Joe Levy, CEO of Sophos and a 30-year cybersecurity veteran, discusses the massive gap: 359M businesses but under 32K security leaders. He explores why the market fails SMEs, how agentic AI can scale CISO-level intuition, real gains and limits of AI in SOCs, and the tough choices behind a five-year nation-state firewall disclosure.
45:03
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Cybersecurity Poverty Line Quantified
Fewer than 32,000 of ~359 million businesses have a CISO, creating a massive leadership gap that worsens the skills shortage and vendor information asymmetry.
Joe Levy quantifies this as fewer than one in 10,000 organizations and links it to an AI-enhanced market for lemons where buyers struggle to validate vendor claims.
volunteer_activism ADVICE
Ship Secure By Default With Managed Packaging
Design products secure by default and package them with services to create predictable security outcomes for SMEs.
Joe Levy argues SMEs already have endpoints and firewalls; failures stem from misconfigurations, ignored alerts, undeployed agents, and lack of SOC response.
insights INSIGHT
Agents Replace Triage But Humans Provide Accountability
AI/agents now handle most Tier 1 and Tier 2 SOC tasks, shrinking MTTX but still require humans for final accountability and complex response.
Levy frames humans as the "accountability API" while agents perform triage and investigation at scale in Sophos's 36,000-customer MDR.
Get the Snipd Podcast app to discover more snips from this episode
Joe Levy is the CEO of Sophos and a 30-year cybersecurity veteran who has held technical and executive roles across some of the industry's most recognizable brands. In this episode, we dig into a stat that should reframe how the entire industry thinks about its mission: out of roughly 359 million businesses worldwide, fewer than 32,000 have a CISO. That's less than one in 10,000 organizations with a security strategy leader — and it's a number Joe worked with Cybersecurity Ventures to quantify for the first time.
We explore what that structural gap means for how vendors build products, why the cybersecurity market is a 40-year-old market failure where spending goes up every year but outcomes don't improve, and how Sophos is betting that agentic AI can deliver CISO-level intuition to the hundreds of millions of organizations that could never conceive of hiring one. Joe breaks down where AI is genuinely delivering in security operations — and where the industry is overselling — drawing from Sophos's experience running the world's largest MDR service with 36,000 customers.
We also get into Sophos's Pacific Rim disclosure, a five-year engagement with a Chinese nation-state actor targeting their firewalls that Joe calls the highest form of threat intelligence sharing. He walks through the calculus of going public with that story, including the kernel-level monitoring they deployed on a handful of devices to stay one step ahead of the attacker. Plus, we discuss the SecureWorks acquisition, the CTO-to-CEO transition, competing with hyperscalers like Microsoft, and what the next chapter looks like for a billion-dollar PE-backed security company approaching maturity with Thoma Bravo.
Show Notes
The cybersecurity poverty line quantified: out of 359 million businesses worldwide, fewer than 32,000 have a CISO — less than one in 10,000 — and this leadership gap compounds with the skills shortage and what Joe calls an "AI-enhanced market for lemons" where information asymmetry between buyers and vendors is getting worse
The real problem isn't missing technology — most organizations already have endpoints and firewalls — it's misconfigurations, ignored alerts, undeployed agents, and no SOC to respond, which is why secure-by-default design and hybrid product-service models like MDR create more predictable outcomes than tools alone
AI in the SOC is overhyped but not hype: Sophos runs 36,000 MDR customers and says the vast majority of Tier 1 (triage, false positive management) and Tier 2 (investigation, response) can now be performed by agents — but the industry lacks standard vocabulary for metrics like MTTR, letting vendors be "intentionally opaque" about what "response" actually means
Joe introduces the concept of "humans as the accountability API" in an agentic world — AI can approximate analyst intuition, but someone still needs to be held accountable for remediation decisions, and a fully autonomous SOC may just be "a protection product with a very long data pipeline"
The Pacific Rim story: Sophos spent five years engaged with a Chinese nation-state actor targeting their firewalls, deployed a kernel implant on fewer than a handful of attacker-controlled devices to observe exploit development in real time, and concealed targeted fixes among 150 other patches to avoid tipping off the adversary
Sophos's CISO Advantage program aims to deliver the intuitions of a skilled security leader to the hundreds of millions of organizations that could never hire one — Joe calls it fixing a 40-year-old market failure and says they're shipping it this year
Resilient Cyber 