Josh Bruyning and Richard Stiennon explore how AI agents are fundamentally changing the SaaS industry and traditional software models. They discuss the shift from feature-based to outcome-based solutions and why companies must adapt to survive.

• Richard Stiennon shares insights about Security Yearbook 2025 and IT Harvest's database tracking over 4,340 cybersecurity vendors
• Introduction to Compliance Aid, a disruptive platform supporting 366 global compliance frameworks through conversational AI
• Analysis of why traditional SaaS companies must incorporate AI agents to remain competitive
• Discussion of the "agentification" trend: adding AI capabilities to specialized software platforms
• Exploration of how specialized knowledge maintains value when combined with AI capabilities
• Deep dive into AI's impact on employment, particularly for future graduates
• Warning for educational institutions that resist AI adoption instead of embracing it
• Comparison of the AI revolution to other technological transformations like desktop publishing

Check out IT Harvest at it-harvest.com and connect with Josh Bruning on LinkedIn to stay on the cutting edge of technology and AI.

Josh's LinkedIn

EU's complex regulatory environment creates both challenges and opportunities for businesses navigating data privacy, financial services, and healthcare regulations across member states.

• Significant differences exist between EU-wide regulations and country-specific implementations
• Large companies like Meta and Uber have faced multi-million Euro fines for GDPR violations
• Financial institutions struggle with innovation due to contradictory and slow-moving regulations
• Healthcare organizations often have regulations but lack enforcement, creating security risks
• AI adoption faces resistance similar to the US, though its implementation is transforming industries
• Traditional banks create separate "baby banks" with modern infrastructure to work around regulatory limitations
• Companies often underestimate marketing costs when entering EU markets due to privacy restrictions
• Red teaming employees creates privacy concerns that must be balanced with security needs
• Local legal expertise is essential when entering European markets to avoid costly compliance mistakes
• Every regulatory challenge also presents strategic opportunities for companies who understand the landscape

To learn more about Bruning Media and our services, visit bruning.com.

Josh's LinkedIn

Marcus Peet, Senior Director of Information Security at PT Solutions, shares his unique perspective as both a cybersecurity expert and father of three on navigating the complex world of digital parenting. His "growth with guardrails" philosophy demonstrates how parents can protect their children online while allowing them the freedom to develop necessary digital literacy skills.

• When children should get their first phone (Marcus recommends age 13, but with flexibility based on family circumstances)
• Smart alternatives like GPS watches for younger children who need location tracking
• Understanding the hidden costs of giving children smartphones, particularly the time investment
• Tools for monitoring children's devices including Bark, Family Link, and built-in parental controls
• Creating accounts properly within family ecosystems rather than standalone accounts
• The importance of establishing trust while still verifying children's activities
• Balancing protection with independence to avoid children seeking workarounds
• Navigating platforms like Roblox safely through supervision rather than prohibition
• Recognizing generational communication differences (like how a thumbs-up emoji can be perceived as passive-aggressive)
• Practical strategies for verifying online friends' real-world identities

Remember, the phone is a privilege, not a right. Be transparent about monitoring with your children while still giving them space to make small mistakes and learn from them.

Josh's LinkedIn

Kyle and I dive into the reality of the RSA Conference experience, exploring how the security industry's biggest event has transformed into a vendor-dominated spectacle with declining CISO attendance.

• The conference atmosphere is overwhelmingly loud with vendors everywhere and marketing materials covering every available surface
• San Francisco completely transforms during RSA, with security company logos plastered on restaurant windows and hotels taken over for exclusive events
• CISOs are increasingly skipping RSA, with many security leaders openly avoiding the conference
• The "sales to sales" dynamic dominates the floor, with vendors primarily connecting with other vendors rather than actual buyers
• Having a presence at RSA remains an unwritten requirement for security companies hoping to work with enterprise clients
• Strategic attendees focus on off-site meetings, invitation-only lunches, and smaller gatherings rather than the main conference floor
• The true value comes from face-to-face connections with people from around the world who have gathered in one location

Kyle's LinkedIn

Pensar's LinkedIn

Josh's LinkedIn

AI agents equipped with computer use capabilities will transform the cybersecurity landscape within the next year, shifting from augmenting to potentially replacing human SOC analysts with systems that can perform 100% alert triage. The investment landscape reflects this shift, with 78% of venture capital reportedly flowing into AI companies despite many firms simply adopting AI terminology without substantive implementation.

