Podcast: The Security Strategist

Guest: Garrett Hamilton, CEO, Reach Security, and Jay Wilson, CIO & CISO, Insurity

Host: Shubhangi Dua, Podcast Producer and B2B Tech Journalist, EM360Tech

There’s a growing disconnect at the core of enterprise cybersecurity, and most enterprise leadership teams don’t recognise it yet. With budgets increasing, tools improving more than ever, and AI quickly being integrated into both offensive and defensive strategies. 

On paper, this should be a golden era for cyber resilience. However, many enterprises feel more exposed, not less. The issue isn’t a lack of innovation, rather it’s something harder to see—and far more dangerous.

In this episode of The Security Strategist podcast, host Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech, sits down with Garrett Hamilton, CEO of Reach Security, and Reach customer, Jay Wilson, CIO & CISO at Insurity

They unpack why enterprises are still getting breached despite record security spend—and how configuration drift, AI-driven threats, and operational blind spots are quietly reshaping the future of cyber defence.

They also address the key issues enterprises are playing with in the industry today – whether what enterprises configured yesterday is still protecting them now. The reality is that it isn't safeguarding them.

“The surface area of the problem is just continuing to increase,” says Wilson. “But security teams aren’t growing at the same rate.” This mismatch is creating a new kind of exposure—one that doesn’t show up in dashboards.

Also Read: Ten Hidden Cybersecurity Misconfigurations

What Cybersecurity Enterprise Strategies are Missing?

For years, cybersecurity strategies have focused on accumulation – collecting tools, more telemetry, and more layers of defence. For instance, respondents, on average, were dealing with 35 tools at a time. But as environments grow, they become harder to manage. The issue pertains to control, not to the visibility of risk. 

“You had one product expert acting as five or six experts in one,” Hamilton explains. “That approach never scaled well.”

Today, this issue is worse. Teams inherit complex tools they can’t fully optimise or continuously validate. Over time, small changes—like exceptions, updates, and integrations—start to add up. No single change breaks the system, but together, they alter it.

Also Read: Configuration Lifecycle Management (CLM) That Reduces Complexity And Risk

Is Configuration Drift the Quiet Failure AI is Accelerating?

This shift is what insiders are increasingly referring to as configuration drift. It’s becoming one of the most overlooked risks in cybersecurity. It’s not dramatic or invisible, but it’s constant.

“If it isn’t broken, don’t touch it—that used to work,” Isurity CISO says. “Not so much anymore.” 

In a pre-AI world, misconfigurations could linger for months before being exploited. Now, that time frame has shrunk. “The adversary can find it faster than that three-month or six-month window,” Hamilton warns.

The new reality is that enterprises are no longer just defending against external threats. They are now racing to keep up with changes within their own environments. AI too is making the problem worse. For example, rapid “vibe coding” can quickly create solutions, but those solutions tend to fail without ongoing maintenance.

“It worked for two or three months,” the Reach CEO notes, alluding to customer experience pertinent to vibe coding. “Then I returned to it—and it wasn’t working as expected.”

Drift isn’t a bug but a byproduct of speed.

Where AI Offers Real Value

For the past decade, cybersecurity investments have focused heavily on detection and response. However, that model is starting to show its weaknesses. There are too many alerts, too much noise, and too many problems that shouldn’t be there in the first place.

“If you don’t emphasise the preventive side, you end up with a lot of unnecessary focus on detection and response,” Hamilton tells Dua.

The current shift is subtle but significant, with leaders now asking not just how quickly they can respond, but how many of those incidents could have been completely avoided.

This is where configuration integrity comes into play. It’s also where AI may finally offer real value—not as a substitute for analysts, but as a tool to continuously monitor, validate, and adjust security measures in real time.

Are you enjoying the content so far?

Still, both Hamilton and Wilson are wary of too much automation. “I would not use automated remediation in my production environment,” Wilson states. “What if it broke something?”

The future shouldn’t be about fully autonomous security. Instead, it should focus on awareness, controlled automation—and that’s a much more complicated challenge to tackle.

There’s a tendency in cybersecurity to chase the next big thing—AI, zero trust, platform consolidation. But this discussion points to a more fundamental issue. The biggest risk might not be what’s new but what’s actually changing quietly.

“This is the most exciting time in 16 or 17 years of being in security,” Hamilton expresses. “But it’s also moving faster than we’ve ever seen.” For CISOs and CEOs alike, speed alters the dynamics.

Building the right architecture is a part of the goal, but now cybersecurity leaders should ensure the strategies are aligned consistently at scale. This is where most enterprises are falling behind.

Key Takeaways

  1. Configuration drift is the hidden cause of modern cyber risk
  2. AI is accelerating both cyberattacks and security failures
  3. Security teams can’t keep up with expanding attack surfaces
  4. Too many cybersecurity tools are underused or misconfigured
  5. Prevention is making a comeback in cybersecurity strategy
  6. AI-driven automation must be controlled, not fully autonomous

Chapters

  • 00:00 Introduction to Cybersecurity Challenges
  • 02:52 The Role of AI in Cybersecurity
  • 05:54 Configuration Drift: The Overlooked Risk
  • 11:47 The Impact of Configuration Drift on Security
  • 17:49 The Need for Visibility in Security Infrastructure
  • 23:57 Balancing Detection and Prevention
  • 29:49 The Future of AI and Automated Remediation

To hear how leaders are tackling configuration drift, AI-driven threats, and the growing control gap, listen to the full conversation with Reach Security on EM360Tech.com

Find Reach Security’s Configuration Drift Report here. For more information, visit reach.security

Reach Security LinkedIn: Reach Security

Reach Security X: @ReachSecurity

Reach Security YouTube: @ReachSecurity

EM360Tech YouTube: @enterprisemanagement360

EM360Tech LinkedIn: @EM360Tech

EM360Tech X: @EM360Tech