacyA major part of Bill’s journey has been his candid writing in The OCD Diaries, a personal blog turned community resource. What started as a therapeutic exercise evolved into a touchstone for many in security facing similar struggles. Today, Bill continues that advocacy through his work with CyberMinds, developing tools and resources to support the mental health of cyber defenders, who often face burnout, PTSD-like stress, and relentless alert fatigue.Storytelling, Security, and LeadershipReflecting on his time at Akamai, Bill discusses how being embedded in a security team during the Heartbleed and Shellshock era shaped his understanding of communication, trust, and leadership. He and Dave revisit their collaboration on reports, vulnerability advisories, and how content can influence both internal teams and the wider industry.AI, Content, and the Human ElementBill and Dave dive into the current disruption caused by artificial intelligence. While many companies mistakenly see AI as a replacement for people, Bill argues it must be used as an enhancer—freeing humans from repetitive tasks while preserving creativity, critical thinking, and authenticity. His own work at Cyber Risk Alliance now includes experimenting with AI to streamline workflows without losing the human voice.Looking AheadBill emphasizes the importance of resilience, humility, and staying focused on the human side of security. Whether through mental health advocacy, building stronger content strategies, or mentoring the next generation, his mission remains clear: tell stories that matter and help the community thrive in an increasingly chaotic digital world.👉 Where to find Bill:The OCD Diaries (archived blog with evergreen posts)Bill on LinkedIn (active writing and insights)SC Media / SC World (ongoing journalism and leadership work)

In this episode of the Chasing Entropy Podcast, host Dave Lewis welcomes industry analyst and long-time cybersecurity veteran Fernando Montenegro for a far-ranging and refreshingly honest discussion about the evolution of security, the realities of AI, and the human stories that shape our digital defenses.Fernando shares his origin story from math and fractals in Brazil to cryptography and bulletin boards, and ultimately to a career that has spanned consulting, sales engineering, and now research and analysis. Along the way, he highlights the importance of community spaces like TASK (Toronto Area Security Klatsch) and B-Sides as pivotal launchpads for industry newcomers.The conversation dives deep into artificial intelligence and its nuanced role in cybersecurity:Security for AI: Helping organizations safely adopt AI tools.AI for Security: Using AI to enhance defense mechanisms.Security against AI: Preparing for AI-augmented attacks and fraud.Fernando advocates for viewing AI through an economic and socio-technical lens rather than blindly trusting in its promise. As both he and Dave agree, AI isn't magic—it's math. It can augment work, but replacing human judgment, strategy, and contextual understanding is far from reality.They also touch on the dangers of layoffs fueled by AI hype, calling out examples like Klarna’s public misstep, and drawing parallels to earlier cloud-related downsizing miscalculations. Both stress the importance of understanding what workers actually do before trying to replace them with automation.As the episode wraps, Fernando delivers sage advice for those entering or pivoting into cybersecurity:Leverage your prior experience, whether from hospitality or marketing, it has value.Seek mentorship from peers 2–5 years ahead of you for tactical guidance.Don’t be discouraged by gatekeeping; curiosity and kindness go a long way in this relationship-driven field.Whether you're a seasoned professional or just getting started, this episode is a candid reminder that cybersecurity is as much about people as it is about technology and that chasing entropy means embracing complexity, not avoiding it.

In this special "Summer Camp" edition of Chasing Entropy, Dave Lewis sits down with longtime friend and cyber risk veteran Jeffrey Wheatman. From their early DEF CON gooning days to leading board-level security conversations, Dave and Jeffrey explore how cybersecurity professionals navigate entropy—when systems unravel, and chaos creeps in.Jeffrey, a former VP at Gartner and now a cyber risk strategist, brings 30 years of experience to the mic. They dive deep into the human and organizational aspects of risk management, effective communication with executive leadership, and how the security industry can stop "solutioning" with tech and instead focus on solving real problems.Key Topics That We Covered:From Hardware Store to Cyber Risk Strategist: Jeffrey’s unconventional path into cybersecurity and early lessons learned about clarity, communication, and not working in retail.Tech for Tech’s Sake?: Why the obsession with new tools misses the point—and how reframing security in terms of solving business problems is the real game changer.Communicating with Boards: Strategies for helping CISOs resonate with executives, plus tips on improving board-level metrics and engagement.AI in Cybersecurity: Cautious optimism, practical concerns, and philosophical musings. Both Dave and Jeffrey agree: AI is no silver bullet. But with thoughtful integration and strong scenario planning, it can be a powerful partner—especially for edge cases and pattern recognition.Speaking to Your Audience: Whether you're in front of a board or a DEF CON hallway track, Jeffrey shares hard-won lessons about adjusting your message, avoiding condescension, and using metaphors that land.Memorable Quotes“Technology is created and put in place to solve problems. Full stop.” — Jeffrey Wheatman“Your execs care about three things: money in, money out, and who gets in trouble when stuff goes sideways.” — Jeffrey Wheatman“AI is overblown and underutilized—both are true.” — Dave LewisWhere to Find JeffreyLinkedIn: The only “Jeffrey Wheatman”Speaking soon at: SANS Security Awareness, ISACA GRC, Black Hat, and PDA PRISM ConferenceFun fact: At DEF CON, you’ll know him as “Mnkey.”Listen now, share widely, and join us again next week as we continue Chasing Entropy in a world full of chaos and credentials.Don’t forget to like, subscribe, and spread the entropy.

