Audience 1st

Three decades. Billions of dollars in security investment. And the human element still sits behind 68% to 72% of every breach that happens. If that statistic does not make you uncomfortable, you have probably been in this industry long enough to have accepted it as inevitable. Masha Sedova has not accepted it, and this episode is the result of a career spent refusing to.Masha co-founded Elevate Security, built it into the leading human risk management platform in the space, and watched it get acquired by Mimecast - where she now leads human risk strategy and product across a portfolio that combines email security, DLP, collaboration security, and behavioral risk intelligence under one roof. She is one of the most rigorous thinkers working at the intersection of people and security, and this conversation left me genuinely rattled in the best possible way.We talk about what human risk management actually is and why calling it a rebrand of security awareness is a disservice to both categories. We get into the 8/80 rule - the finding that 8% of your workforce is responsible for 80% of your incidents - and what it means for how security budgets should actually be allocated. We cover the four personas framework, the open ecosystem bet, the board conversation, and the cultural debt that the phrase 'humans are the weakest link' has accumulated over thirty years. I push back where I think the industry has not fully reckoned with what it is building, and Masha pushes right back.If you work in cybersecurity in any capacity - whether you are a CISO, a founder, an investor, or a marketer trying to understand what your buyers actually care about - this episode will change how you think about the human element problem.Listen and enjoy.A special thanks to our friends at Mimecast for partnering with us to tell this story. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

John Hammond was a kid who Googled "how to become a hacker" and took it seriously. He learned Python, found his way into the Coast Guard Academy, and remembers squaring down a stairwell at two in the morning - rigid military posture, full indoctrination protocol - vibrating with excitement because he was about to sit next to smart people and solve security problems for a living. That visceral, middle-of-the-night certainty became the foundation of everything that followed.Today he's a principal security researcher on the Adversary Tactics team at Huntress, employee number twenty-eight at a company that's now over six hundred people. He's also one of the most recognized cybersecurity educators on the internet, producing hour-long exploit deep dives on YouTube that get more genuine engagement than most vendors' entire content budgets combined.In this episode, John talks about why the cybersecurity industry is stuck on a treadmill it may never get off and whether the business model actually depends on that treadmill keeping pace.He explains why Huntress is deliberately slow about integrating AI into their human-led SOC and why that uncertainty is more credible than the confident claims coming from thousands of other cybersecurity vendors in the space.We also get into territory that most cybersecurity conversations gloss over.John makes the case that the security awareness gap isn't informational - the information exists, he's made it free on YouTube - it's motivational, and most training programs are built around what the security team thinks is important rather than what the end user actually cares about.He talks about why checklists function as a ceiling on curiosity, and why the discoveries that actually matter are the ones that never make it onto the procedure document.And he gets real about burnout - the arc from obsessive passion to unsustainable output that the industry celebrates in keynotes and ignores in its operational expectations.There's a moment near the end where I asked him to describe Huntress in three words and he gave me an internal mantra - ethical badasses - that says more about how the company thinks about culture as a competitive weapon than any mission statement ever could.This is a conversation about what happens when someone who never optimized for credibility becomes one of the most credible voices in the room.Listen and enjoy.A special thanks to our friends at Huntress for partnering with us to tell this story. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

Aleksandr Yampolskiy was doing everything right. He had the tools, the budget, the processes - the full security stack humming along at the e-commerce company where he served as CISO. Then one routine vendor integration blew the whole thing open. Unencrypted credit card data from other customers, just sitting there, inside a platform that had been rubber-stamped by a Big Four firm. In that moment, he realized something most security leaders spend their careers trying not to think about: you can do everything right and still lose your job because someone else didn't.That scar became SecurityScorecard.But here's where the story gets interesting. When Aleksandr, or AY - as he introduced himself when joining me in my studio, started telling people in 2013 that he wanted to quantify cyber risk the same way credit scores quantify financial risk, nobody was excited. The reactions ranged from "that's impossible" to a polite shrug. Most founders would have taken that as a signal to pivot. Alex took it as proof he was early enough to matter.In this episode, we go deep. We talk about why the status quo, not a named competitor, is the most dangerous thing your sales team will ever face. AY tells the story of twenty buyers who all said "I love it, I'll buy it" and then every single one of them disappeared when he came back with the finished product. (Oh, how I resonate deeply with this pain.)He explains how a pediatrician named Dr. Virginia Apgar, who saved tens of thousands of newborns with a simple scoring system, became the intellectual blueprint for how Security Scorecard thinks about risk. And he gets honest about hiring decisions that went wrong because he ignored a gut feeling he couldn't quite articulate at the time.We also get into territory that most cybersecurity podcasts don't touch. AY talks about boards adopting AI to impress Wall Street while CISOs scramble to secure shadow deployments nobody authorized. He walks through why 150 companies control ninety percent of the global attack surface and what that means for everyone else. He makes the case that quantum computing will be a Y2K-scale migration problem much sooner than the industry wants to admit. And he shares a question from his company advisor that I think every GTM leader needs to sit with: Who do you want your customers to become?This is a conversation about how a scientist thinks about risk, why the language gap between the SOC and the boardroom is an actual vulnerability, and what it really takes to build something that changes how an industry operates.Listen in and enjoy.A special thanks to our friends at SecurityScorecard for partnering with us to tell this story. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

