Every role in cybersecurity is changing fast, but most practitioners are still treating AI like a glorified search engine. In this solo episode of Secured, Cole Cornford shares his unfiltered take on three things on his mind right now: entrepreneurship in a tough market, the growing threat to SaaS product businesses from roll your own culture, and why the cyber industry needs a fundamentally different approach to AI.

Cole makes the case that saying "hey Claude" is the least effective way to work with AI today, and that the real conversation has nothing to do with which model you pick. It is about how you interact with it, how you build a harness around it, and how you stop letting third party wrappers make all the decisions for you. He also shares early thinking on an AI course he is building for security professionals, covering AI fundamentals, using AI for security, and securing AI products.

Along the way he tackles the rule of three as a framework for prioritising in a small business, why product moats are disappearing fast, and what qualities he is actually looking for when hiring graduates in a market where everyone is cutting them.

00:00 Trailer

01:01 Chainguard ad

01:28 Intro and today's three topics

02:30 Entrepreneurship in a tough market

04:30 The rule of three and how Cole runs his business

07:00 Why SaaS product moats are disappearing

10:00 Roll your own vs buying commercial security tools

13:30 When rolling your own actually makes sense

16:00 Cash flow warning for Australian business owners

18:00 Why Cole is building an AI course for security professionals

21:00 Models vs harnesses and why most people get this wrong

24:00 How the cyber industry needs to change its approach to AI

27:00 What Cole looks for when hiring graduates right now

30:00 Systems thinking, humanities and the skills that still matter

33:00 Grandma's pot and questioning everything you think you know

35:00 Closing thoughts

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Assessment at https://dayone.fm/chainguard

To learn more, join our newsletter to be notified of new First Cheque episodes and upcoming shows.

Mentioned in this episode:

Call for Feedback

Vibe coding is here and most organisations are nowhere near ready for what it means for security. In this episode of Secured, Cole Cornford sits down with Patrick Collins and Simon Harloff, founders of Dam Secure, to unpack how AI is reshaping software development and why the old AppSec playbook is not keeping up.

They cover the shift from artisanal to factory model engineering, why skills and agents.md files are less reliable than people think, and why the SaaSpocalypse narrative is mostly a distraction from the work that actually matters. Patrick and Simon also walk through how Dam Secure enforces organisational security rules at plan time, before a single line of AI generated code gets written.

00:00 Trailer

01:01 Chainguard ad

01:28 Meet Patrick Collins and Simon Harloff from Dam Secure

03:00 Why existing AppSec tooling never worked for developers

05:30 The artisanal vs factory model of software development

08:30 Hacker News, polarisation and the AI sentiment shift

11:00 Agile, standups and processes that no longer make sense

14:00 Bigger PRs, higher velocity and workflows without an IDE

17:00 Skills, agents.md and the limits of deterministic guardrails

20:00 The AppSec to developer ratio problem

23:00 The SaaSpocalypse and why rebuilding tools is a side quest

27:00 React, digital certificates and security through business incentives

30:00 How Dam Secure works: secure spec and plan time enforcement

34:00 Vibe coders, Lovable and the risk beyond professional developers

36:00 Where to find Dam Secure and closing remarks

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Assessment at https://dayone.fm/chainguard

To learn more, join our newsletter to be notified of new First Cheque episodes and upcoming shows.

When Sam Fariborz moved to Australia from Iran, she had been working as an IT manager. While she had plenty of experience and strong technical skills, the move to Australia was challenging, and in this episode Sam discusses some of the barriers to entry she faced. By attending cybersecurity events and reaching out to people on LinkedIn, Sam found mentors and peers who helped progress her career, and today Sam is Cybersecurity Services & Program Manager for Kmart group which employs nearly 50,000 people across Australia and New Zealand. Sam chats with Cole Cornford about how to network effectively, the growth of cybersecurity as a profession in the last couple of decades, the need for greater diversity within the industry, and plenty more.

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Assessment at https://dayone.fm/chainguard

To learn more, join our newsletter to be notified of new First Cheque episodes and upcoming shows.

Mentioned in this episode:

Download your free CVE Reduction Assessment

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk.

December 2025 - Chainguard