How can cybersecurity stop being treated as a tax on growth and start becoming something founders actually lean on to win trust, customers, and long-term advantage?

In this episode of Business of Cybersecurity, I reconnect with Taylor Hersom, Founder and CEO of Eden Data, for a wide-ranging and honest conversation about what security really looks like in an AI-first world. Taylor has built his career inside compliance, risk, and cybersecurity, from Deloitte to launching Eden Data during COVID, and now helping venture-backed startups and global enterprises rethink how security fits into the business itself. Rather than framing cybersecurity as fear-driven insurance, he explains why it works best when treated as a signal of maturity, discipline, and credibility.

We spend time unpacking how generative AI and agentic systems are changing the risk landscape, often faster than regulation and enforcement can keep up. Taylor shares why data, not models, remains the real asset worth protecting, and why so many organizations are still operating in a kind of AI Wild West. Without slipping into alarmism, he explains where companies are most exposed today, from training data to shadow AI tools quietly entering workflows, and why governance, transparency, and basic controls matter more than flashy security spending.

What really stands out is Taylor’s practical take on turning compliance into a growth lever. We talk about SOC 2 and ISO standards, not as box-checking exercises, but as tools that can actually improve operations, customer confidence, and sales conversations when done properly. He explains why oversharing security posture can be a competitive advantage, how founders should think differently than large enterprises, and why bad audits and rubber-stamp certifications may create more risk than they remove.

We also explore the human side of cybersecurity, including why most breaches still come down to everyday mistakes, not elite hackers, and how automation, monitoring, and better system design can reduce risk without burning out teams. Taylor shares a grounded view of how AI could finally help solve staffing shortages and alert fatigue inside security teams, and why emerging AI security standards may soon become the next credibility badge companies want to display.

We close on a lighter note with book and music recommendations, but the core message is clear. Cybersecurity no longer lives in a silo, and the organizations that understand this are already using trust as a business advantage rather than a defensive posture. As AI becomes woven into every workflow, the companies that communicate clearly about how they protect data and customers may be the ones that stand out most.

So as security, compliance, and AI continue to collide over the next few years, will your organization treat cybersecurity as a burden to manage, or as a story worth telling?

Useful Links

• Connect with Taylor Hersom on LinkedIn
• Learn more about Eden Data
• Follow on LinkedIn

Thanks to our sponsors, Alcor, for supporting the show.

What does the UK’s new Cyber Security and Resilience Bill actually mean for mid-sized businesses that sit quietly inside complex supply chains, often assuming the rules are aimed at someone else?

In this episode of Business of Cybersecurity, I sit down with Jason Revill, Global Security Practice Technology Lead at Avanade, to unpack why this legislation represents a genuine shift in how cyber risk will be judged, enforced, and felt across the UK mid-market. While much of the public debate has focused on critical national infrastructure, Jason explains why managed service providers and mid-sized firms are now firmly in scope, particularly those that underpin larger enterprises. Mandatory incident reporting, tougher expectations, and turnover-based penalties are changing cyber resilience from a technical concern into a board-level business issue.

We explore why outsourcing cybersecurity no longer reduces accountability, even though nearly half of UK mid-market firms rely on third parties to manage their defenses. Jason shares real-world insight into how supply chain vulnerabilities are driving a growing share of breaches, why identity and access management has become a weak link, and how attackers increasingly exploit trust between organizations rather than technical flaws alone. The conversation also looks at the rising threat of legal action following breaches, with group claims against well-known UK brands signaling a wider shift in public and regulatory expectations.

Crucially, this is not a fear-driven discussion. Jason offers a grounded perspective on how mid-sized organizations can move beyond checkbox compliance and embed security into everyday operations without grinding the business to a halt. We talk openly about cost, trade-offs, and why resilience planning only works when it is owned by the whole organization, not just the security team. For leaders heading into a new year facing tighter scrutiny and higher stakes, this episode offers clarity on what good looks like in practice and how to start building it.

If cyber resilience is quickly becoming a license to operate rather than an optional safeguard, how prepared is your organization for the expectations that customers, regulators, and even the public are about to place on it, and what would it take to get ahead of that curve rather than react after the fact?

Useful Links

• Connect With Jason Revill
• Learn More About Avanade
• Cyber Security and Resilience Bill

Tech Talks Network is sponsored by Denodo

How do you protect factory floors, utilities, and critical infrastructure when IT and OT finally run on the same nervous system? That is the challenge at the heart of my latest conversation with John Walsh, Field CTO at IGEL Technology, recorded live at the IGEL Now and Next event in Frankfurt.

Back in March in Miami, John and I talked about zero trust as an ecosystem rather than a product, a way to bring unified management and strong policy enforcement to the endpoint. This time, we take that thinking to the operational technology world, where the stakes feel very different. When a cyberattack hits a factory, it is not only data at risk. It can stop production lines, damage equipment, and cost millions in downtime. John explains how a prevention first mindset, backed by IGEL’s immutable OS, Universal Management Suite, and OEM ready integrations, is helping manufacturers and OEMs move security out to the edge where attacks actually begin.

Across the episode, John lifts the lid on IGEL’s work with partners such as Intel, Honeywell, Zscaler, and others who see OT as a growth frontier. We talk about US Department of Defense zero trust 2.0 requirements, European regulation, and what it really takes to extend zero trust thinking from the office to the plant. From dark industrial networks to containerized workloads at the edge, from sensor attestation to the kill chain, this is a grounded look at how endpoint security, confidential compute, and sovereign architectures are reshaping industrial resilience.

This one is for anyone who cares about the future of secure infrastructure, whether you work in manufacturing, utilities, or simply want a clearer view of where zero trust is heading as AI powered threats accelerate. Do you believe prevention first security can truly keep pace with autonomous attacks, or are we still leaning too heavily on detection and response thinking from an older era of cyber? I would love to hear your thoughts.