Steve Tcherchian, CEO of XYPRO, explains how XYPRO protects mission critical systems that move money, run payments, settle trades, and support national infrastructure on HPE NonStop. He shares that most customers do not complain about hackers first. They complain about complexity: too many tools, dashboards, audits, and reports that create work without reducing risk. Steve breaks down common misconceptions, including “compliance equals security” and “uptime equals security,” and argues security must be treated as a real business risk, not just a technical problem.

The conversation explores how AI is changing cybersecurity by amplifying existing attack methods rather than inventing new ones. AI makes average attackers more effective by improving language, speeding up reconnaissance, and making phishing and social engineering more believable. Steve also warns about alert fatigue and explains why attackers hide inside the noise. He highlights a critical readiness gap: many companies have backups but do not test them, and ransomware groups often target backups first to block recovery and force payment. He discusses the tradeoffs of paying ransoms using the Caesars and MGM examples, and stresses that “hope is not a strategy.”

Steve outlines warning signs that a company is not prepared, like unclear ownership of incident response and lack of a documented decision chain for talking to customers, regulators, and the board. He explains what strong executive behavior looks like during a breach: slow down, contain, communicate, and lead without panic or blame. Looking ahead, he predicts a shift from perimeter defense to identity and behavior defense, with more focus on real time detection and fast recovery. He closes with practical advice for everyone: turn on multi factor authentication everywhere and be cautious with links, or better, type the site directly instead of clicking.

About Steve Tcherchian:

- https://www.linkedin.com/in/stevetc/

- https://xypro.com

- https://stevetcherchian.com/

About Federico Ramallo ✨👨‍💻🌎

🚀 Software Engineering Manager | 🛠 Founder of DensityLabs.io & PreVetted.ai | 🤝 Connecting 🇺🇸 U.S. teams with top nearshore 🌎 LATAM engineers

- 💼 https://www.linkedin.com/in/framallo/

- 🌐 https://densitylabs.io

- ✅ https://prevetted.ai

🎙 PreVetted Podcast 🎧📡

- 🎯 https://prevetted.ai/podcast

- 🐦 https://x.com/PrevettedPod

- 🔗 https://www.linkedin.com/company/prevetted-podcast

00:00 Introduction and Guest Background

01:19 What Xypro Protects and Its Critical Systems

01:57 The Increasing Complexity of Cyber Threats with AI

02:57 Challenges in Security Tools and Clarity for Teams

03:52 Misconceptions About Compliance and Security

04:44 Cybersecurity as a Business Risk

05:32 The Fallacy of Tool Overload and Shelf-Ware

06:27 Organizational Silos and Strategy Rethink

07:34 Layered Security and Human Factors

08:22 False Positives and Alert Fatigue

09:07 The Reality of Attackers Only Need One Success

09:59 Security Friction and User Experience

11:06 Human Element and Social Engineering

12:00 AI’s Role in Phishing and Attack Speed

13:03 The Myth of AI Replacing Security Teams

14:59 AI as an Enabler, Not a Replacer

16:22 The Importance of Human Judgment and Experience

17:44 Preparedness and Incident Response

18:43 Backups and Ransomware Defense

20:22 The Cost of Ransomware and Paying Ransoms

21:27 Cybersecurity Spending and Risk Management

24:30 Data Exploitation and Dark Web Risks

25:44 Focus on Compliance and Risk Reduction

28:46 Security Controls and Hardening Systems

29:53 Conducting Gap Assessments and Simulations

36:00 The Shift to Resilience in Cybersecurity

36:31 The Reality of Being Hacked or Not

38:44 The Normalization of Security Breaches

39:41 Advice for New Security Professionals

40:40 Lessons on Leadership and Communication

42:11 Building a Security Culture and Team Engagement

43:27 Final Remarks and Key Takeaways