On the 19th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Eric Brohm, Chief Information Security Officer at Wyndham Hotels & Resorts. Wyndham is the world's largest hotel group, offering nearly 10,000 properties in 95 countries across 24 global brands. In this conversation, Eric shares his thoughts on how AI is fast becoming an indispensable tool for cybersecurity teams, the potential of AI in risk-based decision-making, and the growing trend of cybercriminals using AI.
Quick hits from Eric:
On the speed of AI adoption between attackers and defenders: “Attackers take up tools quicker than we do. They don't need to worry about test environments and, politically, selling the tools’ ROI for the business, right? They just go and they use it.”
On AI as a tool to enhance security: “The industry of adversary emulation has been really big. I can point AI at my environment and it knows what security controls I have on the back end. It knows what my vulnerabilities are on the front end and says, “If I were an attacker, this is probably what I would do.” So that helps us drive smart investment based on AI helping us with those risks.”
On the need for collaboration in cybersecurity: “Community is a key piece of why I love being in cybersecurity so much, and that collaboration is what we need to stay ahead of, or at least try to keep pace with whatever tools the attackers are using.”
Recent Book Recommendation: Questions Are the Answer by Hal Gregersen
Evan: Hi there and welcome to Enterprise AI Defenders, a show that highlights how enterprise security executives are using innovative technologies to stop the most sophisticated cyber attacks. In each episode, fortune 500 CISOs share how AI has changed the threat landscape, real-world examples of modern attacks, and the role AI can play in the future of cybersecurity.
I'm Evan Reiser, the founder and CEO of Abnormal Security.
Mike: And I’m Mike Britton, the CISO of Abnormal Security. Today on the show, we're bringing you a conversation with Eric Brohm, Chief Information Security Officer at Wyndham Hotels & Resorts. Wyndham is the world's largest hotel group, offering nearly 10,000 properties in 95 countries across 24 global brands.
In this conversation, Eric discusses how AI is fast becoming an indispensable tool for cybersecurity teams, the potential of AI in risk-based decision making, and the growing trend of cybercriminals using AI.
Evan: So Eric, thank you so much for joining us. Mike and I have been really looking forward to this episode. Maybe to start, do you mind giving our audience a bit over, a bit of an overview about your career? Maybe how you ended up in the role you're in today?
Eric: Sure, sure. My intro into cybersecurity was very early on. I had a degree in computer engineering from, from Rutgers University. Got into some of the more engineering Side of things to start my career and then fell into cybersecurity right into instant response and, and data forensics, which normally at this point in time is not the initial, uh, career move for most, uh, cybersecurity folks, but this was back in 2004. And back then the industry wasn't very mature yet. And so you could go ahead and start your career in incident response and data forensics.
And so, uh, worked for a company doing that from 2004 to 2012. Uh, where I was brought in by, by Wyndham Hotels and Resorts, who had recently experienced a pretty landmark Data breach at the time. And so in response to that was building up a more fulsome security organization, bringing folks in from the outside who had real professional experience in that.
And, uh, I was part of that influx of folks and, uh, just continued to grow my career at Wyndham now ultimately becoming the, the chief information security officer.
Evan: Was there a moment kind of in your career where kind of something clicked for you or a light bulb went off or like, okay, like cyber security is where I want to kind of spend my, my time and my energy.
Eric: Yeah, you know, it was when in doing incident response, just how much fun this was. As I mentioned, my degree was in engineering. And so, uh, engineering to me equates a lot, is a lot of problem solving in terms of the way of thinking. And, when you're parachuting into these scenarios where someone's in the midst of a breach and having to problem solve very quickly, and it was a new scenario each and every time.
You have that moment where you go, wow, I really, really like my job. I'm really enjoying what I'm doing and it's hard and it's difficult and it's challenging and it's stretching me, but I'm really, really, uh, enjoying it.
