The Segment

Recorded live at RSA Conference 2026, this episode of The Segment features a compelling conversation between host Raghu Nandakumara and Theresa Payton—the first female White House Chief Information Officer and a leading voice on cybersecurity, AI, and digital risk. They tackle a critical question: If organizations are spending more than ever on cybersecurity, why are outcomes getting worse? Drawing from her experience protecting some of the most sensitive systems in the world, Theresa challenges conventional thinking around security frameworks, compliance, and the industry’s overreliance on checklists. The conversation dives into: Why the current cybersecurity model is fundamentally broken—and what needs to change The growing gap between security spending and real-world outcomes How AI is reshaping the threat landscape as both a powerful tool and a potential insider risk Why designing for the human user—not just the buyer—is key to better security The overlooked importance of data classification in a post-quantum future Practical ways teams can begin “reimagining” security, even with limited time and resources Theresa also shares behind-the-scenes insights from her time at the White House, including a surprising story that highlights just how personal—and nuanced—cybersecurity can be. At its core, this episode is a call to action: to move beyond compliance, rethink outdated approaches, and build a more human-centered, resilient future for cybersecurity.   Stay Connected with our host, Raghu on LinkedIn For more information about Illumio, check out our website at illumio.com 

The Monday Microsegment for the week of April 6. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. Your JavaScript library just phoned North Korea. New details on last year’s banking software breach amid a flurry of lawsuits. And Team PCP hackers breach the EU through a tool…built to stop hackers.  John Kindervag joins to talk about the latest Zero Trust push out of Washington. Head to The Zero Trust Hub: hub.illumio.com Get the Industry’s First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification 

The Monday Microsegment for the week of March 30. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. ShinyHunters scales up its Salesforce extortion campaign, hitting major targets around the globe. Zero-day exploits aren’t cool. Do you know what’s cool? Negative-day exploits. And it’s sunshine and cyber alerts for the Golden State as California municipalities face disruptive attacks. And Gary Barlet joins us to unpack RSAC 2026 and the AI buzz.  Head to The Zero Trust Hub: hub.illumio.com Get the Industry’s First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification   

Social engineering attacks may evolve with new technology, but the core tactic hasn’t changed in decades: exploiting human trust. In this episode of The Segment, host Raghu Nandakumara sits down with Timothy Kromphardt, Senior Threat Researcher at Proofpoint to explore how modern scams actually work behind the scenes. Tim spends his days engaging directly with threat actors—sometimes for months at a time—to understand how fraud campaigns operate, how scammers build trust, and how they ultimately convince victims to hand over money or sensitive information. Together, they unpack the mechanics of today’s most common scams, including TOAD (telephone-oriented attack delivery) attacks, business email compromise, and the increasingly sophisticated “pig butchering” investment scams that can drain victims’ life savings after months of relationship-building. Together, Raghu and Tim unpack: Why social engineering continues to succeed—even as security technology improves   How pig butchering scams build trust over months before stealing massive sums   What happens when researchers directly engage with scammers   Why AI is helping attackers scale operations—but not necessarily replace humans   Practical steps organizations and individuals can take to reduce their risk   If you’ve ever wondered how scammers actually operate—or why even highly successful professionals sometimes fall victim—this episode offers a rare inside look at the human side of cybercrime.   Stay Connected with our host, Raghu on LinkedIn For more information about Illumio, check out our website at illumio.com 

The Monday Microsegment for the week of March 23. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. The 3.4 million records exposed in massive healthcare tech breach Federal officials hunt for answers in the wake of Iran’s attack on Stryker Why cybercriminals are ditching malware for phone calls And Christer Swartz joins us for a Boos and Bravos segment!  Head to The Zero Trust Hub: hub.illumio.com Register for Hard Truths in Cybersecurity: Fear, Liability, and the Industry’s Biggest Lies: https://www.illumio.com/resources/events/rsac-2026-registration

The Monday Microsegment for the week of March 16. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. As many as two hundred thousand devices wiped clean by Iranian hackers. A new class of malware uses AI to rewrite its own source code. And confidence vs. reality: New research shows that most security teams can’t stop a breach in real-time. And John Kindervag argues that most cybersecurity incidents aren’t caused by a lack of technology — they’re caused by bad policy. Read his full article here: https://www.linkedin.com/pulse/cybersecurity-has-resilience-problem-tool-john-kindervag-hyxaf/?trackingId=jguODXNgCbhRZs5puz%2B18Q%3D%3D Head to The Zero Trust Hub: hub.illumio.com Register for Hard Truths in Cybersecurity: Fear, Liability, and the Industry’s Biggest Lies: https://www.illumio.com/resources/events/rsac-2026-registration

