Had a great conversation on the “Be Fearless” podcast with John Carse about how cybersecurity is evolving – and why many of us are still fighting the wrong battles.

Key themes we explored:

🏰 The perimeter is gone. Cloud and SaaS made “castle and moat” security obsolete. Zero Trust isn’t optional anymore – every transaction needs verification, regardless of location.

🌐 Browsers are the new battlefield. They’re how we access everything, yet often ignored in security strategies. Think malicious extensions, AI agents, mixed personal/corporate identities, and OAuth permissions creating backdoors to shadow SaaS.

🔐 Some “best practices” backfire. Frequent password changes create predictable patterns. Too much MFA creates fatigue and workarounds.

💼 Buyers have changed. Today’s decision-makers research independently and want clear business value, not just fear-based selling.

⚖️ Nobody talks about the hard stuff. Real deployment effort, team workload impact, measuring actual success, and having an exit plan when vendors don’t deliver.

Worth a listen if you’re rethinking your security approach.

🎧 Watch/Listen here: https://www.youtube.com/watch?v=3uhNOP6YM9A

What’s your take on Zero Trust adoption? Still seeing resistance in your organization?