And then, and then just the community of people as well. Very like minded, always very collaborative from, from within teams internally, like at Wyndham, but to even externally with some of our competition in the hospitality industry, uh, we work very, very closely together because we compete on room rates. We compete on occupancy. We don't compete on, on security. We all want to do well. We want people to feel secure staying in, in hotels across the board. Right? Cause what's bad for Wyndham could be bad for the rest of the hospitality industry if, if, if guests lose trust that they can either swipe their credit card or book online, uh, a hotel. And so, uh, I just really enjoy the, the people as well within cybersecurity.
Mike: You know, Eric, one of the things, you know, technology innovation today is probably moving at its fastest pace we've ever seen. There's broad enterprise adoption of SaaS, everything's in the cloud, and it's definitely beneficial from a business perspective, but that also changes how we approach security. How do you see the threat landscape changing in today's cloud first world?
Eric: Yeah, I think there's two aspects of that. One is one is the cloud itself, right? Or enterprises are putting their systems, putting their workloads in the cloud. And then we as security practitioners need to go and help secure that. And some of that is really changing the way the enterprise thinks about security security. We're no longer looking at, you know, your traditional vulnerability management on a server that's sitting in a data center, right?
A lot of these are serverless workloads. And so, uh, we're looking at configuration settings in AWS or Google Cloud or wherever your enterprise sits or even maybe even both, and having the right controls, and standards around that and really working as security practitioners to help enforce those within our organization, and wrap them in, in some best practices. Uh, so that's on the cloud side, uh, from an internal standpoint for enterprises.
On the SaaS piece where we're utilizing, uh, third parties, third party applications. Uh, there's so much there. And I think all organizations are doing this now, where they're doing more buying instead of building. They're looking for this best in breed tool, for their business to use. And, and so the different pieces that one is identity. Right. There's a login that happens there and if that login is not secure, this application that you purchased on behalf of your business to use could now be being used by someone else sitting somewhere else that you don't know. So making sure that the identity is wrapped in good security best practices, which includes, you know, nothing groundbreaking there, right? Multi factor authentication, utilizing biometrics if necessary, and making sure the person who has access to these applications is the person you intend to, and that what they have access to in those applications is, is what you intend for business purposes as well.
The other side of that is data proliferation. So many of these third parties that we're connecting to then say, Hey, can, I need access to your data to be able to do this. And so whether that's through, uh, full upload copies of, of data and pulling that across or just an API connection, so that adds a whole new dynamic to this API security.
Third party security. What are you doing with our data? and making sure that they have the right, you know, you can wrap your data internally and for your internal applications in best practice in the utilizing the right procedures around it. But are your third parties doing that as well? Third party risk is a key consideration now. Identity access management key consideration when it comes to SaaS.
Mike: You know, I think about Wyndham and just given the scale of your business and, you know, you probably have a very unique attack footprint. What are some cybersecurity use cases that you guys might have that an outsider may not fully appreciate?
Eric: Yeah, there's a few, uh, that are unique to, uh, hospitality and I would say retail as well, right? We have an on site presence, but then we also have a web presence. So someone can come in to a hotel and make a booking, but they could also book online, so we have to cover both. We are not just an e commerce business. We're just not a brick and mortar business. Uh, we're a hundred percent both. Uh, and so you need to secure both of those. And, uh, in doing so, especially for our customers on the website side, again, is balancing that, that friction with the friction of security with ease of use.
We don't want to make it difficult for someone to come and book through our mobile app or book through our website, but we also need to make sure they're secure. And when it comes to travel, when it comes to hospitality, they're not as tolerant.
You know, everyone understands why they're, for their bank, they need MFA and they need to reset their password if it's not long enough. And if they, you know, they don't mind that. When it comes to booking a hotel, they don't want that there. They don't, they don't see that, but we still have the obligation to protect them and protect their data. So how do we do that in such a way that they feel, yeah, this is still really easy for me to use this, this site, but the data is being kept safe, their data is being kept safe, and their, their login or their account is not being used by someone unintended.
So that, that's a piece of it. The other piece is, uh, there's a lot of scraping that goes on. Our data is valuable. And so, where it used to be that, you know, DDoS attacks, things like, and we still, we still deflect DDoS attacks. That's still there. But a lot more of what's there that we're seeing hitting our site is scraping for rooms and rates so that that data can be monetized, uh, on the back end of the things and making sure that that type of activity is not being successful.
