In this week's episode of the Chasing Entropy Podcast, 1Password’s Global Advisory CISO, Dave Lewis, sits down with longtime friend and cybersecurity luminary Brian Honan, founder and CEO of BH Consulting. From his roots in the early days of IT to advising governments and shaping policy at the European level, Brian brings a storied career and sharp insights into how the industry has evolved, and where it’s headed next.From Mainframes to Modern ThreatsBrian walks us through his unconventional journey into cybersecurity, dating back to the 1980s when formal education in the field didn’t exist. What started as a role supporting those "fad" personal computers quickly evolved into a career grounded in discipline, curiosity, and continuous learning. His foundational experience in IT, he explains, has been crucial in understanding how systems work and how to secure them.Advice for Aspiring Security ProfessionalsFor those breaking into the field, Brian offers timeless advice: curiosity, patience, and humility are key. Degrees may get your foot in the door, but demonstrating a genuine passion through blogging, open-source contributions, or volunteering at conferences like B-Sides is what sets you apart.The Rise of Agentic AI and Shadow ITThe conversation shifts to emerging challenges, particularly agentic AI and its implications on enterprise security. Brian emphasizes that security teams must shift from saying “no” to enabling business outcomes securely. He shares a startling example of an unauthorized AI note-taker infiltrating a sensitive corporate meeting highlighting the real-world risks of unsanctioned tech.Data Sovereignty in a Globalized WorldOne of the episode’s most thought-provoking segments delves into data sovereignty. Brian outlines how geopolitical tensions and regulatory mismatches (like the GDPR vs. U.S. data laws) are introducing new forms of risk. He shares alarming examples, including a prosecutor at the International Criminal Court losing access to Microsoft services underscoring how governments may “weaponize” data control.Defending Against the UnseenTo wrap up, Dave and Brian discuss how attackers are increasingly exploiting legitimate software and tools—not just traditional malware. Security teams must now detect "unusual good" behavior, not just the known bad. That means strengthening endpoint detection, monitoring network anomalies, and having a robust SOC (internal or outsourced) to handle the complexity.Final TakeawayBrian’s message is clear: as threats evolve, so must defenders. The secret? Stay curious, be patient, and never lose your sense of humour.Listen now to hear two seasoned pros explore the tension between innovation and risk, and why embracing change, rather than fearing it, is essential in cybersecurity.

Ver todos los episodios