On the 30th episode of Enterprise AI Defenders, hosts Mike Britton and Evan Reiser talk with Martin Strasburger, Senior Vice President and Chief Security Officer at Duke Energy. Martin shares how Duke, serving over 11 million customers across the Southeast, protects vital physical and digital infrastructure in a time of accelerating energy demand and technological change. He emphasizes the critical role of intelligence‑driven defense in both cyber and physical spheres. From ballistic attacks on substations to AI-driven grid resilience and deepfake threats, Martin offers a nuanced perspective on how modern security challenges require both technological expertise and human intelligence.

Quick Hits from Martin

On his protective mission at Duke: "Being able to protect… our people, our data, our systems, keep that power on… that's a satisfying feeling when you're successful."

On AI’s impact across the industry: “We’re piloting technology that can look across multiple facilities… and try to identify a group that is surveilling our facilities, doing pre-operational surveillance for a future attack, and intervene, interdict, and prevent an attack.”

On deepfake and phone‑based threats: "The use of AI in social engineering is my biggest concern. So much of that is outside of my control as the security leader… When you’ve got a bad actor doing a call to somebody's mobile device, my only line of defense in that case is that person. Have we trained them? Are they aware that they shouldn’t fall for that phishing call?"

Recent Book Recommendation: The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where security, privacy, and safety leaders share how they’re protecting the world from AI‑powered threats. Find more great insights from technology leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Josh Meer.

On the 29th episode of Enterprise AI Defenders, host Mike Britton, Chief Information Security Officer at Abnormal AI, talks with Vaughn Hazen, Chief Information Security Officer at ​​the Canadian National Railway Company. CN is Canada’s largest rail operator and the only one that spans the Atlantic, Pacific, and Gulf coasts, running over 20,000 miles across North America. In this conversation, Vaughn shares what it takes to defend one of North America’s largest freight railroads in an era of deepfakes, automated phishing, and machine-speed threats. He discusses why secure processes (not just smart tools) are critical to cyber resilience, how AI is changing the threat landscape and workforce dynamics, and why treating email as a notification system is a foundational shift. Vaughn’s approach blends military discipline, telecom roots, and a strong belief in long-term readiness over reactive fixes.

Quick hits from Vaughn:

On the fragility of process in an AI-driven threat landscape: “Email should be a notification, not necessarily the process... there's just gotta be a robust process that makes it very, very difficult where you're gonna have to be able to compromise a slew of people in order to really breach that”.

On the slow burn of real security preparation: “You can’t plant the seeds and expect to harvest in the same day… a lot of the stuff that we do to prepare for a potential event is stuff that we've got to be doing in advance”.

On AI’s false promise of autonomy: “It’s not something that just works on its own... You've got to have people that are knowledgeable... to say, first of all, does this make sense? Are we seeing a hallucination?”.

Recent Book Recommendation: The 7 Habits of Highly Effective People by Stephen R. Covey

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog.

Enterprise Software Defenders is produced by Josh Meer

On the 28th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal AI, talk with Rob Nolan, Vice President and Chief Information Security Officer at Expeditors. Expeditors is a Fortune 500 freight and logistics company, powering over 25% of all U.S. customs clearance. They enable global trade and supply chain resilience for many of the world's most recognizable brands. In this conversation, Rob shares how AI is changing the attack surface and the defensive playbook, why behavior and identity have become the new cybersecurity perimeter, and how AI helps enterprise defenders flip the script and regain their advantage.

Quick hits from Rob:

On the role of AI in defense: "The reality is that if I think about a solution that helps us defend against AI attacks, it's more AI."

On defenders flipping the script with AI: "The next frontier is knowing what 'normal' looks like for our business—and letting AI call out what's not."

On culture, training, and enablement: "We're much better off having an AI-intelligent workforce than one we've sheltered away from AI."

Book Recommendation: The Great Mental Models by Rhiannon Beaubien and Shane Parrish

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts. Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/.

Enterprise AI Defenders is produced by Josh Meer.

On the 27th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal AI, talk with Gareth Packham, Chief Information Security Officer at Save the Children International. Save the Children is one of the world's largest nonprofit organizations focused on protecting the rights and well-being of children. Operating in over 100 countries, it delivers healthcare, education, and emergency response programs—often in high-risk, conflict-affected areas. In this conversation, Gareth shares insights on the life-or-death stakes of cybersecurity in humanitarian work, the rising danger of AI-powered impersonation and fraud, and why driving behavioral change—not just awareness—is the next frontier in protecting global organizations.

Quick hits from Gareth:

On the real-world consequences of cybersecurity failures at Save the Children: “Without sounding glib or flippant—it really isn't. It can be a matter of life and death. We have information on children and families… in the wrong hands, that could put them at risk of physical harm.”

On the threat of AI-generated impersonation: “A few years ago, we were seeing business email compromise attempts asking to approve invoices. Now, it’s shifted to things like deepfake video. When someone says, ‘Let’s jump on a call,’ and you see a video of someone that looks and sounds like your CEO, you really need to challenge that.”

On the limits of awareness training: “The challenge with a lot of awareness programs is that they’re static. People might remember the right answer on a quiz, but it doesn't mean they’ll act the right way under pressure. We need to stop checking boxes and start measuring actual behavior change.”

Book Recommendation: Flow by Mihaly Csikszentmihalyi

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Josh Meer.

On the 26th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Kirsten Davies, former Chief Information Security Officer at The Estée Lauder Companies and Unilever and founder of The Institute for Cyber. Kirsten's storied career has given her a front-row seat to understanding the complexities of securing global organizations. In this conversation, Kirsten shares insights on the scale of enterprise cyber operations, the hidden challenges of AI-powered security innovation, and how human risk is still the biggest concern in the age of AI.