The new one that we've seen, which I thought is very interesting, is, you know, comes back to, we have the security now, uh, we have MFA, so you log in and, and it sends an SMS text message. You can select that as one of your MFA options. What we've seen are attacks that are coming in, where they send as many SMS, they're not even trying to create an account, they're sending as many SMS text messages as possible, generally to small, remote countries. And what's happening is they're in cahoots with the phone carriers, in those smaller countries. And so every time that fee, right, there's a fee, a carrier fee when an SMS is sent, they will overload and flood SMSs to that phone carrier, and then they'll get a kickback on the backend of things. So that's kind of a new way that we're seeing, uh, web attacks monetized by attackers.
So really, really interesting. Again, it creates that engineering mindset, that challenge of how do we solve these problems simultaneously, and still make it easy for a user to use our website and log in and book a hotel.
Mike: I imagine Wyndham's like most businesses these days where you're the business side is always looking for new technologies to use, whether it's generative AI or whatever the latest, solution or technology is out there.
How do you keep pace with them? Cause I always feel like security kind of drags behind the business. What are you guys doing to kind of stay in line with what your business wants to use from a new technology perspective?
Eric: Yeah, you know, Wyndham made an organizational change, a few months ago where we combined our IT and market sales and marketing department at our chief commercial officer, now chief commercial officer, Scott, Scott Strickland. And then we made some other changes as well. So while I'm the CISO, I also now have enterprise architecture under my purview. And so when we look at trying to stay, keep pace, uh, there, um, having security as one of my hats and now enterprise architecture as another, it helps me understand what's coming on the business side through the enterprise architecture hat, and then switch hats quickly and say, okay, how do I now wrap this with the, here's what the business wants to do. Here's the strategy going forward. How do I wrap this in, in security and how do we make it operational, for both usability on the business side, but also for the security teams to make sure that they could put eyes on it, and, uh, understand what's normal, what's not normal, and if there's anything malicious going on.
Evan: So, Eric, you mentioned, uh, you know, Scott Strickland. Um, I spoke with him, I think, before this organizational change, right? We actually did a podcast on a different, different show together. Um, one thing I just really admired from that conversation was Wyndham's focus on kind of customer service and then using technology to, like, enable that. Um, and he, he kind of shared this anecdote of using kind of really early on, but I think before the AI hype wave, it kind of fully crested, right? Talked about Wyndham using like natural language processing to analyze customer feedback, identify kind of what were the, you know, maybe latent, um, kind of opportunities to kind of improve customer service. Right. And, um, you know, it was a great example of how AI is being used from organizations to both improve kind of the, efficiency and efficacy of internal operations, but also ultimately deliver a higher quality of customer experience. And so, um, you know, there, there's lots of good uses of AI, right?
Love to hear kind of your, you know, your thoughts maybe on like the, we'll come back to the positive side, but you know, AI is a really powerful tool, right? Tool can be used for good or bad, right? You know, Wyndham does a great job of using it for, for good. And like, you know, your customer is getting a better, better service, right? Because of that.
What do you worry about in terms of like the criminal use of AI and like, what do you think the implications are for secure security organizations as they kind of get ready to prepare for like the next generation of, you know, attacks?
Eric: So, as we're seeing AI used, uh, and make no mistake about it. Attackers take up tools quicker than we do, right? They're more agile. They don't need to worry about test environments and testing this. And, and, you know, politically selling this tools, uh, ROI for the, for the business, right? They just go and they use it. And so they're out, they're always out a little bit ahead. And with AI, it's, it's even more complicated because of the velocity that the tool is, uh, that AI as a tool is developing. Um, and so in trying not to lag behind, again, a lot of this is threat intelligence and learning about how AI is being used by attackers before they use it on Wyndham, um, where we're seeing it right now, both, both in other organizations and at Wyndham is in the social engineering space.