Every vendor in exposure management now says they do CTEM. Nick Lantuh's response: "You don't even know what you're talking about."This episode with Nick Lantuh (CyberProof) and Amy Chaney (Citibank) breaks down how a methodology became a meaningless marketing term and how buyers can fight back.The reality check:CTEM requires connecting vuln scanning, endpoint, SIEM, cloud, email, network—not just one of themAdding CAASM or external attack surface management doesn't make you a CTEM vendorMost organizations doing "CTEM" are actually using spreadsheets and manual threat intel fusionWhy services-led beats platform-first (60x revenue growth proved it)The disingenuity problem: vendors spray the term, buyers have to unpack itAmy's evaluated these claims at the world's largest banks. Nick built the solution that actually connects the pieces. Together, they arm you with the filter. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

The Gartner debate keeps resurfacing on LinkedIn.Skeptics vs. pragmatists vs. the "it depends" crowd.Same arguments. Same camps. Same circular conversation.Everyone's missing the point.After having hundreds of direct conversations between vendors and CISOs, I've come to a controversial conclusion:The analyst relations industry exists because marketers don't want to do the hard work of actually understanding their buyers.In this episode, I'm going deep on what no one's willing to say:How buyer insight gets distorted through seven (at least) layers of interpretation before it reaches your strategy. By the time Gartner's "insight" hits your roadmap, it's a game of telephone.Vendors expect Gartner to generate pipeline. It generates awareness. That awareness doesn't convert. And the "justification" use case? I don't buy it anymore. I'll tell you what CISOs actually say.Gartner has become a shortcut to avoid the uncomfortable work of direct buyer relationships. More surprisingly, the analysts aren't doing the deep work either. You are the product, not the customer.AI is commoditizing surface-level insight. But the deep nuance, the psychology, the politics, the unspoken objections, that still requires human connection. The differentiator is becoming more human, not less.What to do instead. How to build buyer intimacy as a core competency. Why the vendors who win will be the ones who stop outsourcing the most important work in marketing.This episode isn't about whether Gartner is good or bad.It's about a harder question:How well do you actually know your buyer?If the honest answer is "not deeply enough", Gartner isn't your problem.If you're a cybersecurity founder, marketer, or GTM leader wondering who has even the smallest inkling or intuitive feeling deep down inside that your Gartner investment isn’t worthwhile, this one's for you.Connect with me on LinkedIn Learn more about CyberSynapse This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

For years, security has been treated as a necessary evil - a budget line item that CFOs approve without truly understanding its business impact. But what if cloud security could be a revenue driver, an efficiency enabler, and a cost-saving powerhouse?In this episode, Dani Woolf sat down with Chris Thomas, Chief Revenue Officer at AlgoSec, to break down how CFOs should really evaluate cloud security investments, not just as a defensive measure, but as a business accelerator.They dove into the cost of inaction, the inefficiencies draining budgets, and the financial case for security automation - all from a CFO’s perspective. If you’re still treating security as an overhead cost, this conversation will change the way you think about it.To get a demo of AlgoSec, visit: https://www.algosec.com/lp/request-a-demo This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

