Cybersecurity Videos

All News Deals Social Blogs Videos Podcasts Digests

The Trust Problem in Cybersecurity — and How to Fix It

•May 21, 2026

Techstrong TV (DevOps.com)

Techstrong TV (DevOps.com)•May 21, 2026

Why It Matters

Trust in security vendors is now a commercial and operational risk: enterprises rely on vendors for protection, and vendor compromise undermines that foundation. Greater transparency and proactive disclosure can reduce systemic risk, influence procurement, and shift industry standards toward accountability.

Summary

Ross McCert, longtime CISO at Sophos, describes how the company evolved from endpoint roots into a full-spectrum security provider with a large MDR business serving some 30,000 customers. Facing repeated compromises across the industry, Sophos has made transparency central to its strategy, publishing detailed incident research—most notably on sustained attacks by a well‑resourced China‑linked actor—and cooperating with U.S. authorities. McCert framed the firm’s annual Trust Reality report as an effort to quantify a growing “trust problem” in cybersecurity: products meant to protect customers are increasingly themselves vectors for harm. He argues that radical openness about vulnerabilities and threat activity is the best way to rebuild confidence in security vendors.

Original Description

In this episode of TechStrong TV, Alan Shimel sits down with Ross McKerchar, CISO at Sophos, to talk about why trust has become the most important — and most underdeveloped — currency in cybersecurity. Drawing on 19 years inside Sophos and findings from the brand-new 2026 Sophos Trust Reality Report (5,000+ organizations across 17 countries), Ross explains why customers struggle to assess vendor trustworthiness and what should replace today's broken supply chain questionnaires.

Ross covers the breadth of the Sophos portfolio — from endpoint and email to firewall and a 30,000-customer MDR business — and dives into the radical transparency approach behind Sophos's Pacific Rim report, the Secure by Design tailwind, and why "verifiable artifacts of maturity" like wide-scope bug bounties, fast and technical incident communication, and a credible CNA/CVE program tell you more about a vendor than any survey ever will.

Chapters:

00:00 Introduction

00:35 19 years at Sophos and building a security team of one

03:00 The Sophos portfolio — endpoint, firewall, MDR (30k customers)

05:30 The origin of the Trust Reality Report and Pacific Rim

09:00 Top findings — trust is #1, but 80% can't assess it

12:00 Are SBOMs actually useful today?

16:00 Replacing vendor questionnaires with verifiable artifacts

21:00 What wasn't on Ross's bingo card

23:30 Closing thoughts

Learn more: https://www.sophos.com

Subscribe to TechStrong TV for more conversations with the leaders shaping DevOps, cybersecurity, AI, and cloud-native technology.

#Cybersecurity #Trust #Sophos #CISO #SupplyChainSecurity #SecureByDesign #BugBounty #SBOM #TechStrongTV #MDR

Comments

Want to join the conversation?

Loading comments...