• Computer use abilities allowing AI to operate systems like humans will be the next major advancement
• Within 12 months, expert AI agents will function like "super employees" in security operations
• Ephemeral AI agents that complete specific tasks before dissolving enable unprecedented workforce elasticity
• Traditional valuation metrics based on headcount are becoming obsolete as AI reduces staffing requirements
• Companies running operations with 75%+ AI support can scale without proportional employee growth
• The MSSP community appears slow to adopt AI capabilities despite clear operational benefits
• AI systems will increasingly handle complete alert triage, potentially displacing human analysts
• Vendors typically avoid discussing workforce displacement, focusing instead on productivity gains
• Open-source AI innovations are accelerating development cycles across the industry

Innovations in AI security are happening rapidly. Follow the speakers on social media to stay updated - Randy Blasik (@BlasikRandy on Twitter and Compliance Aid on LinkedIn), Richard Stiennon (@Stiennon on Twitter and LinkedIn), and Josh Bruyning on LinkedIn.

Josh's LinkedIn

Ever wonder what happens when centuries-old legal practices collide with cutting-edge technology? Dean Sapp, CISO at FileVine, pulls back the curtain on the digital transformation revolutionizing law firms worldwide.

Beyond just modernizing paperwork, Dean reveals why attorneys have become prime targets for sophisticated hackers and nation-states. "Law firms are data aggregators of some of the most valuable information on the planet," he explains, detailing how insider knowledge of M&A deals, patents, and major developments makes legal data irresistible to cybercriminals. With attacks from Russia, China, and North Korea occurring daily, the stakes couldn't be higher.

The conversation takes a fascinating turn when Dean shares how purpose-built AI is dramatically reshaping legal processes. Tasks that once took legal teams 4-6 weeks now complete in a single day. Immigration paperwork that required 4-6 hours now finishes in under an hour. These aren't minor improvements—they're transformative shifts in how legal services can scale to help more people.

What sets this discussion apart is the rare glimpse into the specific security challenges of government legal agencies. With FileVine serving approximately 40 government agencies that require FedRAMP certification, Dean offers insights few security professionals ever witness. The intersection of legal compliance, national security, and political implications creates a security environment unlike any other.

Whether you're a legal professional wondering how to stay ahead of technology trends, a security expert curious about specialized industry challenges, or simply fascinated by how AI is reshaping traditional professions, this episode delivers eye-opening perspectives on the future of legal services.

Ready to discover how your organization can better protect sensitive information while dramatically improving efficiency? Join us for this revealing conversation about the technologies reshaping an entire profession.

Josh's LinkedIn

In this episode, Richard Stiennon makes some bold predictions about the future of AI in Cybersecurity. Artificial intelligence is transforming cybersecurity at an unprecedented pace, with large language models increasing in intelligence tenfold every 12 months and reaching a potential critical mass by 2027.

• SOC automation represents the most immediate and profound application of AI in cybersecurity
• Approximately 15 startups are developing AI solutions to replace tier-one SOC analysts
• AI will eventually enable 100% automated triage of security alerts
• The shift from tactical to strategic skills will be critical for cybersecurity professionals
• As defensive AI improves, cybercrime may dramatically decrease, forcing attackers to use more expensive human-based methods
• Major industry consolidation will likely occur as AI solutions demonstrate overwhelming effectiveness
• Nation-states will remain the primary threat actors as they can afford to develop counter-AI attack capabilities

Josh's LinkedIn

Richard's LinkedIn

Check out Josh's new book "The Close Line" available as an e-book on Amazon now, with paperback and hardcover versions coming soon. Check out IT-Harvest for a free demo.

Josh's LinkedIn

Mark Nicholls discusses how to integrate cybersecurity throughout the development lifecycle rather than treating it as an afterthought with pre-go-live penetration testing. He explains that embedding security into early design phases requires both leadership commitment and proper resource allocation to overcome the natural friction between IT and security teams.

• Moving security activities earlier in the development lifecycle is crucial for effectiveness
• DevSecOps implementation remains relatively rare, especially in larger legacy organizations
• Many security teams lack capacity to participate in early design stages
• Where a CISO reports indicates organizational security maturity
• Less mature companies have CISOs reporting to CIOs, treating security as just a tech issue
• More mature organizations position CISOs outside IT, reporting to CEO or board
• Business risk assessment should be the ultimate measure of security effectiveness
• Australia's "Essential Eight" provides practical baseline controls compared to NIST or ISO
• Regulatory requirements for breach reporting are increasing globally

You can find Mark Nicholls on LinkedIn or at informpros.com for any questions or follow-ups.

Josh's LinkedIn