In this milestone 100th (and birthday!) episode of Audience 1st Podcast, Dani Woolf is joined by veteran cybersecurity leader David Doyle from DirectDefense for a brutally honest conversation about what’s broken in today’s security leadership models and how the rise of the vCISO is more than just a stopgap.Together, they unpack the myths, power dynamics, and misaligned expectations that drive burnout, stall progress, and keep companies from building real security maturity.This episode is a blueprint for cybersecurity executives, CISOs, and vCISOs who are serious about designing resilient organizations that can lead through complexity.You’ll Learn:1. The real reason CISOs are burning out and why it’s not just about stress2. How most orgs misunderstand the vCISO role (and end up wasting budget)3. When to bring in a vCISO and how to avoid hiring the wrong one4. Why CISOs and vCISOs should be tag-teaming, not competing5. How to measure progress beyond compliance and build a culture of strategic leadership6. What makes a good vCISO indispensable, not replaceableSubscribe & Follow:Follow Audience 1st wherever you get your podcastsConnect with Dani Woolf on LinkedInLearn more about CyberSynapse and qualitative buyer research This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

In this special episode of Authenticated, Confide brings together a powerhouse panel of security operators, marketers, and founders to dissect the brutal realities of go-to-market in cybersecurity. From failed conference booth investments to relationship-first community building, this conversation goes deep on why most vendors still miss the mark, and what it actually takes to build trust with today’s security buyers.Whether you’re a CISO, product marketer, founder, or GTM leader in security, this episode cuts through the noise with raw, unfiltered truths about what works, what backfires, and where the future of security GTM is headed.Key Themes We CoverWhy cybersecurity is one of the hardest GTM motions in tech—periodThe myth of the CISO as the sole buyer (and who actually influences decisions)How real community works—and why fake ones backfireWhy founder curiosity and customer obsession are the biggest predictors of successThe buyer psychology behind trust, timing, and transferenceWhat not to do at RSAC (and how to rethink your event strategy)The role of failure, redemption, and authentic messaging in building credibilityTactical ways to break through cynicism and engage skeptical security practitionersSubscribe & Follow:Follow Audience 1st wherever you get your podcastsConnect with Dani Woolf on LinkedInLearn more about CyberSynapse and qualitative buyer research  This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

In this episode of Audience 1st Podcast, Dani Woolf sits down with Val Popke to explore the unspoken human dimensions of cybersecurity leadership.Val, a veteran, assurance leader, and self-described “Wandering Cyber Vulva,” challenges the industry’s prevailing narratives around hiring, communication, inclusion, and resilience. The discussion goes beyond traditional security frameworks to uncover the cognitive and cultural risks impacting practitioners at all levels.Listeners will walk away with a deeper understanding of why burnout, disconnect, and distrust are systemic, not personal, and how security leaders must evolve to lead in environments of increasing complexity, diversity, and psychological strain.Key Themes:Why psychological safety and cognitive clarity are prerequisites for functional security operations.How the industry’s hidden majority is misaligned with traditional corporate norms and what needs to change.The mismatch between capability and visibility in how cyber professionals are evaluated and excluded.A linguistic and philosophical reframe that emphasizes collaborative understanding over performative inclusion.Why many security professionals are forced to protect their organizations from internal dysfunction while defending against external threats.Trust, mission, and why so many veterans find a natural home in cyber until corporate incentives erode that foundation.Subscribe & Follow:Follow Audience 1st wherever you get your podcastsConnect with Dani Woolf on LinkedInLearn more about CyberSynapse and qualitative buyer research   This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

What does it really take to secure applications across a hybrid, multi-cloud environment?In this episode of Audience 1st, I sit down with Adolfo Lopez, Sales Engineer at AlgoSec, who brings a practitioner’s lens to the cloud security conversation. From his experience as a network engineer to helping organizations operationalize cloud security today, Adolfo walks us through what most teams overlook—and how to get it right.We cover:Why visibility into application flows is foundational for multi-cloud securityWhat enterprises miss when they treat the cloud like a lift-and-shift extension of on-premWhy security must be application-centric—not infrastructure-ledThe critical role of policy discovery, orchestration, and automationHow AlgoSec ACE helps teams answer the question: “What will break if I make this change?”If your team is working across AWS, Azure, GCP, and on-prem—and struggling to manage risk, connectivity, and policy alignment, this episode breaks it down practically and tactically.To get a demo of AlgoSec, visit: https://www.algosec.com/lp/request-a-demo This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com