We're seeing it very clearly generate text message conversations going back and forth impersonating some of our executives. We have had voicemails left where A.I. is using recordings of our executives, and then generating different speech, different words, you know, whatever they type in for them to say, but it's in the voice of our executives.
And now not within Wyndham, but we've heard from some of our peers, even video as well, just like you and I are having this conversation now that, uh, deep fake videos are being used to put calls together, uh, and not just one on one calls. Uh, we're hearing about calls that have multiple people on screen, and look very, very good. And so social engineering is, is one of those areas where we now need to up our game on the awareness side, right? The best way to combat social engineering. There's, there's some technical ways to do it as well, but, but awareness is the top way. And so making our users aware that, that this is the type of adversary they're up against. These are the tools that they're using. This is what you can, you can expect, for them to come at you with.
And it's not just high value targets either, right? A lot of, a lot of the folks that we're seeing targeted in this are in the sales organization. It's not just C level, uh, individuals. And so, Really, really interesting. They're coming on very, very quickly and, uh, we'll continue to try to stay ahead of this by sharing information with our peers.
You know, we are part of, I mentioned sharing a few times. There is an RHI SAC, which is a retail and hospitality ISAC, which we're a part of and, and very active members in, um, and that's just been a great community for helping others understand what we're seeing so that they can address it before they see it and then vice versa, so that we understand what's going on out there and can begin to address it before. So that's how we try to stay ahead.
Collaboration. You know, I mentioned again, kind of circling back, the community was a key piece of why I love being in cybersecurity so much, and that collaboration, is what we need to, to stay ahead as best, or at least try to keep pace with, uh, whatever tools the attackers are using.
Evan: You know, one thing I hear from a lot of your peers is kind of a underlying angst or frustration where they feel like cyber attacks have never been, you know, worse. Right. And the kind of charts are going up into the right yet, like we've never spent more money or energy or time, right.
Trying to defend. And so like the, The kind of direction you're kind of, or the future, the immediate future you're painting, right, it's a little bit grim, right, where, you know, it's not good today, right? I think a lot of, a lot of security leaders feel a little bit underwater, right? Just trying to defend against the basic stuff.
You're talking about a world where a couple years from now, where every petty criminal has access to ChatGPT seven, they're doing everything you just described, but like now it's more accessible, it's easier, it's more, you know, more possible and accessible to personalize at scale.
Like, what, what, it just feels like we're going this like unsustainable routes. Like, what, what do you, how do you think about that? And like, what do you think we need to be doing as a cybersecurity community to kind of get ready for that, you know, upcoming future?
Eric: Yeah, you know, I think we need to push our, push our vendors to utilize, um, artificial intelligence as well. Now, I don't see a future where it's just machine versus machine in that respect, but I do see a future where SOC analysts can react much more quickly, to things. They don't need to get the syntax right. In a search query, uh, they, they type in what they're looking for and the, the AI understands the types of logs that it has, understands even potentially business context around that and can help point them in the right direction a lot quicker. So I don't ever see an environment where there's no human in the middle there, but I see AI being a force multiplier for, for those humans and helping them respond, uh, even, even more quickly.
I also think that AI can help us in very similar to the way we're seeing it. You hear about people being diagnosed via AI. They're putting their symptoms into a medical AI. And it's, it's pulling in all this data and saying, Hey, I think you have this. And people are, uh, people are saying, yeah, my, my doctor didn't even find that. And this is what it ended up being. And I, I view it similarly to that, where as we look at this from a risk perspective, that AI has context, from our logs, from our telemetry, from our business, our business strategy and context and pulls all that together and we can ask it, Hey, here, here's what we're doing. What do we need to be doing? Like, what are the, what are the risk, high risk areas that we're not covering? Or here are kind of what kind of what we're seeing. What do we think this, what do we think this issue is? What do we think this attack is? And helping us die, essentially diagnose those things, uh, quicker so that we can, we can treat them quicker, maybe even stay ahead.
