Building Trusted Automation as Leaders Struggle with AI Adoption and CISOs Hire – Tim Morris – BSW #437
With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust?
Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of “machine mistakes.”
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
In the leadership and communications segment, Boards don’t need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more!
Tim is a visionary leader and an IT and cyber security expert, with decades of experience across industries. He joined Tanium after retiring from Wells Fargo, where he was an SVP and led several teams in cyber operations, engineering, and research. He holds 25 US patents and has written many articles on cyber security topics. He is also a trusted source of insights and opinions for major publications and web shows, where he shares his knowledge and passion for the field.
Tim started his IT career as a developer and sysadmin in manufacturing, then moved to banking, where was a software packaging, scripting, active directory administration, and M&A projects. He has been dedicated to cybersecurity since 2009, specializing in areas such as detection and response, systems and patch management, vulnerability assessment, web-content filtering, malware analysis, red-teaming, and digital forensics.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Matt Alderman
- Boards don’t need cyber metrics — they need risk signals
Security teams have learned to measure activity. The harder task is turning those measurements into signals directors can use to govern risk.
- Cyber Risk Explained in Business Language for Executives
Cyber risk is not an IT issue. It is a business continuity issue, a financial exposure issue, and a reputation issue. Executives do not need to understand malware code. However, they must understand how cyber risk affects revenue, operations, compliance, and shareholder trust.
- The Cybersecurity Question Most CEOs Have Never Thought to Ask
Every year, organizations spend more on cybersecurity. More tools, more platforms, more certified headcount. And every year, the breaches keep coming.
The gap between security investment and security outcomes has become one of the defining frustrations of modern business leadership. CEOs sign off on the budgets. CISOs present the dashboards. Auditors sign the compliance reports. And yet, when something goes wrong, and it does go wrong, the failure is almost never the technology.
- Why Cybersecurity Is Now a Business Strategy, Not Just IT?
Once treated as a technical safeguard buried within server rooms and firewall configurations, cybersecurity has moved into boardrooms and earnings calls — reshaped by escalating ransomware campaigns, regulatory enforcement, supply chain interdependence, and the financial reality that digital trust now underpins revenue, valuation, and operational continuity.
- It’s time to rethink CISO reporting lines
A significant majority of security leaders still report to IT — a situation rife with conflicts of interest given how AI and business risks are spurring CIO and CISO roles to separately evolve, experts say.
- Where Senior Leaders Are Struggling with AI Adoption, According to Research
As AI becomes embedded across organizations, senior leaders are facing pressures that rarely surface in public forums. Drawing on in-depth interviews and focus groups with 35 executives across global enterprises, new research uncovers what executives are tackling as they lead efforts to scale AI: continuous disruption, contested definitions of value, and emotionally divided responses to change. Not only that: They’re navigating these tensions in real time.
- Where CISOs need to hire and develop cybersecurity talent
Budgets are shrinking, but the threat landscape isn't. What kind of talent do CISOs need to keep up?
