What happens when there are 100 machine identities for every human one in your organisation? This is not a prediction for the future. It is the world we are already operating in, and the implications are profound.

In this episode of Business of Cybersecurity, I speak with David Higgins, Senior Director at CyberArk, about how AI agents, autonomous systems, and the sheer scale of machine credentials in the enterprise are reshaping identity security. We discuss why password reuse, unsecured personal devices, and skipped updates remain stubbornly common even though awareness training has been around for decades. David explains that the issue is rarely laziness. Instead, it is often a lack of secure and practical alternatives that still fit the way people work.

We dig into how phishing and social engineering tactics have evolved, with AI enabling deepfake audio and video that can pass casual inspection, and how attackers are increasingly bypassing tech-savvy users entirely by targeting helpdesks and third-party support teams. We also look at the commoditisation of stolen credentials and why buying access on the dark web can now be easier than running a phishing campaign.

A major theme in our conversation is the role of culture in security. David challenges the outdated idea that humans are always the weakest link, arguing instead for a more collaborative approach that blends security objectives with user experience. We explore strategies like adaptive authentication, behavioural context analysis, and just-in-time privilege models that reduce risk without slowing down legitimate work.

The discussion then turns to the identity challenges created by agentic AI. These are AI-driven systems that can interpret goals, adapt, and communicate directly with other AI agents and human colleagues. Unlike traditional machine identities, their behaviour changes over time, creating an entirely new category of security risk. David outlines how organisations can begin to secure these identities now, rather than deferring the problem until it becomes unmanageable.

By the end of this episode, you will have a clear view of why identity-first security is essential in a machine-dominated environment, what practical steps can be taken to close gaps without adding unnecessary friction, and why aligning identity strategy with your organisation’s digital roadmap is no longer optional.

In this episode, I sat down with Mike Britton, CIO at Abnormal AI to explore the increasingly urgent overlap between AI governance and cybersecurity. With AI accelerating faster than regulation, and attackers already using these tools for harm, Mike offers a pragmatic take on what needs to happen next.

We dig into the realities of regulating AI in a fragmented world, drawing comparisons between Europe’s application-based approach and the US’s patchwork of state-level initiatives. Mike shares why he believes regulation should focus on context and application, not just model size, and why human oversight must stay part of the loop.

We also cover:

• How Abnormal uses behavioral AI to catch phishing and email attacks before they hit inboxes
• Why sandboxes and risk-based regulation can protect innovation without losing control
• The threat of over-regulation pushing innovation toward regimes with fewer ethical safeguards
• The challenge of navigating AI vendors at security events, where almost everyone claims AI capabilities
• The real-world risks of AI bias, misuse, and geopolitical influence in open-source models

Mike also shares practical guidance for CIOs and CISOs on model validation, audit trails, kill switches, and how to distinguish genuine AI value from marketing spin.

🧠 One key takeaway: Attackers are already using AI. If security teams don’t fight fire with fire, they’re at risk of falling behind.

🔗 For more, check out abnormal.ai or connect with Mike on LinkedIn.

In this episode of The Business of Cybersecurity, I’m joined by John Queally, Senior Director of Revenue Operations at Clari, for a conversation that goes far beyond spreadsheets and pipeline forecasts. We explore why RevOps has become mission-critical for cybersecurity firms facing escalating threats, intense market pressure, and growing expectations around AI.

John unpacks how cybersecurity leaders from Okta to Fortinet are rethinking the entire revenue engine to fund innovation, reduce friction, and stay ahead of attackers. We discuss the growing gap between AI ambition and data reality, and why 67% of revenue leaders are not trusting their data should be a wake-up call for anyone betting big on automation.

From real-time prospecting and clean data infrastructure to unified cross-departmental collaboration, this is a masterclass in how operational strategy, not just security tooling, is shaping the future of cyber resilience.

John also shares what it really takes to unify go-to-market teams, how RevOps is shifting from reactive reporting to proactive insight, and why the most powerful transformation starts with the "unsexy" work of cleaning up your data stack.

If you’ve ever underestimated the role of RevOps in a tech-driven industry or dismissed data hygiene as someone else’s problem, this conversation will change your mind.

🎧 Listen in to learn:

• Why AI can’t fix broken data
• How cybersecurity firms are aligning ops, sales, and customer success in real time
• What separates high-growth companies from those stuck debating dashboards

Visit Clari.com to learn more about the work John and his team are doing, or connect with him directly on LinkedIn.

Ask ChatGPT