In this compelling episode of the Chasing Entropy Podcast, I sit down with none other than Thom Langford, EMEA CTO at Rapid7 and “twice-recovering CISO,” for an honest and often humorous deep-dive into the lived realities of cybersecurity professionals.

Finding Purpose in Security

Thom reflects on his unconventional path into cybersecurity, entering the field two decades into his tech career and quickly realizing he had found his “tribe.” From his early days wrangling VAX/VMS systems to leading security teams, his journey underscores the importance of mentorship, curiosity, and persistence.

Burnout, Mental Health & Imposter Syndrome

This episode doesn’t shy away from the emotional toll of cybersecurity. Both Thom and Dave speak candidly about the mental load that comes with defending digital infrastructure, from career burnout to imposter syndrome. Thom offers relatable stories including hiding in a bathroom stall to avoid public speaking—and shares how vulnerability, perspective, and humour became his coping tools.

Security Isn’t Funny, But It Can Be Fun

Thom’s approach to security education is rooted in humor and storytelling, which he argues improves information retention and builds connection. He shares insights from The Host Unknown Podcast and reminds us that just because security is serious doesn’t mean it has to be dry. Laughter, he says, is often the best way to tackle hard truths.

Reducing Friction, Building Better UX

A recurring theme is the need to reimagine user experience in cybersecurity. Thom advocates for intuitive, low-friction security that doesn’t require justification, just like locking your front door or putting on a seatbelt. When secure behaviours are second nature, we’ve truly succeeded.

Advice for Newcomers

To those entering the field, Thom’s message is clear: you don’t have to be technical to make a difference. Whether managing risk, policy, or compliance, every role matters. He also urges senior professionals to manage their calendars more assertively for sanity’s sake.

Where to Find Thom Langford

• 🎧 Host Unknown Podcast
• 📸 TomLangford.photography
• 📝 Blog at TomLangford.com
• 💼 LinkedIn

Catch the full episode to hear two seasoned CISOs pull back the curtain on the cybersecurity industry with wit, wisdom, and just the right amount of entropy.

In this insightful episode of Chasing Entropy, host Dave Lewis welcomes cybersecurity veteran Allison Miller to explore the intersections of fraud, risk, complexity, and AI in the ever-evolving digital landscape.

Allison brings two decades of experience spanning enterprise cybersecurity, anti-fraud, and advanced product risk. From traditional financial institutions to cloud-native startups, her work bridges how technology enables connection—and how those same systems can be exploited.

She shares her early fascination with communication networks, her journey through IRC, payphone hacks, and digital commerce, and how those formative experiences shaped her career.

Key Topics Covered

Chasing Risk and Complexity

• Fraud as a window into system weaknesses — Allison explains why fraud fascinates her: it’s about understanding how things can go wrong even when the code is working as designed.
• She discusses how payment systems, platform identity abuse, and communication channels become targets precisely where their value lies.

The Role of AI in Cybersecurity

• AI as a detection tool: Building on her background in detection technologies, Allison sees AI as the next step in a lineage of data-driven defenses.
• Three key AI applications:
  → Detection
  → Investigation assistance
  → Automation in Security Operations Centers (SOCs)
• CISO responsibilities: While AI governance is still evolving, Allison highlights parallels with AppSec and suggests that product risk programs must incorporate AI security and safety.
• Agentic AI and emerging risks: She warns that autonomous agents, while powerful, introduce new layers of system complexity that require holistic monitoring—simple components can combine into chaotic behaviors.

Future of Cybersecurity Leadership

• Cloud, mobile, and multi-cloud continue to challenge traditional security models, requiring CISO teams to expand their skills and embrace innovation.
• CISOs are now “chasing complexity” as much as they’re defending against it.

Advice for Aspiring Cybersecurity Professionals

• Follow your curiosity rather than a linear career path.
• Focus on interesting problems—your unique perspective will create opportunities.
• Embrace networking and open conversations to accelerate learning and growth.

Quote of the Episode:
"Follow your curiosity. You can bring your interests into almost any job description—and that's where real opportunity lies." — Allison Miller

Tune in to this episode for a candid discussion that peels back the layers of how risk, fraud, and AI are shaping the cybersecurity front lines.

Subscribe to the Chasing Entropy Podcast for more real talk with the minds driving cybersecurity forward.

LinkedIn: Allison Miller, Founder & Principal, Cartomancy Labs

Website: Cartomancy Labs

Newsletter: Futurecast

In this episode of Chasing Entropy, I sit down with cybersecurity trailblazer Wendy Nather for an honest, insightful, and occasionally hilarious conversation that spans career origin stories, hammer metaphors, and how empathy is the secret weapon of modern security leadership.

From Swiss Banks to Strategy

Wendy Nather’s journey into cybersecurity is anything but conventional. From wrangling Unix systems at a Swiss bank to being unexpectedly appointed head of EMEA security, her career has been a series of “say yes and figure it out later” moments. Her creation of the security strategist role at Duo (where she helped bring Dave onboard) laid the groundwork for today’s Advisory CISO model—distinct from field CISOs and rooted in trust-building and strategic influence.

Understanding the Security Poverty Line

Wendy unpacks her now-famous concept of the “security poverty line,” a lens for understanding how underfunded, understaffed organizations struggle to meet industry best practices. It's a call to move beyond judgment and toward practical empathy—especially when small businesses with outdated gear and little budget become backdoor vulnerabilities in the broader digital ecosystem.

The Human Side of Cybersecurity

The conversation dives deep into the need for empathy, especially at the CISO level. Wendy argues that real leadership in security isn’t about technical perfection—it’s about understanding people, building influence, and leading with compassion. For those just entering the field, she reminds listeners that many roles in cybersecurity today didn’t even exist a decade ago, and that we’re all still “making this up as we go.”

Agentic AI, Zero Trust, and a Spoon

The pair also reflect on the rise of agentic AI and its implications for zero trust architectures. Wendy challenges the assumption that AI introduces completely new risks, suggesting instead that it’s a matter of awareness, contract transparency, and figuring things out as a community. She also revisits her “spoon” analogy from past keynotes: good security design should be as intuitive as using a spoon—hard to mess up, universally usable.

Final Thoughts

Wendy closes with advice for veterans and newcomers alike: surround yourself with peers you trust, keep learning, and don’t buy into gatekeeping myths that overvalue technical credentials. What really matters is adaptability, collaboration, and understanding the bigger picture.

Subscribe to Chasing Entropy on your favourite podcast platform and join us next time as we continue to unravel the systems and stories shaping cybersecurity.