For two decades, the mantra in technology has been simple: connect everything. More APIs, more integrations, more remote access, more cloud. But what happens when that hyper-connectivity becomes the very thing that amplifies risk?

In this episode of Business of Cybersecurity, I sit down with Steven Brodie, Chief Revenue Officer at Goldilock Secure, a NATO-backed cybersecurity firm challenging the industry’s long-standing assumptions. Steven argues that in 2026 we are finally confronting the downside of overconnectivity, where sprawling networks and forgotten links create enormous blast radiuses when breaches occur. Instead of defaulting to constant connection, he introduces the idea of “right-sized connectivity,” where systems are connected only when required, no more and no less.

We explore why so many modern breaches spread so quickly, and how architectural decisions made in the name of speed and convenience have left organizations exposed. Steven explains how most attacks are software-driven, moving laterally at machine speed, often faster than teams can patch. In that arms race, patching alone is no longer enough. Goldilock Secure approaches the problem differently by adding a physical layer of segmentation that can remotely connect or disconnect assets without sending commands over the public internet. The goal is simple: buy time, contain incidents, and prevent a localized breach from becoming a company-wide crisis.

We also discuss the tension between security and operational continuity. How do you introduce deliberate firebreaks into a network without slowing down the business? Steven is clear that this is not about returning to air-gapped islands everywhere. It is about controlled connection and controlled disconnection. Boards, he argues, should rethink cybersecurity metrics away from checklist compliance and toward containment, resilience, and clear audit trails that demonstrate who accessed what, and when.

As AI accelerates attack automation and zero-day vulnerabilities shrink response windows, the question facing every CISO and board is whether their architecture has grown beyond what is defensible. Are you relying purely on logical controls that can be subverted in software, or are you prepared to add physical boundaries that act as real firebreaks?

I would love to hear your take. Has hyper-connectivity become a strategic liability in your organization, or is it still viewed as a competitive advantage?

How prepared are enterprises and government agencies for the next wave of AI-driven risk?

I sit down with Tim Freestone, Chief Strategy Officer at Kiteworks, to unpack the findings from the Kiteworks 2026 Data Security & Compliance Risk Forecast and what it reveals about the true state of data resilience today. As AI accelerates business processes and agentic systems gain more autonomy, Tim argues that the real challenge is no longer about adding another security tool. It is about gaining repeatable control over how sensitive data moves across organizations, partners, and automated systems.

We explore why third-party involvement in breaches has surged to nearly one in three incidents and what that means for board-level accountability. Tim explains how traditional third-party risk assessments struggle to scale in an AI-enabled world, and why data-layer controls and modern digital rights management approaches are being revisited in a more practical form. We also examine the shift from ransomware headlines to the rising dominance of social engineering, and why micro-learning and human error prevention may offer a more realistic path forward than annual compliance training.

Our conversation also tackles the regulatory pressure building across regions, from evolving GDPR requirements to the EU AI Act. Tim makes the case for unified, data-centric compliance models that provide file-level visibility and auditability, rather than fragmented controls across siloed systems. We discuss the growing relevance of data security posture management, the shrinking timeline for quantum risk, and the “harvest now, decrypt later” threat that leaders can no longer afford to dismiss as a distant concern.

Finally, we turn to identity as the new perimeter in a world where AI agents act with increasing autonomy. Tim shares why identity alone is insufficient and why combining identity with data location defines the modern security boundary. For leaders facing limited budgets and skill constraints, his advice is pragmatic: start with visibility, align with established frameworks like NIST, and use AI-enabled copilots to accelerate cyber maturity rather than fall behind.

If you are responsible for security, compliance, or risk outcomes, this episode offers a clear-eyed look at what is changing, accelerating, and must be addressed now. Are you truly in control of every send, share, receive, and save of sensitive data across your ecosystem?

How can cybersecurity stop being treated as a tax on growth and start becoming something founders actually lean on to win trust, customers, and long-term advantage?

In this episode of Business of Cybersecurity, I reconnect with Taylor Hersom, Founder and CEO of Eden Data, for a wide-ranging and honest conversation about what security really looks like in an AI-first world. Taylor has built his career inside compliance, risk, and cybersecurity, from Deloitte to launching Eden Data during COVID, and now helping venture-backed startups and global enterprises rethink how security fits into the business itself. Rather than framing cybersecurity as fear-driven insurance, he explains why it works best when treated as a signal of maturity, discipline, and credibility.

We spend time unpacking how generative AI and agentic systems are changing the risk landscape, often faster than regulation and enforcement can keep up. Taylor shares why data, not models, remains the real asset worth protecting, and why so many organizations are still operating in a kind of AI Wild West. Without slipping into alarmism, he explains where companies are most exposed today, from training data to shadow AI tools quietly entering workflows, and why governance, transparency, and basic controls matter more than flashy security spending.

What really stands out is Taylor’s practical take on turning compliance into a growth lever. We talk about SOC 2 and ISO standards, not as box-checking exercises, but as tools that can actually improve operations, customer confidence, and sales conversations when done properly. He explains why oversharing security posture can be a competitive advantage, how founders should think differently than large enterprises, and why bad audits and rubber-stamp certifications may create more risk than they remove.

We also explore the human side of cybersecurity, including why most breaches still come down to everyday mistakes, not elite hackers, and how automation, monitoring, and better system design can reduce risk without burning out teams. Taylor shares a grounded view of how AI could finally help solve staffing shortages and alert fatigue inside security teams, and why emerging AI security standards may soon become the next credibility badge companies want to display.

We close on a lighter note with book and music recommendations, but the core message is clear. Cybersecurity no longer lives in a silo, and the organizations that understand this are already using trust as a business advantage rather than a defensive posture. As AI becomes woven into every workflow, the companies that communicate clearly about how they protect data and customers may be the ones that stand out most.

So as security, compliance, and AI continue to collide over the next few years, will your organization treat cybersecurity as a burden to manage, or as a story worth telling?

Useful Links

• Connect with Taylor Hersom on LinkedIn
• Learn more about Eden Data
• Follow on LinkedIn

Thanks to our sponsors, Alcor, for supporting the show.