Bushan, Again: How To Make 'No-Regrets' Cybersecurity Moves In An Angry AI Environment

He's BAAACK!

Bushan Sethi posted his talk from a presentation I attended last week in Las Vegas -- this picture might be from there, who knows. We've mentioned him before. Other than pictures of cats, Bushan seems to fill the Internet void.

The goal of his presentation was to focus us on 'no-regrets moves' in the Time of AI. These recommendations are good for cybersecurity professionals too.

I'm posting an extended quote -- his recommendations here, which are a lot less creepy than "move fast and break things":

• Think like an economist: Understand the macro and the micro - whether it's impact on AI on labor markets to challenging assumptions included in business case investments - whether they be about adoption, data architecture or investments in compute capacity.
• Think like a scientist: Use data and evidence to test hypotheses about what works in AI adoption and human-AI collaboration. Run hackathons - push the organization to generate ideas. Be comfortable with experimentation and running these tests - and pushing to create the right environment where innovation and learning from “failure” can work seamlessly.
• Think like a humanist: Never lose sight of the human experience, emotional reality, and societal implications of technological change. Who are we building this for, will they trust it, use it or sabotage it? How will be deal with those that can’t take the pace of change or need to be redeployed?

Bushan had a lot to say about creating the new organizational reality. In our experience, these thoughts speak a lot to cybersecurity personnel who may feel bombarded and overwhelmed.

First, he noted that 1 out of 5 employees -- 20% -- feel either bored or angry at work. This is not a conversation about engagement; we're talking actively angry. Remember, from a risk perspective angry employees are insider threats waiting to happen.

What can you do? Here are your "no-regrets moves" in that environment (from his Substack). Note how many of these are prime CISO skills:

1. (Re)Invest in relationships. Yes, that means you. As we've written before, one of your key CISO talents is creating relationships. What are you doing about that?

2. Shape a bolder "future of work" narrative. I'll co-opt his point here and note that this is another CISO skill: shape the organization's risk management narrative around the value of cybersecurity.

3. Contribute to reimagining the human-agentic workforce model. Cybersecurity is at the table when we discuss agentic AI...right?...and that means you...correct?

4. Build your "AI mindset." Once again, a CISO core skill. I'll reshape it around building your concept of your career around an AI partner, as well as other AI platforms that might not be your partners.

5. Influence the policy agenda. Bushan means being more like, well, Bushan -- be at the table before it happens, when it happens, and maybe after it happens. (He noted that this is not for everyone.)

6. Ideate on societal and workplace "de-polarization." Again, tough one. I'll quote at length: "You have a role in listening and engaging with others who think and act differently than you. Get out of our own echo chambers and practice inclusive leadership. Remember: people want to feel heard more than having their problems solved."

There is a bonus move not shown here: "Our clients need us to have that same confidence: the authority that comes from understanding both the data and the human reality, the capability to translate complex trends into actionable insights, and the courage to challenge conventional thinking when the situation demands it." As a cybersecurity professional, people look to you; or at the very least they expect you to step up. Have the confidence to break with convention and lean into the business space so that you are more than a tech person, you're a business partner.

Anger is your enemy. Be present.

Ask us how you can pivot without regrets to success in an AI-based cybersecurity environment.