Security Weekly Podcast Network (Audio) Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - Myke Lyons - BSW #438
Mar 11, 2026
Myke Lyons, CISO at Cribl with 20+ years leading security strategy, discusses AI-driven exploitability and why attacks are outpacing patch cycles. He talks about shifting from IoC hunting to TTP and behavior-focused defenses. Conversation covers rich telemetry, AI-assisted patch cohorting, standard schemas, and leadership changes needed to reduce organizational exposure.
AI Snips
Chapters
Transcript
Episode notes
Use Big LLMs For Enrichment And SLMs For Precision
- Combine large LLMs for enrichment with small, specialized models trained on your telemetry to avoid hallucinations and improve precision.
- Myke Lyons uses SLMs for sensitive-data and pattern detection (e.g., custom account formats) instead of brittle regex rules.
Automate Patch Cohorts From Telemetry
- Automate patch cohorts and deployments using telemetry-driven grouping so low-risk populations get updates first.
- Myke Lyons suggests LLMs can parse host history and success criteria to auto-split cohorts and eliminate spreadsheet chaos in patch meetings.
No Code Chains Unlock Fast Security Automations
- No-code/MCP patterns let teams chain telemetry sources and security tools into repeatable flows without heavy engineering.
- Matt Alderman notes many MCP endpoints and standard data formats make quick integrations and automations feasible today.