Sean D. Mack
CIO/CISO and author (Enterprise Security: A Data‑Centric Approach) who discusses real‑world cybersecurity leadership conversations and enterprise risk focus areas.
AI‑Assisted Development: Incremental Boost or Enterprise Transformation?
What is the real impact of AI-assisted development in large enterprises? On personal projects, it feels like a step change. At scale, I am not sure yet. Is it incremental or transformational?
AI Security Mirrors Existing Controls, Not a New Paradigm
Is AI security actually different? The categories look familiar: Shadow AI, Shadow IT Agent identity, IAM AI vendors, TPRM So what is fundamentally different about security for AI related threats?
AI Agents Behave Like Users, Not Service Accounts
AI agents are not service accounts. They are closer to users accounts, but more complex. They act on behalf of others. They change behavior. They can create more agents. How are you handling Agentic identity?
Autonomous Agents Pose a New Large‑scale Threat
An agent with a goal and agency can do real damage. We used to worry about compromised accounts. Now we need to worry about autonomous decision-making at scale. That is a very different risk model.
Teams Still Operate Security Without a Dedicated CISO
What surprised me in recent discussions is not the threats. It is how many teams are still trying to manage this without dedicated leadership. How are you structuring security if you do not have a CISO?
Seeking Real‑World OpenClaw Use Cases and Experiences
Anyone using OpenClaw? Very interested to hear how folks are using it? What's your favorite use cases?
AI Finally Closes Search Loop, but Trust Remains Uncertain
The evolution of search has always been "Find". Google never got there but, now, AI has. AI is the first time it feels like the loop is actually closed. But it raises a new question: How much do you trust the answer?
AI‑Assisted Development: Small Gains or Ten‑fold Leap?
What is the actual impact of AI-assisted development in large enterprises? On my own projects, it feels like a step change. But at scale? Is it 10 percent faster or 10x?
Attackers Leverage AI Faster Than Defenders' Policies
“Cyber criminals are the ones using AI most effectively.” One of those quotes from RSAC that stuck with me. Not because it’s surprising, but because it’s operationally true. Attackers iterate faster. They measure outcomes better. They deploy without governance friction. Meanwhile, defenders are still debating...
Dynamic Identity Systems Needed for Independent AI Agents
Identity for AI agents came up in almost every serious conversation last week at RSAC. It is not just “give them an identity.” It is that: identities are dynamic agents act independently and they will outnumber humans We built identity systems for people. Now we need...
From AI Risks to Rapid Control Implementation
I hosted a roundtable at RSAC with NTT Data on AI risk. The conversation has shifted. We are past “what are the risks of AI.” Now it is: how do we operationalize controls fast enough? That is a very different problem.
Shadow AI Emerges as Active Threat Amid Rapid Adoption
Shadow IT was always a problem. Shadow AI is different. Now it can act, not just exist. And the pace of adoption is like nothing I have seen before. What are you doing to manage shadow AI?
In‑person Conversations Drive More Value than System Tweaks
Back in NYC after a week at RSAC. Still processing how much of the value came from one simple thing: actually talking to people in person. We spend so much time optimizing systems. We forget how much progress still comes from conversation. If you...
Beyond Heatmaps: Quantify Cyber Risk Financially
Heatmaps aren’t enough anymore for cyber risk. Leaders want to understand financial impact, not just red, yellow, green. https://buff.ly/zGxWwLP
AI Research Reveals Rapid Shift in Labor Markets
New research from Anthropic on AI and labor markets is worth a read. Not sure if I should be amazed or horrified. https://buff.ly/tyFSWks We’re starting to get real signals on how work is shifting.
Claude Code Forgets Alias, Reverts to Full Paths
I found something Claude Code struggles with. Memory. Tried to get it to consistently use an alias instead of a full path. Documented it multiple ways. Still reverts. Simple problem, surprisingly hard.
Comparing Claude Cowork and Microsoft 365 Copilot Use Cases
Anyone using Claude Cowork alongside Microsoft 365 Copilot? Where do you see each one fitting day to day?