You know the industry of adversary emulation has been really big. If we think about AI in that space, where I can point AI at my environment and they know that it knows what controls, security controls I have on the back end. It knows what my vulnerabilities are on the front end and says, Hey, if I were an attacker, this is probably what I would do. And so that helps us drive smart investment and getting ahead based on, on AI helping us with those risks. That's probably 10 years down the line, like that level of simplicity that I was just, uh, describing, but I think we can get there. So I don't think it's hopeless. I think we need to recognize the same way that Attackers are using AI as a tool that we need to start using using AI as a tool and we need to continue to push each other and push our vendors to develop to get better quickly and help keep pace.
Evan: You kind of mentioned like, um, there's all this kind of organizational context, and I mean that very broadly, right? That is kind of hidden from the outside world, right? You know, chat GPT would give every criminal access to all the data that's public on the internet, but some kind of organizational context, right? Um, that you're kind of a good AI can use to what extent, like, to what extent do you think that's going to give an advantage longterm, right? Just, I guess, is the, do you think the The advantage in the long term accrues to the defenders, right, uh, because of that, you know, additional knowledge and information that kind of the, the good guys AI has access to.
Eric: I think it helps close the gap. There's still, you know, as, as much as I talked about the community and the information sharing and the threat intelligence, there's a lot more of them on the bad guy side than there are of us. And, and they have the, uh, ability to, uh, play around with the tools and, you know, a lot more than we do. It's, it's the, the old phrase, right? They need, we need to be right every time. They only need to be right once, that type of thing. So when you just think of it as from a probability standpoint like that, um, very hard to get ahead of that, but certainly possible to close the gap in the future. And so, uh, and I, and I look forward to, I believe we can, we can get there, um, as a, as a community.
Mike: So Eric, I think you bring up some great use cases for AI on the defender side. I think the one thing that always concerns me is because of all the hype with AI, how do you sort out with all the vendors? Cause you know, if you've been to RSA, been to Blackhat, every single vendor has some sort of claim to using AI in their solution.
How do you kind of sort out the fact in the fiction and find you know, those organizations, those suppliers and vendors and solution providers that are actually using AI for benefit versus, you know, they want to, they want to capture the marketing height.
Eric: That's a excellent, an excellent question. Um, and I think proof of concepts, proof of values have become more important than ever before because it might even work the way that they are saying it's working, but it might not be a good fit for your business, right? These tools are the way they operate. Um, and what they need and the context that they need are certain specific telemetry that they need in, in order to function in the way that they were meant to just might not be a good fit for your business. I'm not calling them all liars, but, but it might just not be a good fit.
And so we do find, um, so I guess, you know, we think about if, if we're becoming more efficient, In, in the SOC analyst world, um, you know, how do we use that time, some of that time that we're getting back? And I think we use it to test out, uh, new tools and see, do these fit? Does this make sense for, you know, in my case, Wyndham, does this make sense for Wyndham? Uh, is this what we need to close, close our gap? We can't just chase the shiny object anymore. It's, is this the right tool for, for us. Does this meet when we look at risk? Where are my highest risks? And does this close the gap on on that risk?
Uh, it's no longer just saying this is the this is the new hot, hot tool. I think we want to go get it. Or this just got acquired by this. Let's go. Let's, you know, let's jump on that bandwagon. So I think to the short answer to your question is, I think a lot more testing needs to be done.
Now, the plus side is going back to the SaaS piece, is that that can be done easier than it used to be. We're not standing up these monster servers that need to, that every system now needs to connect back into and, you know, POCs were so difficult back then and so expensive to do for everybody involved. And now with these SaaS tools, it's like, yeah, just give us access to this, set up an API connection, and we can show you within X amount of days that, that whether or not this product is going to work the way you want it to for your organization.
So I think we leverage that. We leverage the fact that POCs can be done easier than before, and we make sure we test, uh, what's, what's working for, for us. And is there a validity to what they're saying, the value that they're saying they can provide?
Evan: So you can imagine if you took like all CISOs in the world and you, and you ranked them on a scale and how bullish or bearish they are on AI, you get people all over the spectrum, right? There's some people that will say, and it's going to solve everything in cyber security, right? And this would be like, Hey, this is all marketing hype. And like, it's just all distraction from like the main stuff, right?