In this episode of the Chasing Entropy Podcast, I am joined by Singapore-based cybersecurity leader Emil Tan, a man who wears many hats and wears them well. From government defense to grassroots community building, Emil’s journey is a masterclass in adaptability, curiosity, and community spirit in cybersecurity.Who Is Emil Tan?Emil is a cybersecurity polymath: a national defense contributor at Booz Allen, founder of the Singapore-based community Division Zero (Div0), co-founder of the hacker conference SINCON, advisor to the startup RedAlpha, and active participant in the non-profit CREST. His career arc spans R&D, operations, policy, and education—with a consistent theme of learning by doing.A Non-Linear Path to ImpactEmil shares his unlikely journey into cybersecurity, which began not with elite academic scores but with a love for math and curiosity about the digital world. After being part of Singapore’s first cohort in a cybersecurity diploma program, Emil embraced early challenges in capture-the-flag (CTF) competitions and informal meetups at McDonald's that eventually gave rise to Div0.From Operations to Policy and Back AgainWhat sets Emil apart is his transition from cyber operations to policymaking. Frustrated by policies that didn’t reflect frontline realities, he stepped into the policy arena to bridge the gap. He speaks candidly about the complexity of policymaking and the importance of being a "technical policymaker" who can translate between operations and lawmaking.The Power of Automation and AI (Without the Hype)Emil and Dave dig into the evolution of automation in security—from scripting away mundane tasks to the role of AI today. Emil’s philosophy? Automate the boring stuff so you can focus on meaningful work. He challenges the fear-driven narrative around AI, noting that rather than replacing jobs, it redefines them.Advice for Aspiring Security ProsWhether you’re new to the field or feeling stuck, Emil offers grounded, honest advice:Fall in love with your career, not just your jobStart anywhere, fail often, and learn deeplyTalk to people—war stories beat certificatesSeek community: Div0, SINCON, and beyondGet ConnectedWant to connect with Emil?LinkedIn Attend Div0 meetups (twice a month in Singapore)Catch him at the next SINCON conferenceListen now on all major platforms and don't forget to like, subscribe, and share. Thanks for joining me as we continue the Chasing Entropy Podcast, where chaos meets clarity, and security finds its human side.

Jack Daniel, a legendary storyteller and community-builder, shares his incredible journey from mechanic to cybersecurity strategist. He recounts humorous tales from his early days tinkering with cars, before navigating into tech by chance. The heart of the conversation focuses on the founding of BSides, a community-centered security movement that empowers local talent worldwide. Jack also discusses his unique presentation style with sock puppets, all while emphasizing the importance of community, mentorship, and authentic engagement in fostering connections.

In this discussion, Grigorios Fragkos, known as Dr. Greg, shares his extensive background in cybersecurity spanning academia and enterprise defense. He delves into the fascinating rise of agentic AI and its potential ethical applications in enhancing cybersecurity defenses. The talk also highlights the evolving role of the Chief Information Security Officer, advocating for a shift towards a Chief Cybersecurity Officer to address new challenges. Dr. Greg emphasizes the necessity of continuous learning and critical thinking in navigating the complex cybersecurity landscape.

Javvad Malik, a security advocate, Guinness World Record holder, and co-host of Host Unknown, dives into a captivating conversation about humor's role in cybersecurity. He shares his unique journey from banking in the late '90s to industry advocacy, emphasizing the art of clear communication with non-technical audiences. With engaging anecdotes, he highlights how humor can bridge gaps in understanding complex security risks. Javvad also reflects on collaborative podcasting and the importance of empathy in sharing cybersecurity insights, making tech both relatable and entertaining.

Mark Hillick, CISO at Brex, shares his extensive journey from infrastructure engineer to security leader, emphasizing the importance of security as a business enabler. He discusses the critical role of empathy in building trust within security teams, highlighting how communication can transform past traumas into collaborative victories. Hillick also delves into AI's transformative impact on operational efficiency while cautioning against rushing without necessary safeguards. His insights blend innovation and heartfelt connection, making security a partner, not a blocker.

Join Brian Honan, founder and CEO of BH Consulting and a key figure in cybersecurity policy in Europe, as he shares his journey from IT's early days to current challenges. He emphasizes the importance of curiosity and continuous learning for aspiring security professionals. Brian discusses the emergence of agentic AI and its implications for enterprise security, urging teams to enable safe business outcomes rather than merely saying no. He also explores the complexities of data sovereignty and the evolving landscape of cybersecurity threats.