Claude Code Speeds Terminal Workflow, but Lacks Input Alerts
Switched to using Claude Code in the terminal more. It feels faster and more natural. But I miss one simple thing: notifications when it needs input.
New Patterns Emerge Coordinating Multiple AI Development Agents
Anyone coordinating multiple AI agents for development? Still early for me, but already seeing new patterns in how work gets divided. Curious how others are approaching this.
CXO Advisor Reveals Current Security Leader Trends at RSAC
Great to sit down with Tom Field today at the ISMG studio at RSAC. We talked about CXO Advisor, the market, and what we’re seeing across security leaders right now. Always a great conversation.
AI Transforms Search From Finding to Understanding
The evolution of search was always “find.” - Great insight from last week's roundtable with Palo Alto and NVIDIA. We never quite got there with traditional search engines. With AI, it finally feels like we have something closer to “understand.”
Operationalizing AI, Not Adoption, Defines Competitive Edge
One thing I’m seeing more clearly this week: The gap is no longer between “AI vs no AI.” It’s between organizations that can operationalize it and those that can’t.
Iterate in Small Steps: Safer Than Big Overhauls
One lesson from years of DevOps work: Small changes are safer. Large changes feel efficient but carry hidden risk. That idea seems just as true with AI assisted development. Iterate quickly, but in small steps.
AI's Future Lies in Workflow Orchestration, Not Models
I am starting to believe that the most interesting part of AI development is not the models. It is the workflows around them. Agents coordinating work, orchestrating tasks, managing context. Feels a lot like the early days of DevOps when we started wiring...
ISMG CXO Advisory Reveals Top Cybersecurity Priorities
One advantage of working with ISMG's CXO advisory practice is exposure to thousands of cybersecurity leaders. You hear what is actually worrying them. Right now the themes are pretty consistent: AI governance Identity security Third party risk Board level accountability What's top of your list?
AI Dialogue Shifts to Governance, Identity, Security
Great roundtable this week in San Jose with NVIDIA and Palo Alto. What stood out most: the AI conversation has leveled up. Less hype, more real discussion about things like governance, identity for AI agents, and securing non deterministic systems.
OT‑IT Divide Shrinks as Threats Demand Collaboration
Great to be in Houston last week at CS4CA. One thing that stood out immediately: the OT and IT worlds are still very different cultures. But the gap is closing quickly because the threat landscape is forcing it. The conversations here are...
Terminal Feels Faster; App Simplifies Multitasking with Claude Code
Really enjoying working with Claude Code in the terminal. But I still find myself going back to the app sometimes. The terminal feels faster and more natural for development. The app feels easier when juggling multiple threads of work. Curious where others have landed.
Bay Area Cyber Leaders: Secure Enterprise AI at Scale
Preparing for another round of cybersecurity roundtables next week. One of my favorite parts of the job is hearing how different organizations approach the same problem. Next stop is San Jose for Securing the Enterprise AI Factory at Scale. If you’re a...
AI May Shift Companies Back to Building Software In‑House
Thinking about the build vs buy equation in the age of AI. If software becomes dramatically easier to build, companies may start building more internally again. Anyone seeing this happen?
Juggling Multiple AI Tools Drains Productivity
Context switching between AI tools is exhausting. Claude Code ChatGPT GitHub Terminal All incredibly powerful, but the context switching is giving me a headache.
Secure Your Code: Guardrails for AI Assistants
If your developers are using Copilot or Claude Cowork heavily, how are you handling the security side? Code context Internal repos Sensitive data exposure Feels like a lot of organizations adopted these tools before really thinking through the guardrails. What are you doing to protect...
Clear Prompts, Better Architecture: AI Coding Demands Precision
One thing I’ve noticed working with AI coding tools. They force you to think much more clearly about the problem. Bad prompt equals bad architecture.
AI Cuts Software Costs Tenfold, Redefining Industry Economics
The more I work with AI coding tools the more I think we are underestimating how disruptive this will be. If the cost of building software drops by 10x, the economics of the entire industry changes. Build vs buy changes. Barriers to entry...
