What happens when we finally admit that stopping every cyber attack was never realistic in the first place?
That is the common thread running through this conversation, recorded at the beginning of the year, when reflection is more honest and the noise knob is turned down a bit. Nearly three years after our last conversation, I was joined by returning guest Raghu Nandakumara from Illumio, to tackle a question that has aged far too well. How do organizations talk about the value of cybersecurity when breaches do occur?
This episode is less about shiny tools and more about uncomfortable truths. We spend time exploring why security teams still struggle to demonstrate value, why prevention thinking alone continues to disappoint leaders, and why the conversation is slowly shifting to resilience and containment. Raghu is refreshingly direct about why mitigating cyber risk, rather than chasing impossible guarantees, is the only metric that will truly hold up under management’s scrutiny.
We also talk about the strange contradiction happening across industries. Attackers often use known paths, such as misconfigurations, excessive permissions, and missing patches, but many organizations still fail to close these holes. The problem, as Raghu explains, is rarely a lack of resources. Usually it involves fragmented messaging, outdated processes and a talent pipeline that prevents skilled people from entering the field while claiming there is a skills shortage.
One of the most practical parts of this conversation is about mindset. Instead of asking if an attacker has entered, Raghu argues that leaders should ask how far they could go once they were inside. That shift alone changes the way success is measured, how teams prepare for incidents and how pressure-filled P1 moments are handled when boards want answers every 15 minutes.
We also discuss how legal action, public claim campaigns, and customer lawsuits are changing the stakes after a breach, forcing executives to rethink how they design cyber investments. From there, Raghu shares how Illumio worked with Microsoft to strengthen internal resilience at scale, and why visibility and segmentation are becoming increasingly difficult to ignore.
This is a conversation about realism, responsibility and growing up as an industry. If cybersecurity is really about security and not about slogans, what would you like your organization to stop saying, and what would you rather hear instead?
Feel free to upload the podcast. Here are also the links we discussed during the call:
Useful links
Subscribe to the Tech Talks daily podcast
#Illumio #helping #leaders #rethink #cybersecurity