What if our fundamental approach to security needs rethinking? In this conversation with Tia Hopkins, Chief Cyber Resilience Officer at eSentire, we explore why resilience has become the industry's latest buzzword—and why it demands more than just lip service.

One of the mantras Hopkins doesn't particularly care for when it comes to cyber resilience is the "not if, but when" mentality that dominates security discussions every now and again. Her suggestion is to shift more from mere acceptance to acknowledgment. This may sound like a subtle distinction, but is still very powerful. It keeps teams vigilant rather than resigned.

At the heart of our discussion is a critical examination of the industry's pivot from prevention to detection and response. While this shift made sense as organizations adopted cloud environments and borderless networks, Hopkins argues it's time to correct this imbalance through comprehensive exposure management. This approach extends beyond traditional vulnerability management to encompass people, processes, and technologies, all informed by business context and threat intelligence.

For security leaders wrestling with budget constraints while trying to balance prevention and response investments, Hopkins offers practical advice: eliminate technology duplication, maximize existing capabilities, and frame security investments in business terms rather than technical specifications. Most importantly, she advocates moving beyond annual risk assessments toward dynamic, continuous evaluation that reflects the reality of today's threat landscape.

There are a lot of really good insights in this conversation. Listen to this episode now.