AI is moving faster than any technology shift we’ve seen before—but security is still being treated as an afterthought.   In this episode of The Segment, host Raghu Nandakumara sits down with Joshua Woodruff, Founder & CEO of Massive Scale AI, to explore what it really takes to adopt AI, especially agentic AI, without putting your business at risk. Josh brings nearly 30 years of experience across security, cloud, and IT transformation, advising organizations from startups to Fortune 100 enterprises. As a zero trust thought leader, co-lead of the Cloud Security Alliance Zero Trust Working Group, and author of Agentic AI + Zero Trust, Josh shares why AI isn’t just another tools-led transformation—it’s a fundamental re-engineering of how work gets done. Together, Raghu and Josh unpack: Why AI should be viewed as “commoditized intelligence,” not a human replacement   The unique security challenges of stochastic, non-deterministic AI systems   How Zero Trust provides a business-aligned foundation for securing AI and data   What it means to treat AI agents like digital employees—with identities, guardrails, and codes of conduct   Real-world examples of AI agents going off the rails—and how to prevent it   Josh’s five-question “Agentic Trust Framework” for securing autonomous AI systems   Why security teams have a rare opportunity to become true enablers of AI-driven transformation If you’re a business leader, technologist, or security professional grappling with how to move fast on AI without breaking trust, this episode offers a clear, practical, and grounded roadmap for doing AI right—securely, responsibly, and at scale.     Resources Mentioned: https://www.amazon.com/Agentic-AI-Zero-Trust-Business-ebook/dp/B0FL2WJQVQ   Stay Connected with our host, Raghu on LinkedIn For more information about Illumio, check out our website at illumio.com 

The Monday Microsegment for the week of March 9. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. Google unmasks an advanced — maybe government-leaked — exploit kit targeting Apple devices. Iran’s Muddy Waters hacking group is shaping up to be a clear threat to U.S. networks. And the White House signals that the best cyber defense might be cyber offense. And Aishwarya Ramani on this year’s International Women’s Day theme — and why empowering women in cybersecurity gives the entire industry momentum.  Head to The Zero Trust Hub: hub.illumio.com Register for Hard Truths in Cybersecurity: Fear, Liability, and the Industry’s Biggest Lies: https://www.illumio.com/resources/events/rsac-2026-registration    

The Monday Microsegment for the week of March 2. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. Security leaders brace for an epic backlash to U.S. and Israeli attacks on Iran. Meanwhile, Iran’s domestic internet cutoff provides a threat intel goldmine for defenders. And CISA gets a new leader as the agency navigates more than a year of internal turmoil. And Christer Swartz joins us to bust a cybersecurity myth!   Head to The Zero Trust Hub: hub.illumio.com Join us at RSAC in San Francisco: https://www.illumio.com/resources/events/rsac-2026-registration

What separates organizations that pass audits from those that survive real incidents? In this episode of The Segment, host Raghu Nandakumara sits down with Phil Park, global cybersecurity and risk leader at IBM. With more than 25 years advising financial institutions across the U.S., Europe, and Asia-Pacific, Phil brings a practical perspective on how supervision is rapidly evolving from compliance checklists to real-world operational readiness. Together, Raghu and Phil unpack the industry’s biggest mindset shift: regulators no longer ask “Are you protected?” — they ask “Can you operate through disruption?” They explore why prevention alone is no longer enough, why containment and recovery now define security maturity, and how CISOs are moving from siloed operators to enterprise-wide risk leaders accountable to boards and regulators alike. The conversation also dives into: Why regulators evaluate response quality rather than technical perfection   How organizations are turning tabletop exercises into realistic resilience testing   The growing pressure created by third-party and supply-chain dependencies   Why evidence and outcomes matter more than policies and frameworks   How overlapping reporting requirements are reshaping incident response playbooks   The double-edged role of AI in both defense and attack, including deepfake risks   Why security fundamentals matter even more in the AI era   This episode is a must-listen for security leaders and executives navigating a world where passing the audit is no longer the goal — proving you can withstand disruption is. Also, if you’re attending FSISAC, join Illumio, IBM, and Palo Alto Networks for an exclusive dinner at Capital Grille! Save your seat here: https://lp.illumio.com/20260302-Steak-And-Security-Dinner.html?utm_medium=email&utm_source=marketo