Day 2 Highlights: Crowd Prioritizes Critical Infrastructure Security
Kicking off Day 2 at CS4CA in Houston. Great crowd focused on securing our most critical infrastructure.
AI Coding Threatens Software Moats Built on Engineering Capacity
Thinking a lot about the impact of AI coding on the broader market. Historically software companies competed on engineering capacity. But if AI dramatically expands development speed and reduces required skills, that advantage shrinks. So what becomes the moat? What does a...
Agent Teams Transform Development: Chaotic Yet Powerful
I’m starting to experiment with Agent Teams for software development. One writing code. One reviewing. One testing. Feels a bit chaotic right now but incredibly powerful. Really interested to hear about how this is working for larger enterprises. Hundreds of team members each...
Claude Code Workflows Rapidly Evolve Across Platforms
Curious how people are actually working with Claude Code. Terminal? Browser? Desktop app? I’ve been bouncing between all three depending on what I’m doing and it feels like the workflows are still evolving quickly.
AI Accelerates Data Flow, Making Sensitive Data Identification Harder
Great to host the cybersecurity roundtable in NYC with Cyera. Key takeaway: data security is getting dramatically harder. AI systems dramatically increase how fast data moves across systems and teams. Identifying truly sensitive data is becoming the real challenge.
Cybersecurity Shifts Focus: Protect Data Behind Infrastructure
In Houston this week for the Cyber Security for Critical Assets Summit. Looking through the agenda, one thing stands out. The conversations are no longer just about protecting infrastructure. They are about protecting the data and systems that operate infrastructure. If you're...
Parenthood Turns Cyber Resilience Into Personal Responsibility
Cyber resilience feels different when you’re a parent. Security stops being abstract strategy and becomes something much more personal.
Seeking Fractional CISOs to Scale Multi‑Org Security Impact
If you are a practicing fractional CISO and want to be part of something bigger, we are building. CXO Advisor is scaling and we are looking for experienced security leaders who want impact across multiple organizations. DM me.
Regular Drills Prevent Security Skill Decay
In winter survival training they call it 'dirt time'. You need to get hands-on and practice. Skills decay if you do not practice them. The same is true in security: Tabletop exercises, incident response drills, access reviews. If you only touch...
RSAC Attendance: Join ISMG Team to Discuss AI Security Trends
RSAC is coming up. I will be there with the ISMG team. If you are attending, let’s connect. Curious what themes you expect to dominate this year. AI security? Identity? Platform consolidation?
Winning with AI Means Responsible, Scalable Governance
I had an awesome time speaking about AI governance at the Virtual AI Summit last week. Governance is not about slowing AI down. It is about making sure it scales safely. The organizations winning with AI are not the ones experimenting the...
MFA Remains the Easiest High‑ROI Security Win
Just about every small and mid sized business I talk to is still behind on MFA. It is still the highest ROI security control available. If you have not enforced MFA everywhere, that is the easiest win you have this quarter. Read more...
GenAI Augments Security Stack; AI Firms Target Specific Markets
Anthropic entering secure code has everyone predicting the collapse of security vendors. I think that framing is too binary. GenAI will augment nearly every layer of the security stack. That does not mean the stack disappears. The better question is: which markets do...
Start with Risk, Not Assessments, to Build GRC
Developing a new GRC platform and I made a mistake. I started with assessments. You should start with risk. Risk first. Then controls. Frameworks and assessments are just ways to organize risk. But this is easier said than done. Most organizations don't really know...
Design for Breach: Embrace Cyber Resilience Over Security
We need to move from cybersecurity to cyber resilience. Cybercrime is scaling faster than security budgets. At this point it is safe to assume credentials are compromised and someone has been inside your environment before. If you start from the assumption of...
Cybercrime Outpaces Spend; Prioritize Architecture, Identity, Resilience
Cybercrime growth is outpacing cybersecurity spend. We are not going to tool our way out of this. Architecture, identity discipline, and operational resilience matter more than another dashboard.