Like, I guess, like, love to hear your view on, you know, to the bearish people, What's an area you feel like AI can have a real, you know, a really solid impact, right? A tangible impact, right? In the, you know, the next, let's say year or so in the short term, then kind of conversely on the other side of the spectrum, what's an area where you feel like there's a lot of hype around this thing, but just like, Hey, that's just, you know, AI is not going to be a silver bullet over there.
Eric: Yeah, I think both of them are on the analytic side, right? That's what everyone looks at is what is it doing with our data? You have the bearish people that says, No, this is just, you know, it's a tool like any other tool. It's not going to make a difference. It's absolutely going to make it. I mean, we've seen that piece of it we've seen already. I wouldn't say I was been surprised by it, but we've we've seen it where on the analyst side, um, doing threat hunting and I'm saying, you know, Oh, this is so much easier now that I can do that. I can do so much more than I was doing before and I can do it so much quicker. Um, and so that's, that's here pretty much today. I think it's going to get much better in the next few years, but, but you can really start to see some value out of that today. So for any naysayers, um, I would tell them to look a little bit closer in, in some of the areas of analytics and, and what, what AI is doing there. Um, and, and certain vendors are doing it better than others, but, but it's definitely there.
Um, For the overhypers who think that it's just gonna be the CISO looking at a bunch of screens and pressing one or two buttons, we're not going to get there. In this, in the same way that I'll compare it to what AI generative AI is doing with, um, in the in the, um, journalism industry today, right? Um, yeah, it can write. It can write articles for them, but you can still kind of, there's still some things that are going on where you can tell and it's not quite the same and, and where, uh, some publications have, has shifted to so much AI, they're now pulling back on that and saying, okay, we really still need an editor here. We still need some editors to look through these, these things, make sure the facts are correct. Do do their job.
And that's how it's going to be within cybersecurity. It's going to be a force multiplier for our analysts, but you're still going to need the analysts there to, to check whether or not something, uh, is indeed bad, uh, whether or not the information that is getting in the context is giving and is all validated. And then especially if it's taking any action, right?
This idea that, that there's going to be an AI system that this just starts shutting down ports on firewalls and blocking things is, is, uh, I mean, you could go ahead and try that. I think it'll go pretty bad, pretty quickly. Um, your business will be screaming pretty quickly. So you still need that individual to take a look and say, okay, this is valid. And this is the, this is the right action that needs to be taken. Thank you AI for suggesting this action, or even maybe the top five actions. Thanks for suggesting these top five actions. I'm going to take action number three, because that's the one that works best for my business.
Mike: Yeah. And I do agree with your assessment. Um, but I do think, you know, there will be impact on the workforce. Um, where do you think that impact lies? Is it going to be shifting away some of the more mundane analysis work? Is it going to be how you profile and look for candidates? Are you looking for candidates that are more comfortable using AI? What do you think the impact is going to be as we move further into this AI fueled world?
Eric: Yeah, I think it'll have some, you know, I mentioned it's not going to eliminate analysts entirely. Will it scale down the need for the quantity of analysts like butts in seats? Sure. Uh, will it also create an entirely new, uh, piece of cyber where, you know, if you think about what, what pen testers used to need to do penetration testing was just run an SS scan, see what vulnerabilities are there. And then. You know, do A, B, and C and try to exploit, and now it's become so large, it's, it's broached into application security and all of those. AI is a piece of that as well. Uh, a pen tester who knows the right queries to write to get the data out of the, a backend AI system that it wasn't supposed to give them. Right.
If you think about it, almost like a SQL injection, right? How do, what's the input here, that gets me the output that I want, that, that the person who designed the system doesn't want me to have. How do I get that backend data? And so that's an entirely new skill set that's up and coming. Uh, that's going to create a whole new area of an enterprise security team that doesn't even exist today.
So I think total quantity of security team members will stay roughly the same. It'll just shift from the analyst seat into more of a piece of AI, you know, AI security, specific security.