Quick hits from Kirsten:

On how AI is redefining attacker capabilities: “The sophistication of whaling, spear phishing—AI is being used very smartly, and it’s bypassing a lot of those traditional filters that we had back in the day. Now it feels like all of the email-based attacks are super sophisticated, very targeted, and they have really major repercussions on the back end.”

On the need to rethink digital identity defense: “Think of how many service accounts there are now. They exploded in numbers—larger than people. The number of service and machine identities we have is astronomical… This is where the opportunity is on the defense side, where you don’t even have people involved anymore.”

On why people are still the frontline: “It still goes back to relationships with people… good old-fashioned communication capability… It's still about building awareness. The human element of risk—that will never go away. That’s one of the reasons I started The Institute—so everyday citizens can have safer experiences while they traverse the digital universe.”

Book Recommendation: Imagine Heaven by John Burke

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Josh Meer.

On the 25th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Joshua Brown, former Vice President and Chief Information Security Officer at H&R Block. H&R Block is one of the largest tax preparation companies in the United States, with tens of millions of customers relying on its services each year. Managing security for a global tax enterprise requires defending against large-scale fraud, identity theft, and AI-powered social engineering attacks—all while ensuring compliance with strict regulatory requirements. In this conversation, Joshua discusses how AI is accelerating cyber attacks, the challenges of using AI for fraud detection in financial services, and the impact of automation on the next generation of cybersecurity teams.

Quick hits from Joshua:

On the state of fraud in financial services and how AI can help: “If you're talking about a normal year, you might see a thousand potentially fraudulent returns, and then suddenly it jumps up to a million or more. You don’t have enough analysts to look through that. It’s not possible. You have to do something with machine learning or AI to be able to narrow that down and help make faster decisions.”

On balancing the need for efficiency and the need for future talent in cybersecurity: “I think businesses are so hungry for efficiency that they risk gutting their talent pipelines. If we’re not careful, we’re going to end up with a senior workforce and no way to develop new security talent.”

On leadership strategy in security: “How you motivate a team is by connecting them with the why of what they’re doing and letting them figure out the how. That’s why you hire people smarter than you, right? It’s not so that everybody does things the way you do it.”

Book Recommendation: Right Kind of Wrong by Amy Edmondson

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Josh Meer.

On the 24th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Michael Baker, Vice President and Chief Information Security Officer at DXC Technology. DXC is a global IT services leader, providing infrastructure, consulting, and cybersecurity solutions for nearly half of the Fortune 500. With 125,000 employees operating across 70 countries, DXC delivers a vast portfolio of managed services. Securing both its own infrastructure and customer environments, DXC must defend against a rapidly evolving threat landscape while ensuring seamless global operations. In this conversation, Michael discusses how DXC manages its massive attack surface, the role of AI in automating SOCs, threat hunting & vulnerability management, and the future of AI-enhanced cybersecurity.

Quick hits from Michael:

On the rise of multimodal cyberattacks and AI-driven threats: “AI is just making [cyberattacks] harder and harder to spot. It’s not just email—it’s multimodal. We’re seeing it through WhatsApp, text, and email, all coming at once.”

On how AI is lowering the barrier to entry for malware creation: “We’re seeing the democratization of malware development. AI has enabled coders everywhere. We can basically have citizen development of malware.”

On the trending use of AI agents and automation in cybersecurity: “2025 is really the year we’re going to see AI agents start working across different functions, not just siloed within organizational components.”

Book Recommendation: The Speed of Trust by Stephen M. R. Covey

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at www.enterprisesoftware.blog.

Enterprise AI Defenders is produced by Josh Meer.

On the 23rd episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Matt Modica, Vice President and Chief Information Security Officer at BJC HealthCare. BJC HealthCare is one of the largest non-profit healthcare organizations in the United States, operating 14 hospitals across Missouri and Illinois. BJC has over 30,000 employees and over 4,200 doctors across its network. In this conversation, Matt discusses the unique challenges of securing patient privacy in a digital world, new opportunities and risks in healthcare with recent AI advancements, and aligning security practices with an AI-enabled future.

Quick hits from Matt:

On the increasing effectiveness of AI powered attacks: “Voice technology and mimicking a person got very good. Pretending to be somebody else and trying to get credential access or compromise credentials, it's not just executives anymore. It's anybody with a credential. So the credential is valuable and they're being sold. It's just a matter of how criminals can best get the ID and password to be able to sell.”

On critical areas where AI allows us to focus more attention: “We have time to do the things we've always talked about wanting to do. We've talked about wanting to do more threat hunting, about wanting to do more risk quantification. We've always talked about wanting to do a better job and be more proactive in shifting security left in our, in our agile environment, our workflows and things. So we have some time to do that now because we're making some of those things either automated or more efficient.”

On the maintained need for humans in the loop with enterprise AI: “ When you're running a large enterprise, uptime is of utmost importance. If I change a firewall rule that blocks something legitimate, I'm going to hear about that. If that was done because it was a low security risk, but the automation decided to do that, then there’s a lot of ramifications there. I don't know if we'll ever get to a hundred percent full automation. I think we're always going to have to have someone validating accuracy. And the models and making sure that our risk tolerance as an organization is taken into consideration as we instrument those things or allow those things to take action on our behalf.”

Book Recommendation: The One Minute Manager by Ken Blanchard and Spencer Johnson

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Josh Meer.