The Job Security Cybersecurity Podcast
The Job Security Cybersecurity Podcast, brought to you by Expel Security, explores the unique perspectives and stories of the people who make the cybersecurity industry what it is—whether they realize it or not. Hosts Dave Johnson and Tyler Zito recognize that we're living in an enlightenment period of cybersecurity, where the industry has stabilized with established education systems, compliance frameworks, and documented methodologies. But it took a lot to get here.
This podcast looks inward at our community and culture, sharing the stories of how we built this industry through DIY traditions, mythologies, and countless people figuring it out as they went. We explore not just the technical aspects of security, but the human elements—from current students and interns to seasoned professionals, and even those outside cybersecurity who offer valuable perspectives on risk, strategy, and innovation.
Expect conversations about where we've been, where we are now, and where we're headed next. We'll talk to adjunct professors, threat hunters, entertainers at hacker conventions, and professionals from adjacent industries who can teach us something new. This isn't another podcast about threats and threat actors—it's about the people doing the work and the lessons we can learn by looking in slightly different directions.
Join us for a mix of education, entertainment, and optimism as we celebrate how far cybersecurity has come while inspiring curiosity and innovation for the future. Whether you're taking a lunch break or winding down after incident response, we're here to help you relax with good stories and interesting discoveries.
The Job Security Cybersecurity Podcast
Episode 3: Building an AI-powered security practice
Host Dave Johnson and co-host Tyler Zito sit down with Peter Holcomb, founder and CEO of Optimo IT and self-described "AI Samurai," to explore how AI is reshaping cybersecurity—from automating compliance workflows to defending against emerging threats. Peter shares practical insights on shadow AI risks, AI observability, and how fractional CISOs are becoming essential for AI-native companies navigating security and governance challenges.
Key topics & timestamps
Peter's background and Optimo IT (2:31 - 4:26)
- Founder/CEO of AI security consulting specializing in fractional CISO services
- Focus: SOC 2 Type II, ISO 42001/27001, GDPR, HIPAA
- Former CISO at DataVolo (acquired by Snowflake) and EMED Digital Healthcare
Overlooked AI security challenges (4:26 - 7:35)
- Shadow AI becoming the new "shadow IT"—unsanctioned tools introducing risk
- AI observability must track: alert severity, user queries, token usage, cost, data lineage
- Automated evidence tracking with platforms like Vanta, Drata, Risk 360
Applying existing security principles to AI (7:35 - 9:02)
- Reapplying standard security practices to different use cases
- Continual education on appropriate tool usage and data stewardship
- Shared responsibility between security teams and business
The fractional CISO model (9:02 - 14:24)
- AI-native companies need security expertise but want to focus on product
- Business owns the risk—CISO advises on treatment options
- Third-party perspective often carries more weight than internal recommendations
Building an AI-powered business (16:17 - 19:32)
- Email agent automates responses, saves drafts for review
- Lead generation agents personalize outreach sequences
- ~10 agents handling administrative tasks to focus on strategic work
- Building evidence collection agents for audit workflows
AI security use cases (19:32 - 24:21)
- Red team/blue team testing via TestSavant.ai
- Microsoft Copilot integration risks
- Recommended tools: Petra Security, Cloud Capsule for pre-Copilot assessments
AI's future in security operations (24:43 - 28:27)
- Near-term: Autonomous defense agents detecting/remediating faster than humans
- Still need human-in-the-loop for verification
- Zentra.ai: Building agents for level 1-2 IT operations
- Example: 24-hour ticket resolved in 30 seconds with agent automation
Career advice (29:41 - 32:22)
- Get educated on AI—tinker with it, understand pitfalls
- AI governance is the "new GRC"
- Get hands-on: Build labs, use AWS free tier, experiment with tools
- Identify repetitive tasks and automate with agents
Key quotes
"Shadow AI is becoming a huge thing right now... individuals want to be more productive, but they might install these vibe coded tools and now they're introducing more risk into the environment." - Peter Holcomb
"There are only four things you can do with risk. You can accept the risk, mitigate the risk, transfer the risk, or ignore the risk." - Peter Holcomb
"Back in the day, GRC was not looked at as a sexy thing, but now, with the ubiquity of AI, AI governance is top of mind for everybody." - Peter Holcomb
Production Credits
- Co-hosts: Dave Johnson and Tyler Zito
- Producer: Ben Baker
- Sponsor: Expel MDR
Connect