Evan: So at the end of the episode, we'd like to do a bit of a lightning round, try to try to get your kind of quick takes on something. So looking for kind of like the one tweet answer. So maybe like five, five questions or so here. So maybe we'll kind of, um, end, end with that. Um, so, um, maybe Mike, do you want to kick it off for us?
Mike: Sure. So Eric, what advice do you have to us to give to a security leader who's stepping into their first CISO job? What's something they might overestimate or underestimate about the job?
Eric: You're probably going to underestimate the value of the relationships with the business. Spend time investing in those relationships right from the get go. It will make you, uh, more successful across the board in understanding what the business needs and it'll make it easier for you to roll out your security initiatives in because of your partnership with them.
Evan: What is the best way for a CISO to kind of stay connected to the business and make sure they have, you know, high quality and high frequency of, um, you know, touch points to those relationships?
Eric: Go get those touch points. I mean, we're not in o, many, many organizations aren't in offices anymore. I would say walk down the hallway, but for many of us, that's not a reality anymore. Um, but put the time, put the one-on-ones on the calendar. Uh, and, and even if you don't have anything to talk about, keep the one-on-ones.
As executives, we're so quick to go, oh, I'll take that time back on my calendar. I don't have anything pressing. Spend the time building the relationships, uh, and developing those and it will pay, it will pay dividends.
Evan: What do you believe will be true about AI's impact on cybersecurity that most people would believe to be science fiction?
Kind of looking for your kind of contrarian take on, you know, what you think the impact is going to be. I know you kind of already answered this. So, um, I'd love to hear your quick version there.
Eric: I think I did touch on it before and help it's that it's going to help us make risk based, the actual risk based decisions, um, of, Hey, what are my, what are my top risks? What do I need to be investing in? So I actually think it can help us make better business decisions. So I'm coming to less than from the technical and stopping the bad guys directly and saying, help me, uh, help me make my, my business decisions based on what you know about my threat landscape, based on what you know from threat intelligence, based on what you know from my logs, uh, and, and my business context that I've provided you, uh, tell me where I need to be looking and give me my, my top five areas that I need to be investing in going forward. And uh, hopefully that again, you can try to give us some good perspective that we might not have seen. Uh, or thought of before.
Mike: And last question. Any advice you'd share to inspire the next generation of security leaders?
Eric: I would say this is still fun for me. You know, I mentioned it was fun when I was doing incident response and forensics. A lot of people think that, okay, once you go into management, it stops being fun. It becomes just your regular desk job and you're just, uh, you're now just management. And uh, it is still fun to this day. Um, I, you still, you still get that sense of, Hey, I'm, I'm working on stopping bad guys and, and for it within my company, but then also externally, as I share information with other organizations, I'm, I'm helping the greater good, uh, by being, being a part of this, I'm a part of it in a different way, um, but still a part of it and, and the people are still great in it.
And so if, if, if you're in it, I would, I would say, uh, keep going, stay in it. It's, it's great. It's a lot of fun. It's only getting more challenging, which again, I think is a benefit. Um, and if we can support each other.
Within security, there's this sense of if I mess up, it's all on me. I think it's really important for cybersecurity leaders and just teams in general to understand that you win as a team. You take your wins as a team, you take your L's as a team. We're all in this together across the board. And I think that's a really important, uh, characteristic of the cybersecurity industry that's very, very common. And, and I love that about it.
Evan: Well, that inspires me. And Eric, I think your, um, your passionate energy and the joy you get from, you know, helping the good guys win here, um, is, is very obvious just from this conversation. So I really appreciate you making time and looking forward to chatting again soon.
Eric: Yeah, this was great. Mike, Evan, appreciate both of you.
Mike: That was Eric Brohm, Chief Information Security Officer at Wyndham Hotels and Resorts. I'm Mike Britton, the CISO of Abnormal Security.
Evan: And I'm Evan Reiser, the founder and CEO of Abnormal Security. Thanks for listening to Enterprise AI Defenders. Please be sure to subscribe, so you never miss an episode. Learn more about how AI is transforming the enterprise from top executives at enterprisesoftware.blog
This show is produced by Josh Meer. See you next time.
Hear their exclusive stories about technology innovations at scale.