Cyber threats and data breaches continue to grow. Did you know that cybercrime costs the world over $10 trillion every year? That’s why security must be our number one priority.

Why is Security a Top Priority?

Because nearly every aspect of modern life depends on digital systems, and those systems are constantly under attack. Without a safe and secure digital environment, businesses and governments cannot function. Critical services can be disrupted, putting public safety and even national security at risk.

Data breaches not only break laws — they break trust, damage reputation, and destroy brand loyalty. And as we integrate artificial intelligence, the attack surface expands. AI can make cyber threats faster, smarter, and much harder to detect.

How Do Organizations Strengthen Security?

Innovate. This is what great leaders do best. They innovate. Through continuous security innovation, we can turn cybersecurity from a defensive necessity into an offensive strategic competitive advantage.

Here are important Security Innovations messages from the panel I moderated at the HMG Strategy CIO Summit in Denver in October 2025.

In my newsletters over the past six months about AI, I have provided an overview, real-world case studies, and practical take-aways to help you and your organization survive, thrive, and produce ROI.

Security Innovation Examples

	DALE DREW, CISO, 5G Dish / Echostar. We implemented a Customer Zero Program. We tell the business seeking security improvements to adopt the products we sell to our customers. We want to be the beta for what our customers use. We want to integrate value-added services from a security perspective. This approach resulted in 16 patented innovations in the 5G security space.
	EMILY CELLAR, VP of IT Security and Infrastructure, iFIT. As an educational tool, we created a deep-fake video of the CEO offering iFIT memberships for all for free. It showed the need to train the CEO and all executives on these kinds of security scams. We then talked to all employees about establishing “Code Words” at home as a family. If we have strong cyber security at home, these habits come to work.
	CRAIG BUESING, CISO, Gates Corporation. We established a phishing honeypot which takes an attacker and puts them into a sandbox with no doors. This is a deceptive system designed to attract, detect, and analyze phishing attacks. The idea is not to trap attackers legally, but to observe and study their tactics. Gates has the goal to make this honeypot shareable and free to the community.
	ANDREW BLACKMON, CIO, United Launch Alliance. We are working to improve capabilities across all seven areas of the “cyber kill chain.” That chain describes the stages of a cyberattack from initial reconnaissance to achieving the attacker’s ultimate goal. We strive to move away from niche products that work independently to a suite of products that work collaboratively and use intelligence to dynamically respond to threat actors in the environment.

How AI is helping Cybersecurity

	DALE DREW. We are bullish on AI. In addition to using third-party LLMs (large language models), we are developing our own with Claude and Anthropic. We are taking threat data from vendors and our firm. We use the right prompt to compare the threat data with our security framework and analyze it daily. This gives our vulnerability team direction on where to prioritize our defenses. We added maturity to our controls by implementing a maturity feedback loop. We added a prompt to start analyzing all the tools the bad guys were using over time, and to predict what the next evolution would be. The training has become so good that we can learn what to expect in one month and what to expect in six months.
	EMILY CELLAR. We are creating the needed AI infrastructure by building it in-house. Our cloud spend was going up so much that we are bringing processing back on-premises.
	CRAIG BUESING. We are building out our own LLM as well. Attackers are using AI. We must also use AI and knock down the noise.
	THERESA. My own research includes talking to a CISO from a large energy company. They are using AI to do Cyber Ticket Enrichment in parallel for 1000s of tickets per day. This AI approach is better than manually having many offshore people doing a fraction of the enrichment. The result is better security in less time at a lower cost with more satisfied employees.

How to Build a Security Innovation Culture

	Have an appreciation for the need to steward the company’s data. This means IT and the entire organization. Security is everyone’s job.
	Introduce new tools. People like to learn how to use them.
	Give people room to be creative.
	Discern Innovation as a core value of the organization. Include it in your vision and mission statements. Establish innovation related goals. Hire innovative people. Track the impact of innovation and measure the results. Learn more from Theresa’s article, Six Steps to a More Innovative Government.

Summary

	Innovation is critical to proactively pivot yourself and be able to forecast the future. (DREW)
	Give your team the space to be creative. (CELLAR)
	Security engineers are nerds. Let them play. (BUESING)
	Know why you are doing things. It’s to deliver for the customer. Think that the bad actors want your data. (BLACKMON)
	Strive to create a security innovation culture. (THERESA)

News to Better Help You

I consult with organizations to help them innovate and successfully implement AI. I just completed the “AI in 5” certificate from the GenAI.Academy hosted by Professor Tom Yeh, Larissa Schwartz, and Sam Cummings through the University of Colorado.

See the complete newsletter.