In this episode of And Security For All, host Kim Hakim sits down with Jonathan Kimmitt, CISO at Alias Cybersecurity, to discuss one of the most important shifts happening in cybersecurity today: the move from cyber protection to cyber resilience.

While many organizations focus on deploying security tools and controls, Jonathan explains why perfect security is unrealistic and why modern organizations must instead focus on resilience — the ability to detect, respond to, and recover from cyber incidents quickly.

Drawing on real-world incident response experiences, Jonathan shares practical insights into why many organizations still struggle with security despite major investments in tools. From overlooked vulnerabilities to unused monitoring systems, the conversation highlights how visibility, preparedness, and continuous testing are critical to defending against today’s evolving cyber threats.

The discussion also explores:

• Why cybersecurity perfection is impossible • The difference between cyber protection and cyber resilience • Why many companies have security tools but don’t use them effectively • The importance of visibility, logging, and monitoring in modern security programs • How penetration testing reveals real attack surfaces • Why organizations must practice incident response and tabletop exercises • The role of business continuity and disaster recovery planning • Real-world stories of how attackers exploit small overlooked vulnerabilities

Jonathan also shares actionable advice for security leaders, including how organizations can begin building resilience today by testing assumptions, practicing response scenarios, and strengthening communication during incidents.

In an era where cyber incidents are no longer a matter of if but when, this conversation offers valuable guidance for CISOs, security teams, and business leaders looking to strengthen their cybersecurity strategy.